I saw your post. I was super fucking careful because of it. Like I said, knowledge and experience I get here is awesome.
Yeah, 99 times out of 100 it has zero impact. That one time it fucks everything up. Luckily nothing else went with it. But new motherboard means an updated CPU slot standard, which means a new CPU, which requires upgraded cooling and then also means updated memory. Can you tell I'm still bitter?
Question: how difficult would it be for the government to put an end to spoofing phone numbers for scam calls? I maintain it would be nearly impossible, other people think if they wanted to they could.
The default phone/text routing protocol has no concept of verified source address. For the government, it wouldn't be hard, as they just have to mandate it to the telcos. For the telcos? It would be a fucking PITA and super expensive, so they lobby the fuck out of not having to do it.
I've always said that if a candidate ran on ending spam calls/text/emails, they'd win in a landslide.
This is actually already being worked on: https://www.fcc.gov/TRACEDAct I think there are some nuances here. Nett is (naturally) correct that the best implementation is an authenticated identity for phone numbers. This would be pretty easy for cell phones but harder for non-cell activity, and would require updates to the underlying protocols - which requires some kind of working group to decide on the protocol. It would cost a fair bit of money and time, but it's conceptually/technically a pretty simple thing. Email actually had much the same problem for a long time. For a long time, you could send an email sourced as any address you wanted and basically the only check was whether the party transmitting your message cared enough to validate anything. Over time, additional checks have been implemented and now it's not that easy to do anymore. But they don't really have to go that far. The internal telcos are capable of validating their own caller IDs (e.g. Verizon can definitely implement checks to make sure Verizon customers aren't spoofing caller ID), and they won't have to agree with anyone else on the method they use to do it. So it really can be turned into a matter of, "we don't care how you do this, but you have to do something, and if you can't handle it we're going to fine you and/or throw you out of the party."
One of the big problems is international calling. Big telcos in India, for example, connect to North American systems via a few specific integration points, and there is no requirement for them to do such verification for their individual users/callers, there’s only the NA telco trust relationship with that Indian telco’s integration point. It’s not like NA will block India telcos if they don’t do it.
Yup, but on the other hand the there's no need to permit international telcos to transmit domestic caller ID numbers. None of this is perfect but there's a fair gap between "we accept whatever the source says" and "we apply some basic rules to prevent widespread fraud." Certainly nobody is saying the the FCC has jurisdiction over foreign providers, but the FCC can say we have a vested interest in protecting US citizens so our telcos must take basic steps. There's a fair amount of this in the public internet routing tables. You trust regions to handle their own internal routing even if it's wrong, but filter the inter-provider tables so that the providers can't mess with each other too much.
Yep. It is solveable to a reasonable level but telcos won’t spend money unless forced. Number portability is a prime example of that. It’ll be interesting to see how well it works when it hits.