There's two different but both problematic things here:
- Really poorly written spam detection.
- Failure to notify customers/no remediation procedure.
No doubt people will bring up "but then the spammers will know!!" Or similar, but honestly spammers are already limited by the cost of buying SIM cards ($5/ea), and I feel like customers being negatively impacted outweighs the minor benefit to spam-fighting (particularly when spammers could buy a single second number and detect this 100% of the time anyway).
Plus I'd be pretty upset if I was a customer paying for service, and I lost access to a part of that service for 10 days because I sent the word "butt" in a conversation. I'd feel particularly irritated if I wasn't told that my messages weren't delivered, and vital ones were just going into a void.
For SaaS like Strava or something, I'm agnostic whether the notice should come before the shut-off alleging a TOS violation. For cellular service though, SMS is integral to life. 911 even accepts SMS. Imagine T-Mobile silently dropping 911 SMS communications because someone texted the wrong word? Which isn't even in the TOS?
This is like dangling chum in the water, waiting for a big shark to chomp your leg, T-Mobile and whatever individual engineer came up with this.
Bulk SMS spam would most likely come from someone with direct signalling access and not from individual SIM cards which would be trivial to detect and block by the operator.
PayPal has a similar problem. They do really loose string matching on the OFAC list[1], for any data, in any payment field...even a comment. Match a magic string in a comment, and your PayPal account gets locked down in a way that's very hard to undo.
Yeah this was a big thing back in the heyday of CSGO skin trading. Putting the word "damascus" into a transaction comment would get your account locked.
I was thinking the exact same thing. I need to convince a few family members to ditch SMS... unfortunately some businesses (like apartment buildings) still use SMS to communicate, so it’ll probably be a while before we fully move away from this medium.
T-mobile is a joke. I lost my @simon Twitter account [0] because of T-mobile's and Twitter's utter incompetence, and it took me more than 3 months to regain control of it.
The way the attacker gained control of my phone number should have never been possible. I'm still a customer, why? Because there's no better alternative in the US, although I'm pondering Google Fi at the moment. Thoughts?
If you don't mind losing your phone number forever, Google Fi is a great option!
If Google Pay suspects fraud, it locks your account. Google Fi isn't paid for. Google locks your phone number from being ported out forever. Empowered human support wouldn't be Googley, so it's usually locked out forever.
T-Mobile isn't very competent, but at least, they provide humans who can fix things, eventually, once they figure out what they're doing.
It's just a single phone, but google fi has worked pretty well for my use case. I was impressed how well it worked when I went on vacation to Canada last year. If you don't need to have a half-dozen devices on one account there's really very little that gets you as much bang for your buck - unless I'm really burning through data my bill is usually $30/month.
I ran into this a few months ago when texting the phrase "work from home" it was really strange. We rationalized it with the spam / phishing thought process, but it still seems wrong for the carriers to block messages so poorly.
It makes me wonder if I really want them filtering 'spam' calls.
I don't see "cunt" or any similar string anywhere in the string "belly". As mentioned at TFA, this is more likely some sort of naive Bayes filtering since "belly" is often seen in "lose belly fat fast!" etc.
T-Mobile has also not been approving new short codes on their network since earlier this year. Frustrating for folks trying to execute legit SMS comms.
Use case(s)? I’ve have success working with financial services firms moving their comms from short code to push notifications in app. Always curious who is still using bulk SMS and for what.
I’ve been developing SMS chatbots and using my T-Mobile phone for testing. They will also drop messages that contain URLs, although the rules for which TLDs are allowed are hard to reverse engineer, much less rationalize. Last I remember, .club URLs are blocked, .com is allowed, and bit.ly is allowed.
I recently ran into this sort of filtering when trying to share an AI Dungeon .link URL with a friend. It's kind of crazy that entire TLDs are blocked without any indication or warning.
Verizon also blocks messages based on the urls they contain. Not sure about specific TLDs, but surely whole domains. Discovered this by running a service that sends a lot of messages through Twilio. Not sure if you would ever be notified of the block when sending from your phone.
In my opinion is not really to block spam, but instead to push message senders to buy the carrier's more expensive shortcode option.
Charge people not in your contact list 10 cents to message you. 5 cents goes to you and 5 cents to the carrier. Problem solved. I would love this for messages and phone calls (and emails while we are at it).
[+] [-] Someone1234|5 years ago|reply
- Really poorly written spam detection.
- Failure to notify customers/no remediation procedure.
No doubt people will bring up "but then the spammers will know!!" Or similar, but honestly spammers are already limited by the cost of buying SIM cards ($5/ea), and I feel like customers being negatively impacted outweighs the minor benefit to spam-fighting (particularly when spammers could buy a single second number and detect this 100% of the time anyway).
Plus I'd be pretty upset if I was a customer paying for service, and I lost access to a part of that service for 10 days because I sent the word "butt" in a conversation. I'd feel particularly irritated if I wasn't told that my messages weren't delivered, and vital ones were just going into a void.
[+] [-] drtillberg|5 years ago|reply
This is like dangling chum in the water, waiting for a big shark to chomp your leg, T-Mobile and whatever individual engineer came up with this.
[+] [-] makethetick|5 years ago|reply
[+] [-] tyingq|5 years ago|reply
[1] https://www.treasury.gov/resource-center/sanctions/sdn-list/...
[+] [-] vultour|5 years ago|reply
[+] [-] andybak|5 years ago|reply
[+] [-] WrtCdEvrydy|5 years ago|reply
Good luck if someone sends you a payment for 'Cuban food' or 'Iranian Weapons of Mass Destruction'
[+] [-] Hippocrates|5 years ago|reply
[+] [-] gallego2007|5 years ago|reply
[+] [-] simonebrunozzi|5 years ago|reply
The way the attacker gained control of my phone number should have never been possible. I'm still a customer, why? Because there's no better alternative in the US, although I'm pondering Google Fi at the moment. Thoughts?
[0]: https://medium.com/@simon/mobile-twitter-hacked-please-help-...
[+] [-] woofie11|5 years ago|reply
If Google Pay suspects fraud, it locks your account. Google Fi isn't paid for. Google locks your phone number from being ported out forever. Empowered human support wouldn't be Googley, so it's usually locked out forever.
T-Mobile isn't very competent, but at least, they provide humans who can fix things, eventually, once they figure out what they're doing.
[+] [-] organman91|5 years ago|reply
[+] [-] timeinput|5 years ago|reply
It makes me wonder if I really want them filtering 'spam' calls.
tinfoil hat maybe that's their end game!
[+] [-] dzhiurgis|5 years ago|reply
[+] [-] jasode|5 years ago|reply
https://en.wikipedia.org/wiki/Scunthorpe_problem
[+] [-] jessaustin|5 years ago|reply
[+] [-] chevman|5 years ago|reply
[+] [-] toomuchtodo|5 years ago|reply
[+] [-] zachrose|5 years ago|reply
[+] [-] foob|5 years ago|reply
[+] [-] ta1234567890|5 years ago|reply
In my opinion is not really to block spam, but instead to push message senders to buy the carrier's more expensive shortcode option.
[+] [-] dogma1138|5 years ago|reply
[+] [-] Scoundreller|5 years ago|reply
[+] [-] lgats|5 years ago|reply
[+] [-] dredmorbius|5 years ago|reply
[+] [-] speedgoose|5 years ago|reply
[+] [-] wdr1|5 years ago|reply
[+] [-] njarboe|5 years ago|reply
[+] [-] loeg|5 years ago|reply
[deleted]
[+] [-] TheAdamAndChe|5 years ago|reply