afo's comments

Is it always from the same number? I bet we (Nomorobo) have some recordings that I can dig up.

Got a number that they’re calling from? I can check our (Nomorobo) database and see if there’s anything coming through.

This is the case of the arsonist that just burned down your house, matches in hand, saying, "Clearly, you need a better fire department."

Nomorobo founder here. I'm the "robocall guy" that everyone quotes in the news.

Instead of just popping my head into every comment, I wanted to give some insight into what's actually happening out there.

Background: I won the FTC Robocall Challenge back in 2013. I turned my prototype/idea into Nomorobo, which is the leading robocall blocker out there. In 4 years, we've stopped over 630 million robocalls from reaching people.

I'll actually be testifying at next week's House subcommittee hearing on robocalls.

# Not picking up unknown numbers

Unfortunately, this is what people think is the best solution. Even the government gives this advice. #1 is to use a robocall blocker and #2 is to not answer numbers that you don't recognize.

That frustrates me to no end. That's not a good answer.

"Doctor, it hurts when I do 'this'. Then don't do 'that'."

I really get worried when people say they turn on Do Not Disturb. What if there's an emergency? You have no idea who needs to call you.

This is especially important for people with kids. Is it a school? Is it a neighbor?

This is an actual story that happened to me - no BS.

My Uncle wound up in the hospital last month. Ambulance had to come pick him up off the bathroom floor and everything. No one in the family knew it was happening.

I got a call from a number that I didn't recognize but, since I trust Nomorobo, I answered it. It was my Uncle telling me what happened, what hospital he was in, etc.

Damn good thing that I answered that call.

But the fun doesn't stop there.

A few hours later, I go over to his house to pick up a bunch of his stuff and bring it over to the hospital for him. While I'm getting things together, his old flip-style cell phone starts ringing. I figure it's one of his friends that's worried about him.

I answer it.

"Congratulations! You've won a free cruise."

# Neighbor Spoofing

Yep - if the number shown is close to yours and it's not in your contacts, it's probably a robocaller. But spoofing is the norm with robocall scams.

Our algorithm detects over 1300 new robocalling numbers every day and they're basically all spoofed.

Whatever number is shown usually can't be called back. It usually doesn't belong to the actual robocaller. And they usually try to make the call take a confusing journey through "the tubes" that's impossible to trace back.

Neighbor spoofing is really hard for carriers to stop because a lot of people have sequential numbers and they don't want to accidentally block good calls.

It's especially confusing when people don't understand what's going on and they call back the unknown number:

Person A: Why did you call me? Person B: I didn't call you. Why are you calling me? Person A: Because you called me. Person B: No, I didn't. Person A: Yes, you did. Person B: Leave me alone, crazy person. [blocked]

But, as an app on your phone, it's really easy for us to stop.

If you give us permission to look at your contact list (they never leave your phone and are never stored by us), then we can fully block all neighbor spoofed calls. If you don't give us that permission, we simply identify them as "Robocaller" whenever they call.

# Wasting their time

Don't waste YOUR time. It will not help. You are trying to warm up the ocean by pissing into it.

The scale that these automated callers work at is unbelievable.

According to our stats, 40% of all calls in the US are spam robocalls.

Someone mentioned Jolly Roger Telco. We worked with them this holiday season to make www.DoNotCallChristmas.com. It was fun and it makes people feel good but that's about the only impact it has on the problem.

# So...why don't the carriers just make the calls stop?

There are a lot of tech people here on HN. You know TFW someone says to you, "Oh, that's easy - you just hook up a database to a web page, right?"

"And put some that blockchains in there while you're at it."

Well, it's the same way with the phone system. It's not as easy as it looks.

The phone system has a birth defect. Call it one of the worst cases of technical debt, ever.

When it was first created, it was a closed, trusted system (with AT&T running the whole shebang). No one could imagine a situation where someone would lie about the caller ID so they didn't require it to be verified.

But then the system changed. Deregulation. The rise of VoIP. Interconnectivity.

Whoops. Toothpaste is out of the tube. It's tough to put it back in.

So, yes, secure and verified caller ID systems are being worked on (STIR/SHAKEN) but it's years off.

Will it reduce voice spam? Of course. But, this problem will NEVER go away.

People still get ripped off every day by thinking that the Nigerian Price is going to make them rich.

# What about the Do Not Call list?

The laws that govern automated calling were written back in the early 90's.

I was using a 14.4k baud modem and connecting to BBSes at that time. The internet as we know it didn't exist. People were still paying by-the-minute for long distance phone service. Then technology rocketed past regulations.

Today, the Do Not Call list is virtually useless against modern robocalling scammers.

At the House subcommittee hearing next week, I'm actually going to advocate that the government scrap all the existing laws and rewrite them with a simple, plain thought:

High frequency, automated phone soliciting should be opt-IN, not opt-out.

You must have the express written permission of the person that you are calling. Period. Full stop.

It doesn't matter if your number is on the Do Not Call Registry or not. It doesn't matter if you're calling a landline or a cell phone. It doesn't matter if it's a business or a residential line.

Got permission? OK. Don't have permission? Nope.

Note: If you're sending a purely informational message, this doesn't apply. I'm only talking about commercial solicitations here. Think of it like preventing modern day door-to-door salespeople. Ride hailing notification, doctor's office reminders, schools closing, etc. just aren't the same type of thing.

# Closing thoughts

So, in 2018, the best way to stop these types of scams is by using a robocall blocker. I'm highly biased here but I think Nomorobo is the best one out there. We understand the problem and the solution better than anyone else. It's completely free on landlines and has a 14-day free trial on mobile. On top of all that, we're extremely privacy friendly.

And, while I never blame the victims, there is a bit of a shared responsibility that we all have here. The more people that use robocall blocking technology, the less effective these scams will be. The less effective they are, the less of them there will be. It's a virtuous cycle.

Let me know if there's anything else that you'd like to dig into. I'm all ears.

Thanks for catching that one. It's been fixed now.

We (Nomorobo) worked with Jolly Roger this holiday season and built SantaBots. Check out all the recordings at www.DoNotCallChristmas.com

We don’t have enough data to protect Canada yet but we’re working on it. Do you get robocalls from US area codes too?

Good catch. I think I know what’s going on and what needs to get fixed. Thanks!

Right now, we only grab one recording per phone number so that's the date that we recorded it.

But, the response to our sampling system has been really strong so we're expanding that to grab one recording per day per number. That way you can also go back in time and see the different scams that have been sent from the same number.

We're also building some deeper analytics so that you can see call volume by robocaller and graphs that show the changes over time.

The spammers rotate through new numbers every few hours. We're actually adding 1,300 new numbers per day and the full blacklist is over 700k entries.

As for getting connected to the phone system - Yeah, they have to jump on the phone network somewhere and, in theory, the best way to stop these guys would be to at the ingress point.

The problem is that the phone system is built for interconnection. Even just one bad actor letting the traffic on spoils the system. Layer on top of that the way the network routes calls through multiple hops through multiple carriers and tracking the calls back to the source is nearly impossible. Throw in common carrier regulations (you can't just willy nilly block calls coming over the network) and it amps up even more. Finally, allow all this to be done for fractions of pennies and you get the perfect storm for robocalls.

As for the neighbor spoofed calls, make sure that you enter your phone number in Nomorobo so that we can make sure we protect the correct number block ([Area Code]-[Exchange]-[0000-9999]). In our initial release, we were only able to identify these calls but not block them. It had to do with blocking calls from families with sequential phone numbers. But, in our last release, if you give the app contact access, we can now scrub those numbers and fully block the neighbor spoofed calls.

It's been a bit of a balancing act between being privacy conscious (not needing your email/phone number/invasive contact access) and getting the job done. The balance that we've struck is this - you don't have to give us any of that and you'll get really good protection. But, if you try out the service and start to trust us more, we can do an even better job.

And finally, yes - it's going to take a lot of effort to tackle this problem. While Nomorobo isn't perfect - admittedly, the sim ring landline version is just a crazy hack that the carriers can't stop - the past 4 years have seen some great progress in the fight.

As more and more people become aware of robocall blockers and we show that it's actually a very safe way to protect people, only then will the larger industry come along (kicking and screaming the entire way).

Actually, First Orion/PrivacyStar powers the T-Mobile spam product. Samsung does partner with Hiya, though.

Yeah, those guys are great. I run into them at security conferences all the time. Their tech is mainly aimed at the financial sector to make sure the person calling in is who they say they are.

In our case, we don't/can't analyze the audio stream of consumer calls. We can only work with the meta data of the call.

Our algo comes down pretty hard and fast on calls that come into our honeypot. These numbers have been out of service for years and no one should be calling them. Since these phone lines belong to us, we can do anything we want with them - there's no privacy concerns like there would be with consumer calls.

We answer, record, transcribe, analyze, and classify almost 10k calls per hour coming into our honeypot. Check out https://www.nomorobo.com/lookup. There's been a ton of health insurance scams running this week but the scam du jour changes every day.

When we analyze the call data coming into consumer lines, we have to be a little less aggressive so that we don't accidentally block schools, police, doctors, pharmacies.

The only thing left for humans is to help correct the decisions the algo makes. Sometimes it misses robocalls and sometimes it stops things it shouldn't. People just report them through our app and website.

For historic analysis, we also ingest the FTC & FCC robocall complaint data sources. But it's not really a great data source for the real-time detection algo - It's just too slow to be actionable.

You really have to be detecting robocalls at the moment they come in to have a successful blocking product.

Founder of Nomorobo here. We put a stop to all of those annoying robocalls, telemarketers, and spam/scam calls and texts. It's about the only thing that works nowadays.

It's not your imagination - these types of calls are out of control. According to our data, 40% of all calls made in the US are illegal, unwanted spam/scam robocalls. And those "neighbor" spoofed calls (same area code and extension) are especially prevalent now. Beginning last summer, they started to account for ~20% of all robocalls. Before that they were only about 2% of all robocall volume.

The Do Not Call list is almost completely ineffective against these types of calls. It was created 15+ years ago to stop legitimate companies from telemarketing. But today's robocallers are criminals that don't really care about the law. They have one goal - scam people and take their money.

Manually blocking calls will also get you nowhere. And please, for the love of god, don't press a number to get on their alleged "do-not-call" list. That will guarantee that you will get even more robocalls - they know you're a live number now.

On the technical side, our landline service (free) is powered by Twilio and our mobile product is available in both app stores (14 day free trial, $2 bucks a month after that). We're a PHP/Laravel shop and our team is completely remote.

To do the actual detection, our algorithm analyzes over 70M calls per month and adds over 1,300 new numbers to the blacklist every day. We built the world's largest commercial telephony honeypot (300k+ lines) and can detect new attacks within minutes of them starting (even with spoofed numbers). Just last month, Nomorobo stopped over 27 million from reaching people's phones.

I'm happy to answer any other questions that you have about robocalls. I'm kind of the "robocall guy". I won the FTC Robocall challenge back in 2013 and grew Nomorobo to be the leading robocall blocker on the market. I've even testified in front of the US Senate about the robocall epidemic.