A Call to Action: Stop the FCC's KYC Regime

Posted by FergusArgyll 4 days ago

Counter332Comment233OpenOriginal

Comments

Comment by dec0dedab0de 4 days ago

We really just need telcos to stop allowing caller id spoofing. Doesn’t even need your name, but with a real number we could actually report these scams.

You can still allow people to hide it, but then by default every non-business phone should block calls with hidden numbers.

Comment by smallmancontrov 4 days ago

What ever happened to SHAKEN/STIR? I thought this was supposed to happen 5 years ago. Did they just chicken out on the prospect of actually shutting down telcos sending spam volume? I still get loads of spam phone calls, so clearly something went wrong (or slow enough to be indistinguishable from wrong).

Comment by Rendello 4 days ago

I love a good tortured acronym:

> SHAKEN system, short for Signature-based Handling of Asserted information using toKENs [...]

> The name was inspired by Ian Fleming's character James Bond, who famously prefers his martinis "shaken, not stirred". STIR having existed already, the creators of SHAKEN "tortured the English language until [they] came up with an acronym."

https://en.wikipedia.org/wiki/STIR/SHAKEN

(Unrelatedly, seeing a slash used casually within the URL slug feels so wrong)

Comment by idiotsecant 4 days ago

I like backronyms because it tells me someone with a soul was involved

Comment by Rendello 4 days ago

LLMs are really good at making backronyms, in fact it might be one of the things they're best at. Try prompting any soulless overlord with "give me a backronym for <WORD> that relates to <SUBJECT>".

So maybe it's bad backronyms that demonstrate the soul. I don't know who's idea it was to allow a computer to generate whimsy, that should be interdicted by a fourth law of robotics.

Comment by idiotsecant 4 days ago

Agreed. Aggressively whimsical chatbots should be in the Geneva convention somewhere.

Comment by ranger_danger 3 days ago

You agree that LLMs are good at making backronyms yet they still make you feel like a human was involved?

Comment by criddell 4 days ago

I'm not certain, but I think on my phone incoming calls that fail SHAKEN/STIR show the caller id in red rather than black text. I'm on T-Mobile. It also shows "Number Verified" or something like that.

Comment by smallmancontrov 4 days ago

Now that you mention it, I believe I have seen a couple of red flagged calls, but I still get ~3 calls a day from a very aggressive business loan spammer, it's always a new number and never flagged.

Comment by 9cb14c1ec0 4 days ago

That's because they are bulk purchasing numbers from voip providers, cycling through probably hundreds per day.

Comment by derefr 4 days ago

Do they actually need to purchase numbers to do that, though?

I always imagined that there are certain shady providers ("grey-market Twilio" sort of idea) that just let you run single outbound call/text requests through a giant pool of numbers shared with other customers of the service. Perhaps specifically a bank of residential numbers plugged into banks of regular cell phones, like a residential IP proxy service provider.

Comment by bityard 4 days ago

Somebody at some point is purchasing them, probably not the spammers/scammers themselves.

It's very unlikely anybody is placing spam/scam calls with regular cell phones when VoIP numbers are easy and cheap to get, and when VoIP systems are far easier to manage.

Comment by tmp10423288442 4 days ago

You would think that someone is getting real cell phone numbers, for the same reason scammers value residential IPs rather than data center IPs.

Comment by donaldjbiden 4 days ago

[dead]

Comment by DrewADesign 4 days ago

Anybody desperate enough to consider telemarketed merchant cash advances (MCAs) should look into them very carefully first. The contracts often have stipulations that allow them to draw money from your bank account at will, penalty interest rates that jump up 400% APR, have been known to use mafia enforcers to violently extract payments, and the list goes on. There was a more perfect union video (titled something about texting back a loan shark) with a bracing, if sensationalized, look at some of the worst ones.

Comment by DrewADesign 3 days ago

Hmmm… I wonder if the no-response downvotes are from people in the MCA business? Hmmmmmmmmmmmmmmm…

Comment by inigyou 4 days ago

According to a defcon talk, spammers just make sure all their spam gets routed through legacy TDM systems which discard the shaken/stir header because they're too old to support it. The other side then re-adds a "we got this from somewhere that didn't support this header" header.

Comment by coldpie 4 days ago

> legacy TDM systems

Easy fix. It should be opt-in to accept a call that is routed through one of these. I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962 can call her son in New York, but for the rest of us who are not in that situation, we can just blacklist all those calls and lose nothing. This would even fix spam for the people who opt-in, because so few people have grandmas in rural France that it's not worth it for the spammers to bother anymore.

Comment by simoncion 4 days ago

> Easy fix. It should be opt-in to accept a call that is routed through one of these.

Easier (and correct) fix: Telecoms operators should not be permitted to provide transit to a call that's routed through one of these.

> I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962...

This doesn't make sense. Even my inexpensive Mikrotik switches can augment packets with the ID of the port that they originated from. I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same. The fact that that grandma can send and receive calls tells you that both that that equipment exists and that it knows what port her phone is connected to.

Comment by mschuster91 4 days ago

> I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same.

The example should rather have been some telecom carrier in Africa or India. Telco equipment is expensive, the technology is ridiculously complex and getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible. Think about it, the globally connected phone system includes countries where you get 10 GBit/s symmetric fiber in your home and it includes countries where people don't even have running water because they're so poor.

The fact that we in Western countries can have a realtime conversation with someone in the Saharan desert or in an Indian village that requires days worth of travel [1] is nothing short of a miracle.

[1] https://www.aljazeera.com/gallery/2024/5/8/an-election-booth...

Comment by simoncion 4 days ago

> Telco equipment is expensive...

Sure, agreed.

> ...the technology is ridiculously complex...

Odd. I could have sworn that Caller ID, Customer-initiated Dialback, "Tell me the number of my most recent caller", and "Keep calling this number for the next half hour, and ring me if the call is answered" were features that were available on the POTS since the early 1990s. I agree that the tech's complex, but the R&D for the stuff I'm talking about has been over and done with for at least thirty five years. There are adult HN users who have never lived in a world without this stuff.

> ...getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible.

I don't see how that's the problem of "The West"? If it's actually a problem, instruct "Western" telecoms to send a couple-hundred-million dollars in last-gen equipment, along with the techs required to install it and let them declare its original purchase price and the full cost of the manpower as a tax credit.

> ...is nothing short of a miracle.

If we ignore the existence of long-range radio, and if this were prior to 1965 or -at latest- 1970, I might agree. But, like, we've had satellite telecommunications for nearly sixty years, terrestrial microwave transceivers for a couple of decades longer, and short- and long-wave transceivers for far, far longer than either.

Additionally... I don't know if you've noticed, but it's not uncommon to have a satellite phone in your pocket these days.

Comment by mschuster91 4 days ago

> I agree that the tech's complex, but the R&D for the stuff I'm talking about has been over and done with for at least thirty five years.

Sure, but now have a look at the infrastructure that's physically deployed. Hell in Germany (!), it took until 2020 to finally disable the old and truly horribly aged ISDN infrastructure. When it takes the third-richest nation by GDP that long to replace technology, I am not going to demand better from nations that are a few dozen places below us on the economy rankings.

> I don't see how that's the problem of "The West"? If it's actually a problem, instruct "Western" telecoms to send a couple-hundred-million dollars in last-gen equipment, along with the techs required to install it and let them declare its original purchase price and the full cost of the manpower as a tax credit.

Yeah good luck with getting that past our populations that, no matter if we're talking about the US or Europe, have been riled up by the local far-right and Russia that foreign aid is a bad thing and "national wealth should stay in the nation" (with the end result of course being that Russia has swooped in to replace our foreign aid, and that's why we see so many putsches in Africa).

> But, like, we've had satellite telecommunications for nearly sixty years, terrestrial microwave transceivers for a couple of decades longer, and short- and long-wave transceivers for far, far longer than either.

Sure! But the fact remains that it took a lot of effort to get telephones and their infrastructure deployed effectively worldwide.

> Additionally... I don't know if you've noticed, but it's not uncommon to have a satellite phone in your pocket these days.

In developed economies, sure. But in countries where the iPhone models capable of that (or an outright Starlink terminal) can cost a full year's wages? In South Sudan, the yearly corrected purchase power is about 716 $ per person and year [1].

[1] https://gfmag.com/data/economic-data/poorest-country-in-the-...

Comment by simoncion 3 days ago

> When it takes the third-richest nation by GDP that long to replace technology, I am not going to demand better from nations that are a few dozen places below us on the economy rankings.

It's odd that you talk about "demanding" nations to foot the bill for upgrades even though I talk about paying "Western" telcos to give it to them, install it, and teach them how to use and maintain it for free. You even quote this plan in your next paragraph. Smells like you have an axe to grind or something.

> Yeah good luck with getting that past our populations that...

Oh boy. Hun, the "expense" is gonna be less than a couple billion dollars, and it's not even going to be an appropriation. Unless some politician wants to use it to score points, literally noone in the public will notice.

> But in countries where the iPhone models capable of that (or an outright Starlink terminal) can cost a full year's wages?

Mmm, tell me what the BOM is for the satellite communications package on the phones that I'm talking about. I bet that not only do you have no clue, you're also largely unaware of the state of radio telecommunications in many of the nations in Africa. As a bonus inquiry, do tell me how many of the people who can't afford to buy the cheapest-available satellite phone are running scam/spam phone call operations in those countries. I bet that number is very close to zero. ;)

Do remember that TFA that started all of this conversation discussed the FCC's plans to require government-issued ID in order to get access to the phone network. This is being presented as the "only way" to "solve" spam and scam calls, but even a moment's thought makes it plain that not only is it not the only way, [0] it will be completely unable to achieve the stated goal.

[0] ...tax credits and their equivalents move businesses to solve every problem that can be solved, after all...

Comment by coldpie 2 days ago

Your points would come across a lot better if you turned the sarcasm & condescension in your tone down like 15 notches. You're being bizarrely rude & aggressive for a conversation about telcom tech.

Comment by 9cb14c1ec0 4 days ago

> I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same

Mikrotik is a young spring chick compared to the dinosaurs in telecom.

Comment by simoncion 4 days ago

The simplest phone you can attach to any POTS line in the US is the touch-tone phone. [0] It's a microphone, speaker, ringer, switch, and a DTMF tone generator. The most complicated part of this device by far is the tone generator. The line it's attached to provides the power for all of the electronics/electromechanics inside the phone... and is also responsible for activating the phone's ringer and "knowing" the status of the "on hook" switch. The most basic phone models have no memory or logic inside them of any kind.

Given these restrictions, how does one ensure that one can activate the ringer of a single phone (and connect its speaker and mic to that of the caller, and noone else) in a world where all of the human operators were replaced by electromechanical ones, which were then replaced by fully computerized ones? Once one has figured that out, how does one ensure accurate and correct determination of the calling parties, the transit networks, and the duration of the call? One needs to recover your costs, and one uses usage-based billing to do so. [1]

In order to do those things, mightn't the system that that phone is connected to have to have all of the information about the callers, the systems the call flows through, the duration of the call, etc, etc, etc?

[0] Rotary phones are even simpler than touch-tone phones because they replace the tone generator with an elecromechanical gizmo that bangs on the line when it's rotated. Because I vaguely remember hearing that some phone networks were phasing out support for rotary phones, I'm assuming that you're not guaranteed to be able to attach one and have it function.

[1] I'll only briefly mention POTS features from ~35 years ago such as "Caller ID", "Read to me out loud the phone number of my most recent caller", and "Keep calling this number for the next half hour and ring me if they pick up", which had to (and did) work with these dumb-as-bricks phones.

Comment by inigyou 4 days ago

It is opt/in. There's three categories (according to that defcon talk): call originates from the number it says it does, call originates from our network but we're not sure about the number, and call came to us unverified (only allowed by regulation on legacy links).

Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should. The government would have to make them do it and they'll pretend upgrading is super expensive.

Comment by coldpie 4 days ago

> call originates from our network but we're not sure about the number, and call came to us unverified

I'm saying these two categories should be denied by default by my telecom provider, and the user must opt-in to receiving them.

> Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should.

Those operators are not my concern, they can do whatever they want. I want my telecom provider to block unknown/unverified calls by default. I have no reason to ever receive a call from an unverified source. Some people might, because they have business or relatives or whatever in such a region, and they can opt-in to receiving them if so.

Comment by inigyou 4 days ago

If your telecom provider stopped carrying unverified calls you'd cancel your service because you'd miss a lot of important calls. If the government required it for all calls though...

Comment by coldpie 4 days ago

> you'd miss a lot of important calls

Like what? Who is both a legitimate caller and also trying to call me through one of these unverified legacy services? If their calls stopped going through to a huge chunk of their customers (this is one of the reasons receiving unvalidated calls should be opt in, not opt out), why wouldn't they switch to a verified service?

Comment by inigyou 2 days ago

Your bank is calling you from a verified network, unverified number, because it's one of their employee's phones but they want the caller ID to be from the main switchboard, and they didn't bother to do the extra work with their telecom to make this verify as a correct number.

Comment by briffle 1 day ago

and when they can't get lots of "we don't accept unverified calls" messages, they will fix the problem.

Comment by jrockway 4 days ago

Sure, but why do I care? Let them run the legacy links. Just don't make my phone ring.

Comment by calvinmorrison 4 days ago

I am, more in tune with "just get it over with" than ever. Ipv6? 25 years of this crap? should have just said, Jan 1 2001, all routers must support 64 bit ipv4 addresses. Like the chrome HTTPS switch over, JUST DO IT

Comment by donaldjbiden 4 days ago

You mean 128 bit? That's called ipv6. It's ipv4 with 128 bit addresses.

Comment by singpolyma3 4 days ago

Just because a call is a spam call doesn't mean it is spoofed. STIR/SHAKEN ends spoofing but anyone can ultimately buy a phone and make calls that are spammy.

Comment by ChrisMarshallNY 4 days ago

Spoofing isn’t ended at all

Almost every spam call has that I get, is spoofed.

Someone here explained it, once.

I think the spoofed calls use a legacy transport tech that can’t be forced to validate.

Comment by hobofan 4 days ago

Can't that legacy transport be blocked / not-be-peered with then? That's what usually happens with old insecure tech that is being phased out.

Comment by singpolyma3 4 days ago

How do you verify it is spoofed? Have you asked your carrier to drop unverified calls from your service?

Comment by ChrisMarshallNY 4 days ago

> How do you verify it is spoofed?

Not my job to "verify," in the technical sense.

When a call for an Indian crypto pump comes in as "SMITH, ROBERT", and a local exchange, I call that "spoofed."

Comment by sgarman 4 days ago

Mine literally come from the verified coinbase phone number and say coinbase and everything. If I didn't know for sure they are not calling me I'd think it was real 100%.

Comment by singpolyma3 4 days ago

Yeah that does sound spoofed. I'd call your carrier and ask them to make sure attestation below B is blocked.

Comment by singpolyma3 4 days ago

That's almost certainly not spoofed. They just own a phone number on your local exchange.

Comment by ChrisMarshallNY 4 days ago

No they don't. I've called back, a couple of times, and got some guy named Bob, getting all confused. "Whaddaya mean I just called you?".

Hmm...you seem very interested in redirecting this train of conversation. Why?

Comment by singpolyma3 4 days ago

I'm very interested in knowing the actual current state of affairs WRT spoofing and a lot of people make claims without evidence which makes it hard to find out. I thank you for providing your evidence here because it does sound like some carriers are still not enforcing. Which is obviously a problem.

Comment by ChrisMarshallNY 4 days ago

I think it’s a mix. If the CID has someone’s name, then it’s almost certainly spoofed, but sometimes, it just has a town name, and that might be what you mean.

There was this telco, in Upstate New York, that was infamous for being a firehose of scam/spam robocalls. I think they may have been shut down, though, because I haven’t seen their numbers in the CID for a couple of years.

I would suggest that carriers are limited in what they can do. Crooks be crooks, and many of them are very clever. They usually figure out how to weasel past the guard dogs.

Comment by Zak 4 days ago

Sure, but with phone numbers that can't be spoofed, telcos can terminate service, and filtering technologies can block calls. Spam gets expensive if you have to buy new service every five calls.

Comment by singpolyma3 4 days ago

It does. But the spammers still do it. Because eventually they hit one person who gives them a thousand dollars or whatever and it pays off.

Comment by Zak 4 days ago

Preventing spoofing doesn't have to make spam cost-prohibitive for every spammer to greatly reduce the volume, and it does not interfere with ordinary people obtaining phone service anonymously.

Comment by iamnothere 4 days ago

Nobody is making spam calls with cell phones. Spammers use VOIP services and old TDM systems.

Comment by DrewADesign 4 days ago

There’s SIM card banks for SMS spam… I’d be surprised if there wasn’t anything similar for calling. Not that I support this bill but it is a thing.

Comment by rescbr 4 days ago

From what I’ve investigated as a recipient of spam calls, I’ve been called from legitimate mobile numbers from my own mobile telco. The only thing that explains that are SIM card banks.

Unfortunately there isn’t an easy way to report abuse to the telcos (and regulators).

Comment by singpolyma3 4 days ago

I think most major US carriers have a short code for reporting abuse now.

Comment by 9cb14c1ec0 4 days ago

STIR/SHAKEN up to this point has only been a self-certification that a telecom company has the right to use a number. What the FCC is trying to do is set up a legal obligation for the STIR/SHAKEN header to match a KYC verified identity.

If the FCC implements this, I expect a lot litigation because of the burden and legal liability this would place on telecom and VOIP companies. There are other less burdensome approaches to preventing spam that the FCC has not tried.

Comment by HappMacDonald 4 days ago

I am constantly amazed how few people understand that preventing spam is below the last thing the FCC is actually interested in.

First of all, the decision makers at the FCC profit from directly from spam, Christ.

Secondly, the indirect value of spam to the FCC is that it helps to justify initiatives to ruin the privacy of ordinary people via the constant push for KYC.

Just like "age verification", Flock cameras, license plate scanners, ubiquitous IoT with microphones and cameras, etc. Governments and corporations both profit from shredding every molecule of your privacy.

Comment by xnyan 4 days ago

The FCC issued a report on this very subject[1]. TLDR, there have been four exceptions to the SHAKEN/STIR requirements:

- Providers that can't afford it implement it - Non-IP networks - Small voice service providers that originate calls via satellite using U.S. NANP - Providers that lack control over the network infrastructure necessary to implement

Nothing is going to change as long as those holes exist.

1: https://docs.fcc.gov/public/attachments/DOC-416732A1.pdf

Comment by 9cb14c1ec0 4 days ago

The can't afford it exception is disappearing soon, as it isn't true for any business. Total setup costs for STIR/SHAKEN are under $2000 these days. Providers that lack control over the network infrastructure (i.e. they don't have the ability to control the stir/shaken headers so by definition they can't spoof numbers) will likely continue to be a thing as changing it would force pretty much every small business in the VOIP industry out of business and allow only large companies to be VOIP service providers.

Comment by swed420 4 days ago

> I thought this was supposed to happen 5 years ago. Did they just chicken out on the prospect of actually shutting down telcos sending spam volume?

It would certainly hurt a consumption-based economy, for starters.

Comment by philipallstar 4 days ago

Why would that hurt a consumption-based economy?

Comment by twodave 4 days ago

Telcos make money off of scammer activity.

Comment by colechristensen 4 days ago

Maybe in the same way that Office Depot makes money on the envelopes used in mail fraud

Comment by swed420 4 days ago

It's a vector for advertising.

Comment by philipallstar 4 days ago

But that's not a consumer initiative. Advertising can come from all sorts of places that the consumer doesn't like, and in economies where advanced levels of consumer choice are limited to the state bureaucrats.

Comment by swed420 4 days ago

> But that's not a consumer initiative.

Seems irrelevant to the original point.

Comment by philipallstar 19 hours ago

"consumption-based" requires consumers.

Comment by reactordev 4 days ago

and cut off a million dollar annum laundering scheme to provide such service to the scammer networks? nah... they would never.

Comment by singpolyma3 4 days ago

This is already not allowed.

If your carrier accepts a spoofed call they're already violating FCC recommendations.

Comment by kbelder 4 days ago

Recommendations aren't requirements; you're allowed to violate them.

Comment by singpolyma3 4 days ago

Of course

Comment by saintfire 4 days ago

And yet, I incessantly get spoofed numbers calling me from the same "central office code". Also resulting in people with the same code "returning my calls" and then getting angry that I say I didn't call them.

Preventing number spoofing would help significantly with spam calling. At least the ones from local numbers.

Comment by bryanlarsen 4 days ago

Medical offices hide their numbers for very good reasons: if you've got an abusive spouse, you often don't want the medical office in your call history. Which results in a lot of very important calls being ignored.

Comment by advisedwang 4 days ago

Stopping caller ID spoofing doesn't have to mean caller ID is always enabled. You should be able to make a call with NO caller id, but not a call with somebody else's caller id.

Comment by MichaelDickens 4 days ago

Unless I'm missing something, this doesn't seem hard to fix: just let users decide whether hidden numbers should be ignored or received.

Comment by bryanlarsen 4 days ago

Doesn't that make it more likely people are going to miss important calls from their Doctor's office?

Comment by chongli 4 days ago

Just send the call to voicemail. Doctor's offices always leave voicemails. Spammers sometimes leave voicemails, sometimes not, either way they're easy to filter out / ignore.

Comment by kylehotchkiss 4 days ago

Why do we even need to run on the 20th century system of numbers anyways? Why is there not a better call addressing system?

Comment by saxonww 4 days ago

We don't, but the entire world currently does, and the amount of equipment deployed that depends on it is substantial.

I would be willing to bet money that any "better call addressing system" would be a design by committee where this just gets litigated there. And we'd end up with either a system that requires KYC per-call, or has compromises similar to what we're complaining about now.

Comment by 3RTB297 4 days ago

Having worked with telco companies, 99% of it is "Yeah, but this stuff still works just fine;) And if a government compels us to change our equipment for reasons other than national security, we're going to pitch a fit and demand financial incentives beyond reason." A lot of the pressure to boot Huawei from tech stacks globally ran straight into that wall and flopped. Even with national security at its back.

Considering most of those same telcos are donors and employers of large numbers of people across many constituencies of almost every nation, usually no politician has or is willing to spend political capital to shoot themselves in the foot like that. And no nation with a national telco company runs it well enough to ever even dream of spending money for something like IP addresses, they typically barely keep the lights on.

Comment by callalex 4 days ago

Because backwards compatibility expectations make it hard. Also telecoms are evil and greedy so unless you are actually going to stop paying for a phone they won’t lift a finger to improve anything. Countries with newer phone systems at least support Alphaneumeric Senders.

https://help.twilio.com/articles/223133767-International-sup...

Comment by HappMacDonald 4 days ago

I suppose you'd like to replace it with Email since that doesn't have any spam, hmm?

Comment by kylehotchkiss 4 days ago

We were able to tack a bunch of domain and header functionality on top of the email system that helped us know if the sender was authentic which is much more than we can say for the POTS

Comment by 9cb14c1ec0 4 days ago

Because the concept of numbers is so heavily baked into many systems. Momentum is a beast.

Comment by themafia 4 days ago

Said on a forum that was accessed by IP protocol.

Comment by hsbauauvhabzb 4 days ago

What valid purpose does hidden numbers have? Government departments in my country hide their caller ID.

I find that abusive on its own but let’s not forget about the fact that now you have victims of domestic violence being forced to answer hidden numbers in case it’s welfare, or the cops, or their abusive spouse.

Comment by carlosjobim 4 days ago

Calling in an anonymous tip to the police and such.

Comment by rescbr 4 days ago

I’d say to use a payphone if you need to do that, but then my age is showing, as this is not possible anymore.

Comment by hsbauauvhabzb 4 days ago

My country has online anonymous tips online, and pay phones.

I don’t think caller id blocking would work with the police, they almost certainly have the ability to unmask your number if they want.

Comment by carlosjobim 2 days ago

And why would they want to do that? The police relies on anonymous tips.

Comment by hsbauauvhabzb 2 days ago

Because they almost certainly have fake tip-offs, they’re not going to ignore those.

Comment by cyanydeez 4 days ago

unfortunately, the grift economy is hyper-meritocratic: If you can figure out a scam and it makes money, who are we, as capitalists, to stop you? You take out the lower rungs of the grift economy, then whose to say who can fleece the tax payer with a repainting of a reflecting pool on tax payer's dime. It's a slippery slope, really.

Comment by phyzome 4 days ago

It's even worse: Since cell phones broadcast your location at all times, this means telling hundreds of companies (and a number of governments) your location at basically all times.

That's already an issue with most cell phones. Making this apply to prepaid phones is even worse.

Comment by agloe_dreams 4 days ago

One thing I wonder is if this is just one step removed from 'Now we know the identity of every user so we can now have both probable cause and verified identity to arrest over statements containing speech we do not like.' "

Like that is Carr's FCC in a nutshell - he wants to control speech by controlling the airwaves. That is a raw fact in his behavior. But when the news stations say the thing they want them to say, what happens next other than slightly extending the definitions of public good to the internet and then restricting speech?

Comment by gwerbin 4 days ago

If you have to wonder, you don't need to wonder. So now not only can "antifa"-related speech qualify you as a terrorist (https://www.whitehouse.gov/presidential-actions/2025/09/coun...), now your phone is legally required to track you and report your location at all times. The legal infrastructure is in place to track and bring a wide range of consequences down on just about any and all political enemy, whether that be ruining their life by dragging them through years of criminal charges or simply black-bagging them and whisking them off to a prison for "enemy combatants" without any oversight from a court. All of this is being done in full view of Congress and the Supreme Court, therefore one can only conclude that they are comfortable with and complicit in what is going on.

Comment by psadauskas 4 days ago

Not just "antifa" in scare quotes, the executive order literally says "anti fascist". My government says I'm a terrorist now because I'm opposed to fascism.

Comment by gunsle 4 days ago

Are you trying to imply that there isn’t coordinated attacks by fringe groups just because they’re leftist?

Comment by gwerbin 4 days ago

What does that have to do with anything I just said

Comment by 4 days ago

Comment by lenerdenator 4 days ago

It's important to remember that Carr is but a bureaucrat doing what he needs to do to make his boss (or, rather, his boss's boss) happy.

We have a real problem with people in government buying into the idea that it's basically a private company set up for the benefit of one man in particular.

Comment by themafia 4 days ago

That's rather public. Most likely is monitoring a journalist so you can more easily discover their sources or engaging in "parallel construction" to deal with "undesirables" of any stripe.

Comment by cucumber3732842 4 days ago

They won't do that because that'll cause an uproar.

What they'll do, what they always do, what you can see them actively doing (albeit on other policy axis) even at the local government level, is simply scrutinize these people for other laws they've broken or rules they've run afoul of and then enforce the shit out of those.

Comment by gausswho 4 days ago

It does make me wonder if we're just racing to the day we've got our kyc-blessed phone in a drawer at home at the official address that's already known to carrier. And strap on it the software needed to either forward messages and calls via voip to our real phone, or open a server on it to let us access it from wherever we are to poll for our messages.

Comment by tencentshill 4 days ago

Apple has implemented a mitigation for this in their new modems, but unfortunately its a carrier opt-in, so only actually useful in Europe.

https://www.pcmag.com/news/apple-expands-this-location-focus...

Comment by ofalkaed 4 days ago

Cellphones broadcast their location, not ours. We can leave our phones at home.

Comment by phyzome 4 days ago

You understand the distinction though, right? The current state is that you cna choose one of these:

A) Be tracked

B) Use a phone not connected to your identity

C) Go without a phone sometimes

The FCC's proposed change would remove one of those options.

Comment by EvanAnderson 4 days ago

Assuming your movements are tracked by other methods (surveillance cameras and facial recognition, purchase records, etc) the absence of your phone when you would otherwise normally have it is a data point, too.

Comment by ofalkaed 4 days ago

There is no time that I would normally have my phone other than when I am at home; the data point that I provide would be the rare times I take my phone out of the house and most of that time it is off, I only turn it on if I actually need it. My phone is turned off a fair amount which also means I do not have internet since I get my internet through my phone's hotspot, it is nice to be able to disconnect from the world so simply, just turn off my phone. If this was the norm, location data would have far less value and possibly not be worth the expense. Phone addiction seems the real issue here.

My purchasing data is not much better, two purchases so far this year other than my three monthly bills and groceries once or twice a week where I also get cash for my other expenses. I don't do this out of concern about being tracked, just how I live my life. Sometimes I leave my phone off for a week, nothing bad happens, at least nothing that having my phone on would have prevented.

Comment by reactordev 4 days ago

"Downstream collection" would have a field day with this data.

Comment by br0ceph 4 days ago

Im USA based use prepaid service because I dont want to provide information for a credit check to obtain postpay service. Theres absolutely no reason for a US based telephony provider to retain the most sensitive PII on their customers. Every large provider has a history of breaches and selling customer data. The telephone companies are already tracking, storing, selling; so many data points on their customers. They cant be trusted with any information.

Comment by bsimpson 4 days ago

My primary phone number has been a Google Voice account since 2010.

It's unclear to me how I'd be impacted by these new rules, but I don't believe there's any requirement to provide PII to get a VOIP number.

Comment by techsupporter 4 days ago

Google Voice now requires identity verification for new numbers or porting a number into an account that does not have a number assigned: https://support.google.com/voice/answer/16768664

Comment by 4 days ago

Comment by jameshart 4 days ago

Counterpoint: for my part I would like it to be the case that any phone line that can dial or message my phone can be traced back to a known human being who can be held accountable for abuse of that phone line in terms of generating spam, abuse or harassment.

Seems that we can’t both get what we want.

A potential solution is that you get your anonymous phone line but my phone provider simply refuses to let you call me with it.

Of course then we need to extend the same principle to data and to IP traffic originating from your device. If you don’t want to be traceable it seems reasonable that services should have the right to refuse to handle IP traffic you generate.

Would such a half-baked level of network access suit your needs?

Comment by AnimalMuppet 4 days ago

I would like any message that is spam to be able to be traced back to the offending human.

I would like anonymous political posts to be untraceable by the government.

I can't even get all of what I want.

Comment by jameshart 4 days ago

The problem of the government tracking down people for political posts is supposed to be solved by having laws that constrain the government, not by having corporations provide anonymity as a service.

Comment by dare944 4 days ago

There's no "supposed to" here. Humans, (including governments) are inclined to do bad things; both law and technology are necessary to restrain those tendencies.

Comment by lmz 4 days ago

One man's anonymous posts are another man's foreign influence operation.

Comment by dataflow 4 days ago

> Seems that we can’t both get what we want.

Why can't you? They don't want to provide info for a credit check, you want human accountability. All that requires is for them to use a debit card for whatever service (prepaid or postpaid). Law enforcement can trace that if needed. No need for credit checks or really any other information directly in the hands of the telco.

Comment by singpolyma3 4 days ago

Indeed. Given the KYC requirements for getting a credit card, it seems that paying with a credit card should confer traceability for LE.

Comment by jameshart 4 days ago

This is an argument in favor of KYC requirements for telcos, just that it assumes they can outsource it to banks.

Comment by dataflow 3 days ago

This is neither KYC nor would that be relevant even if it were. The whole point is you could get traceability without a credit check just fine.

Comment by jameshart 1 day ago

You're saying telcos should insist on a traceable source of payment, which means a source of funds which has some level of KYC. That is just KYC with extra steps.

Comment by inigyou 4 days ago

It should show up as anonymous. And you should have a setting: allow anonymous calls y/n

Comment by jameshart 4 days ago

.. precisely what I asked for?

Comment by xnyan 4 days ago

> my phone provider simply refuses to let you call me with it.

I don't think it's necessary to go this far. The provider could indicate something like "CANNOT VERIFY NUMBER". I imagine most people would block such calls.

Comment by jameshart 4 days ago

Isn’t that the same thing? I was making the assumption that the way I would block such calls would be by telling my phone provider they don’t need to route them to me in the first place.

Comment by frollogaston 4 days ago

I got ATT prepaid in January and still had to give my ID, but it was weirdly not upfront but later on when I was trying to actually activate the service. Not sure what the deal is.

Comment by rib3ye 4 days ago

> Note: By checking this box, I acknowledge that I am filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.

Is there really not a way to submit an express FCC comment that avoids all my personal info being publicly published to the web? Yeesh.

Comment by jubilanti 4 days ago

Think of it like a petition or testifying before Congress. The whole point is that you are putting your real name behind it.

And if you think your name and address are private, then I have some bad news for you.

Comment by rib3ye 4 days ago

I spend a lot of time filing requests to take down my home address. Most low-hanging fruit options have been scrubbed. I am hesitant to increase the count.

Comment by jubilanti 4 days ago

You mean the link between your name and home address? Impossible to scrub. If you're registered to vote, own a home, or many other things, that is legally a matter of public record.

Comment by iamnothere 4 days ago

Some people put their home in a trust to avoid this, and not everyone registers to vote.

Comment by helterskelter 4 days ago

IIRC the only way to keep who owns a home truly anonymous (short of a court getting involved) is to create a shell company (not an LLC) and have your attorney sign off on the deed as a representative of the company. Problem is you have to pay a lot more tax if/when you sell (I believe it's considered income, instead of capital gains). LLC's, and I believe, trusts, are fairly easy to sort out the ownership of -- they obscure your name from people finding out where you live, but if somebody is curious who lives at your address, they just have to pull up docs on the legal entity. This probably wouldn't even cause an inconvenience for somebody with access to LexisNexis or whatever.

(Don't quote me on this, if somebody knows better please fill me in)

Comment by iamnothere 4 days ago

You need a blind trust, biggest downside is you won’t be able to manage the property anymore. It’s expensive to set up as well.

Comment by godwinson__4-8 4 days ago

Username checks out

Comment by themafia 4 days ago

Private Mail Boxes are a godsend. In California this can even be the address on your state ID. You do have to give them your residence address but they consider that private information and only share it with authorized agencies.

Comment by sailfast 4 days ago

Yes. You need to stand up as a citizen to have the impact (they cross check).

Publication is probably a bit much as a default and chills speech a bit, but it’s also important that the federal register can remain public with all public comment on the web. These are official comments on the record.

Comment by 4 days ago

Comment by riffic 4 days ago

call your congress critter instead

Comment by adolph 4 days ago

what, they keep no records, or as lege branch they aren't foi-able so you won't ever know if they do or not?

Comment by criddell 4 days ago

They aren't publishing them on the web.

They probably do keep records, but something doesn't have to be perfect in order to be better.

Comment by adolph 4 days ago

For background on KYC in the banking context @patio11's podcasts and essays are worth consuming:

  Patrick: Yes, so "Know Your Customer" (KYC) and "Anti-Money Laundering" (AML) 
  are mandatory elements of the international compliance regime that have been 
  in place in the United States since the early 1980s. Over time, this regime 
  spread globally, largely fueled by the U.S. leveraging the dollar as a tool 
  of foreign policy—a point where I find myself agreeing with critiques from 
  the crypto community. Their complaints about this are largely accurate. You 
  can see this clearly in the documents as these laws were passed and as 
  supranational bodies increasingly tightened regulations on banking secrecy 
  havens.
https://www.complexsystemspodcast.com/episodes/true-crime-ba...

https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...

Comment by adolph 4 days ago

Reading this line in Lopp's article: "FCC even asks whether providers should consult lists of terrorists, terrorist organizations, and “criminal persons” maintained by law enforcement entities," brings to mind McKenzie's work describing the outsourced role of NGO's in vetting banking customers.

https://www.bitsaboutmoney.com/archive/nonprofit-indicted-ba...

https://www.complexsystemspodcast.com/episodes/splc-financia...

https://www.complexsystemspodcast.com/episodes/defendant-cen...

Comment by collabs 4 days ago

In my opinion, the real fix to scam, spam, and robocalls is to pass along the REAL(TM) Caller ID information not just the caller ID but the actual billed Caller ID information and allow the recipient easy ways to drop the calls when those two don't match. I don't know exactly the technical details of Stir/Shaken but someone somewhere is paying / getting paid for each call and this information should be transparently available to the call or message recipient. For "legitimate" reasons like doctors or call centers, they should already provide a separate work phone and not make them use their personal line. For leaky carriers, those should be blocked entirely. Nothing good comes from them. Basically what I am suggesting is if the full attestation level ("A-level") is not available, drop those calls and text messages by default unless the customer opts in (I have no idea why anyone would)

Comment by mullingitover 4 days ago

I was nodding in agreement, but I realized there must be some catch here. If this was that simple it probably could've been implemented a while ago.

My guess is that there's some requirement that if it's a working number, it must be able to dial emergency services and that's the loophole that's being exploited. So the FCC's answer is if all numbers must work, push the check directly on the subscriber.

Comment by collabs 4 days ago

In theory, yes. I would hope all the things that are "common sense" and "simple" would have already been implemented. However, as my professor of History from college loved to say "follow the money". If something could be simple and straightforward but is implemented in a convoluted way that is clearly suboptimal, someone somewhere makes more money as a result. It could be as transparent as Google Chrome implementing auto play with a "Media Engagement Index (MEI)", Apple being forced to implement USB-C on the iPhone kicking and screaming, or carriers and large call centers dragging their feet on doing STIR/SHAKEN correctly and passing along the billing information that I will remind you they already have because they like to get paid. So, while we hope common sense previals, at the end of the day, it only does so automatically when it makes business sense.

To your point about emergency services—while it's true that any unactivated phone must be allowed to dial 911, that rule only opens a one-way path to emergency dispatch. It doesn't give a device the ability to place outbound calls to everyday citizens. The real loophole isn't a public safety mandate; it's the wholesale VoIP market.

Comment by jagged-chisel 4 days ago

They make too much money from the spammers. Who wants to cut out such a large revenue stream?

Comment by troyvit 4 days ago

They would do well to make a better CTA for their call to action. Here's the link from the article:

https://www.federalregister.gov/documents/2026/05/26/2026-10...

I think that gets you most of the way to a link that somebody on HN dropped a few days ago:

https://www.fcc.gov/ecfs/filings/express

It requires the docket-id to complete:

Docket No: 17-59

You can double check that Docket Number here: https://www.fcc.gov/document/fcc-seeks-comment-enhanced-know...

Comment by Scaled 4 days ago

People should file comments at that Federal Register link as well as FCC. (The FR is the official way for citizens to comment on proposed agency rulemaking. Since it's independent, it might go farther, but it's worth doing both.)

Comment by filup 4 days ago

We just need a new phone system where 'phone numbers' are designed to be disposable.

Phone numbers were designed with the idea that they need to be easily memorizable in your head but I don't think that's really needed today.

At any moment I should be able to discard my contact and redistribute it on my own.

The idea that old numbers get recycled is completely ridiculous as well.

Comment by matheusmoreira 4 days ago

We need to get rid of phones straight up. No one should be able to interrupt someone else by randomly ringing them and demanding attention.

Comment by wang_li 4 days ago

You can trivially accomplish this under the current system. There is no need for a change that imposes your preferences on everyone.

Comment by matheusmoreira 4 days ago

There is a need. The whole point is to do that. "I'll just opt out" half measures won't get rid of the culture. We're all expected to have phones. People want to call. We suffer actual economic consequences if we refuse to participate. Your "solution" boils down to "just don't have a phone so we can ostracize you". Like the loonies who don't have Facebook accounts for the companies to spy on. The whole idea is to wipe Facebook off the face of this Earth so we need not face such choices to begin with.

Comment by bigstrat2003 4 days ago

There's nothing loony about not having Facebook or a phone. Nobody really gives a damn, I promise you. What is silly is trying to disallow everyone else from having something because you don't want it.

Comment by matheusmoreira 4 days ago

I've seen HR avoid hiring people who didn't have phones or Facebook accounts. I've seen them straight up ask for the account passwords.

Comment by filup 4 days ago

Do tell for a laymen like me.

Comment by wang_li 4 days ago

Cancel your phone service and then no one can call you or interrupt you. Set it to Do Not Disturb. You got multiple choices.

Comment by filup 4 days ago

I mean I think that is ok as long as I explicitly allowed you to.

The problem is, with a phone number anyone can. Phone numbers need to operate more like a shared secret.

I was getting an oil change the other day and the guy asked me for my phone number...

I said why? Do you need to call me?

He said, no we just need it to put in the system and it won't let me proceed without one.

I said ok well here is a fake number since you don't need to contact me.

He was visibily frustrated with me, yet inputed the fake number and it allowed him to proceed.

My point with sharing this story is it seems like we have forgotten as a society what the purpose of the phone number is. Your supposed share it when you want to be able to communicate that's it.

It's turned into a required chokepoint to do anything.

Comment by LastTrain 4 days ago

How about instead we do "know your company" and consumers get intel about the ones doing the calls?

Comment by phendrenad2 4 days ago

Let me give you an analogy: Someone keeps blaring an airhorn outside your window at 4am. It's making it difficult for you to sleep. The government, in their bountiful wisdom, decides to hold an emergency meeting, and agrees to pass a law that people need to show an ID to buy an airhorn. You're appalled. This is an invasion of privacy! You protest outside of city hall. You try to get some of your neighbors onboard, but find that they're already protesting! Their protest is demanding that the government do something about the annoying airhorns.

Comment by pona-a 4 days ago

The funny thing is most of the world had already pioneered the airhorn ID long ago. Very few of them saw any decrease in 4 AM airhorn activity, yet some are already well-known to arrest and harass airhorn users to international human rights observers' condemnation.

Comment by phendrenad2 4 days ago

Yes and this post is the remedy. We need to point out the privacy issue, and also point out that it won't do what people want.

Comment by bityard 4 days ago

Well, I tried to file an FCC comment using the link in the article but reCAPCHA doesn't think I'm a real person. I gave up after about completing about 20 puzzles successfully.

Our democracy in action.

Comment by rastrojero2000 4 days ago

Any particular reason yall can't just argue in court that by creating opportunities for your PII to be stolen your governments (state or federal or both) are actively harming you economically?

Sure, not much money to be had by fighting that fight but basically any PAC should have the means to do this and by claiming money is at stake and not people's actual safety you do have a better chance at this not being dismissed because of how your justice system /is/.

Comment by 3RTB297 4 days ago

Unless you've had fraud committed against you, that's a hard sell. What dollar figure do you use as the basis? Are you suing for years of credit monitoring? Because that's typically the solution for people who are the victims of PII leaks.

One could argue that it's a failure of law enforcement or telcos or regulators to do enough to prevent fraud and maaaaybe bring a class action or something, but that's a massive stretch.

Comment by rastrojero2000 4 days ago

Given it's a physical impossibility to create an impregnable fortress for your data and said data both already has a dollar amount attached to it in the black market and an obligation to be cared for, the argument could be that the government is setting up companies to lose money unless they too get to sell that data themselves, which regulations -and basic decency- say they can't.

Comment by maerF0x0 4 days ago

https://www.newsnationnow.com/business/your-money/annoyance-...

Suggest phone scams are a $26 B per year industry.

Comment by Hizonner 4 days ago

The government is allowed to create regulations that harm people economically. Not much money to be had by instantly losing that fight.

Comment by rastrojero2000 4 days ago

Do those regulations often involve the creation and protection of the profit motive for foreign black markets?

Comment by Hizonner 4 days ago

Sometimes. Your point?

Comment by rastrojero2000 4 days ago

Here: https://news.ycombinator.com/item?id=48505550 glad to help

Comment by Hizonner 4 days ago

Look, a lot of people make the mistake you're making.

Not every unjust, stupid, or evil thing is illegal.

Even when something is illegal, that doesn't mean you have standing to challenge it in court, or that a given court has jurisdiction to do anything about it.

Courts (theoretically) follow rules. They can't just randomly set things aside without some basis in those rules. Lawsuits are not a magic universal remedy.

You could definitely argue that courts don't always follow rules, and that the Trump administration is doing everything it can to make that worse, but the changes they're making aren't going to work in your favor, because those changes are in the nature of "we can do whatever we want, and fuck the courts if they don't like it".

Comment by rastrojero2000 4 days ago

I mean, ok? Guess the official consensus is all you can do about literally anything that is detrimental to everyone is just sit on your ass and look pretty until it's too late and every asshole who could conceivably benefit from stealing from you is already done.

The true american dream.

Comment by Hizonner 4 days ago

Well, the assholes currently screwing up the the USA got there by decades of miscellaneous political maneuvers, both fair and foul (most of the fair ones done by an earlier generation), culminating in actually getting elected (basically on a platform of then acting unconstitutionally, because that appealed to enough morons). And the people they replaced also got in through politics.

What they did not do was to sue their way into power. I mean, yes, they used the courts at a few key points, but that wasn't the core of it, and the smart money says they could have done it without, say, Bush v. Gore.

The new court approaches of the 1950s through 1970s were a product of politics way, way more than a driver of it, and so is the present reactionary judicial backlash. In fact, the biggest thing I'd say you could argue was the courts leading, Roe v. Wade, worked for a few decades, but at the same time set up a ton of resentment that was later exploited to help blow up the whole system around it.

And if you go back far enough, you run up against a violent revolution, also not conducted in court. Although even there it's important to remember that revolutions invariably fail if they don't have huge political support first.

So, if you want to actually do something, go elect some politicians who will clean up the mess. By the way, that doesn't just mean going back to the way things were one day before Trump. It means fixing the long-term institutional decay that let Trump and his manipulators cause so much chaos when they happened to win an election with honestly not overwhelming support.

[By the way, I need to edit this: This particular authoritarian move is relatively bipartisan and represents an attitude that's become depressingly common all over the planet. Nonetheless, if you want to do something even about this, the answer is still political.]

Comment by lacoolj 4 days ago

I didn't even know you could get access to phone service without basic ID info.

Maybe I haven't tried playing with enough "burner" phones :\

Also blanking on a time when you legitimately need to have a phone and not provide your name... anyone have examples?

Comment by AtlasBarfed 4 days ago

Yeah if US mail is as spam compromised as it is, you can forget about phone calls ever being cleaned up.

In the era of Target specialized AI that can mimic voices, writing styles, communication is now fundamentally compromised without some sort of actual reform

Comment by kelseyfrog 4 days ago

Parents need to parent. Full stop.

This means the parents of adult scammers too. Every scammer has a mother and father who are failing them. If they were doing their jobs, this wouldn't be happening.

Comment by frollogaston 4 days ago

They're always calling from random countries anyway. Maybe we can tell (not ask) other countries to do their job and clamp down on these scam houses.

Comment by kelseyfrog 4 days ago

Do they not have parents in random countries?

Comment by frollogaston 4 days ago

Probably, maybe not. Yeah it'd be great if the entire world were prosperous and happy, until then we need a way to make spam calls harder.

Comment by kelseyfrog 3 days ago

Then propose something that doesn't infringe on privacy.

Comment by frollogaston 2 days ago

Treat foreign scammers as enemy combatants unless their own country does something about it.

Comment by downrightmike 4 days ago

A LOT of this is from the chinese triad in the Golden Triangle in Cambodia who use kidnapped people and abuse them

Comment by 4 days ago

Comment by NoImmatureAdHom 4 days ago

Aside from the EFF, where can I send my money? Is there somewhere / someone that's working on this specifically?

Comment by maerF0x0 4 days ago

Honestly I'm at the point where I'm like lets just kill the POTS. It makes little sense to me that it's become a sort of user ID for many things, that we have better alternatives (WebRTC, FaceTime et al) that we should push. Like where it currently says "Telephone number" i should be able to put in a URL like "webrtc://<a pseudonym for my IMEI>" (which itself could be a dropdown box for "This device" on the phone itself...)

For example, why isn't it the default that when a telemarketer calls me it's not a video call? And why can't I preview their video stream prior to answering?

I get its "impossible" to make everyone change, but i do think we should push forwards...

Comment by themafia 4 days ago

> that we have better alternatives (WebRTC, FaceTime et al)

They may or may not be better. What they _aren't_ is "widely available."

Also I feel like a lot of people forget that phones still work even if the power grid is disabled. Your replacement should have the same attribute.

> why isn't it the default that when a telemarketer calls me it's not a video call?

How about when I block you I block the underlying service number and not the fake caller ID number. If a company gets blocked by too many customers it is automatically disconnected from the network.

This is _our_ network. Not the spammers. All companies use it by our leave. They wanted common carrier status and that should have a price.

Comment by frollogaston 4 days ago

IMEI is tied to the physical phone, Facetime is Apple-specific, idk what the webrtc option would be. I'm actually glad phone won as digital ID, not cause it's the best choice but because it could've been a lot worse.

Comment by apt-apt-apt-apt 4 days ago

Careful, you are one capital letter 'U' away from having the FBI, NSA, SWAT team at your door!

Comment by naturalmovement 4 days ago

"Call to Action" is a needlessly impotent threat. Like high school students walking out of their own lunch period to protest the loss of salisbury steak on the menu.

Most major telcos worldwide outside the US have strict KYC rules, this is not a battle you are going to win, because there are very few legitimate reasons in support.

Comment by logicchains 4 days ago

There's a very strong legitimate reason, the right for privacy online.

Comment by throwaway1492 4 days ago

It’s trivial to use a cellular connection to control a fpv drone, near real time. I’m really surprised there hasn’t been occurrences of extortion (ie protection rackets) and targeted assassinations via air droppable explosives like we see in Ukraine war. Burner phones enable this.

Comment by netfortius 4 days ago

And how exactly are they going/hoping to do that with GV?

Comment by cf100clunk 4 days ago

KYC == ''Know Your Customer''

Comment by qdotme 4 days ago

Honestly, stop the KYC regime everywhere else.

We're making our law enforcement's job marginally easier, by making the criminals' job infinitely easier by creating millions of juicy PII honeypots.

No, you don't need my phone #, real name, captcha.. if you think you do, realign your incentives, and rethink what else can be used for your real need instead.

Comment by drnick1 4 days ago

Absolutely. And this is why I don't give any business my real name, phone number, or other personal information. Starbucks does not need to know my name or email to make my coffee. If a company insists on an app or some kind of registration, they lose my business, plain and simple.

Comment by filup 4 days ago

I walked into a gas station the other day because the pump did not print the recipt. I asked the cashier for the receipt and she said I needed to download the app in order to get a receipt.

Pure insanity.

Comment by theturtletalks 4 days ago

KYC and AML are the most blatant attempts at subverting due process I’ve ever seen.

Instead of the government actually trying to catch money laundering, they just make 3rd parties like banks and payment processors judge, jury, executioner. Effectively giving them the power to decide who can do business. And if they decide you can’t, you have no recourse. If the government didn’t give this power to private companies, they would have to prove in court that you are doing something unsavory. And to people saying KYC/AML works, sure. HSBC was laundering billions and these guys know how to get around KYC. You’re just screwing over common people at this point and giving banks and financial institutions power to skirt due process.

Comment by frollogaston 4 days ago

"Effectively giving them the power to decide who can do business." well it's giving the government the power to decide who can do business. The banks and merchants already had that power, but now they have additional legal risk of doing business with whoever the govt doesn't like.

Ever since 2020, I've seen more stores that won't take cash, and refuse to go there on principle even if I was going to pay with card anyway.

Comment by elevation 4 days ago

> the most blatant attempts at subverting due process

This seems so clear to me; KYC is an end run around the constitution.

But how do we stop it? If we legislate "no KYC" then what is my recourse when an imposter empties my accounts? You'd want it to be at least allowed.

But if we allow industry to require KYC "we will only deposit your pay to a verified bank account" then you may end up with de facto KYC if not de jure. But if you tell businesses they may not require it, it enables other kinds of fraud.

Legislation does not constrain people who will to do evil.

Comment by logicchains 4 days ago

>But how do we stop it?

Use Monero as much as possible. If enough people adopted it, there's absolutely nothing they could do to stop it short of turning off the internet entirely. Even China, with the strictest internet controls in the world, hasn't managed to stop people paying for banned goods and services in crypto there.

Comment by greentea23 4 days ago

How do you get or spend Monero without KYC? It's illegal to do so without reporting every transaction on your taxes. Maybe you can get away with it for small purchases, but with inflation the way it is, any meaningful purchase pushes you over a tax red flag line. Crypto is dead in the water legally speaking in the US.

Comment by frollogaston 4 days ago

I'm all for cryptocurrency as a way to fight both KYC and money-dilution, but it's still not user-friendly. Regular people need a way to clog the gears too.

Comment by cute_boi 4 days ago

Will this KYC reduce spam and scam calls?

Comment by stackskipton 4 days ago

In theory, it could help. In practice, for KYC to reduce spam and scam calls, FCC would have to be willing to drop hammer big time on people and telcos who allow it to happen. With current political climate in the US, I don't see that happening since companies would scream "Poor pitiful us" and fines would be the cost of doing business.

Comment by reddalo 4 days ago

Italy had forced KYC for all mobile numbers at least since the early 2000's and no, it doesn't fix the spam/scam calls problem at all.

Comment by rockskon 4 days ago

No.

Comment by inigyou 4 days ago

It did in every other country that did it. What's different about this one? If you get a spam call in Europe from Europe, you call the police and the spammer gets located and punished.

Comment by triceratops 4 days ago

> It did in every other country that did it

Citation required.

Comment by KaiserPro 4 days ago

SMS farm/machines don't work in the UK at least, I suspect not even in NL

Comment by inigyou 4 days ago

Of course they do but every SIM is registered to your ID so it's extremely risky for you.

Comment by KaiserPro 3 days ago

Ok, let me be more precise: They are not economically viable.

Comment by cge 4 days ago

Europe does not consistently have KYC for phone service, at least for mobile connections. Normal phone companies in Ireland don't ask for information when buying SIMs (physical ones, at least). Some eSIM providers in Europe don't ask for information at all, and accept cryptocurrency payments. (I'm also aware that some other European countries have very different requirements, up to actually needing copies of identification.)

More widely, however, there do seem to be differences that I don't know the details of. VOIP seems quite different (I use it for my old phones): DID numbers in the US seem extremely cheap and available instantly, with little information, while European ones seem to have an actual verification process and prices that would make large-scale spamming difficult.

Comment by piltdownman 4 days ago

As an additional anecdote, I've never heard of a number-porting/2FA attack using social engineering or other methods in Ireland - but we have our own unique issues now with Robocalls and phishing on WhatsApp and SMS.

Comment by reddalo 4 days ago

> It did in every other country that did it

Italy has mandatory KYC for all mobile numbers, and scam/spam calls are a common problem. So no, it doesn't fix the problem at all.

Comment by inigyou 4 days ago

From Italy or from other countries?

Comment by reddalo 2 days ago

Also from Italy itself.

Comment by 4 days ago

Comment by rockskon 4 days ago

Has it?

Spam calls frequently don't have a source in the same country as their target victim.

Comment by inigyou 2 days ago

International calls are very expensive. Remember the proposals to stop spam by charging $0.01 to send an email?

I believe India even leaned into this by charging a $1/minute tax on incoming international calls.

Comment by singpolyma3 4 days ago

No

Comment by frollogaston 4 days ago

Stopped reading at the slop image

Comment by terminalbraid 4 days ago

I will not be called to action by a page with a big slop image at the top.

Comment by inquirerGeneral 3 days ago

[dead]

Comment by joaohaas 4 days ago

>open link

>AI slop art right at the start

Instant close

Comment by josefritzishere 4 days ago

Leave it to the Trump administration to implement mass surveillance as the solution to spam.

Comment by scirob 4 days ago

Yea pls protect it feels mega oppressive how most EU countries require you to have the SIM card guy in his corner store scan your passport.

Comment by marstall 4 days ago

"force phone providers to collect identity information from ordinary people before they can acquire or renew service with a phone carrier."

don't see the harm in this? isn't this already the case for 99.9% of phoneline havers already?

Comment by dghlsakjg 4 days ago

You don’t see the harm in requiring telcos - famous for handing over data without warrants or court orders - being forced to have identifying data for every subscriber?

I can think of a half dozen ways that can get abused. Remember that in the states policing is decentralized. There is always some department somewhere willing to abuse their power. Look at how flock has been used to stalk partners, or how geofencing was used to sweep up everyone in the area of a protest, or how stingray is used to listen to all calls in an area. This is opening up avenues of abuse for almost no benefit.

Comment by mindslight 4 days ago

> famous for handing over data without warrants or court orders

More concretely, famous for supplying bulk data to the surveillance industry for a nominal fee. That is ostensibly the goals behind this development - all of these companies demanding phone numbers for "verification" and snake oil "2FA" want to reliably dox 100% of their users rather than just 80%.

Comment by Telemakhos 4 days ago

Realistically, it is for 99.9% of people who have phones. The 0.1% have to go out of their way to buy, with cash or crypto, prepaid SIM top-ups on flip phones, and by doing so they stand out like a sore thumb.

Back in the days of rotary phones, not only did the phone providers have your name, they even listed it, your home address, and your phone number in the white pages of the phone book, and everyone in town had a copy of it. Before the rise of microcomputers which enabled data tracking and robocalls, which in turn gave rise to demand for privacy from spam, having that information out in public wasn't a problem except for edge cases like domestic abuse victims or people in a witness protection program. The 99.9%, though, are still getting tracked no matter what, and I sometimes wonder if we've sacrificed the convenience and confidence of the phone-book age for an illusion of privacy that relies on anxiety.

Comment by Hizonner 4 days ago

I grew up in the phone book age. We had one phone with a really long cable, but it wasn't long enough to take it with me everywhere I went. And, as you point out, nobody had robots to call it, either.

Comment by lazide 4 days ago

Almost no one has physical phone lines anymore. It also used to be a given because they had to send a physical paper bill to someone, and hence needed an address.

Neither of these are true anymore.

Also, the tone is set from the top.

Do you think the current admin cares about actually tackling fraud and abuse?

Comment by m463 4 days ago

The big ones already force you to give SSN for service. Then they lose it in a data breach.

Comment by reddalo 4 days ago

The crazy thing is that a simple 9-digit number (that you must give away for many things) can ruin your life if it gets public.

The US seems so backwards at times.

Comment by 0xbadcafebee 4 days ago

at times? we can't even decide if women are allowed to control their own bodies. we're now open to states stopping people with dark skin from voting, and we have giant internment camps where we keep innocent men, women, children because they have a spanish accent. vaccines are apparently not a worldwide health miracle, education is overrated, we're bringing back jobs in coal and oil, and invading/destabilizing latin american countries is back in vogue. in two years we might be so backwards that women's suffrage becomes questionable (https://en.wikipedia.org/wiki/Democratic_backsliding_in_the_...).

Comment by 4 days ago

Comment by drnick1 4 days ago

[flagged]

Comment by 0xbadcafebee 4 days ago

you weren't aware of the recent revocation of laws that prevent southern states from gerrymandering black communities out of a vote, in addition to voter ID laws?

there are many, many public reports of ICE detaining individuals merely for having a spanish accent. they've detained US citizens multiple times, even deported some, because they were hispanic.

I highly recommend reading the news...

Comment by torstenvl 4 days ago

Please don't spew hyperbolic slop in the service of ideological warfare. Thats not what HN is for.

Comment by sunshine-o 4 days ago

Phone numbers are just a liability:

- It is kind of expensive,

- You are forced to provide it to many official institutions,

- It is the default or mandatory insecure 2FA for many institutions,

- It always get leaked somewhere and is one of the most common/reliable identifier.

We still have them around governments and telcos love it and old people and scammers are its last users.

Comment by frollogaston 4 days ago

The cost is a feature. Kinda also the case with IPv4 addresses.

Comment by sunshine-o 3 days ago

Same problem with IPv4.

We've been paying for v4 and v6 for decades but somehow we cannot get rid of v4. My guess is there are a lot of interests at play.