New Google Service Manipulates Caller-ID For Free 116
Lauren Weinstein writes to raise an alarm about a new Google service, Click-to-Call. As he describes it, the service seems ripe for abuse of several kinds. One red flag is that Google falsifies the caller-ID of calls it originates for the service. From the article: "Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."
Uh... (Score:5, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
Re:How pissed would the... (Score:4, Insightful)
Re: (Score:2, Informative)
Only if you begin by reading the subject line. Otherwise it's just confusing. Do you really read the subject line of the posts before you read them?
Re: (Score:1)
Re: (Score:3, Funny)
Do you really read the posts? I only read his post to see what the rest of the sentence was. Otherwise, the subject lines are enough for me, like the summaries.
Or are you implying that you read the articles as well?
Re: (Score:2, Informative)
Re: (Score:2)
i disagree. Many times the parent post is below the rating threshold so the post isn't displayed. Without the quote I wouldn't know what the person is talking about without clicking on every post to display it.
Re:How pissed would the... (Score:5, Insightful)
The obvious solution, of course, is for slashdot to add an official method of quoting (rather than right now, where some people italicize, some prefix with >, some put it in quotation marks, and some just paste the text normally) and then have the experimental forum display the first line of non-quoted text.
Re: (Score:2)
Javascript on /. (Score:1)
The experimental discussion system, like tagging, uses Javascript. Smart people therefore refuse to use it.
Several times per year another security advisory is released warning that another exploit for Javascript has been found allowing the execution of arbitrary code with the permissions of the user, and the workaround is to disable Javascript.
I expect Javascript from malicious troids w
Re: (Score:1)
Re: (Score:1)
Sometimes, (Score:2)
Well ( (Score:1)
Re:How pissed would the... (Score:5, Insightful)
Usenet? (Score:1)
A Slashdot-to-NNTP gateway might make the pain a little better, though.
Re: (Score:1)
Subjects are only as good as the author's ability or willingness to summarize.
...when they end their sentence in the subject. (Score:5, Funny)
Re: (Score:1, Insightful)
It might get the message across.
Why do you think you are justified in harassing? What "message" are you trying to get across?
Perfect technology for your teenage prankster! (Score:5, Funny)
Deserves attention, but not a very hard problem. (Score:5, Insightful)
It would be very easy for Google to implement a verification mechanism. An automated system could simply ring any added Caller ID number and verbally present a verification code (or ask for a response). If a user can answer a certain number, it's not unreasonable to assume that they could also originate regular calls from that number. In the worst case, it still ties the user to an organization or physical location.
I agree with Weinstein that verification really should be a standard feature. Whoever runs even a simple mailinglist without user verification is considered a spammer these days; the ideas are not new. So it's fair to expect Google to carry out this verification.
However, Google is known for technological innovation so I'm not turning off my phone just yet. They'll probably fix it. Of course, a little public attention may help if they seem unresponsive.
Re:Deserves attention, but not a very hard problem (Score:2, Insightful)
However, after telling google you want to use a certain phone, you must dial a number displayed on screen to confirm - it doesn't have to be connected, simply ringing will be enough of a verification and should not cost any money.
Re:Deserves attention, but not a very hard problem (Score:1, Funny)
2. Having a violent opinion of something doesn't require you to actually try it yourself. After all, plenty of people heatedly object to books they haven't read or movies they haven't seen. Heck, you can imagine perfectly well if something is any good.
3. If it's a positive review that you didn't like, call the reviewer a "fanboy." Do not entertain the notion that the product, service,
Re:Deserves attention, but not a very hard problem (Score:3, Interesting)
I thought for a second that you were making sense. Google isn't the issue, the caller-id/phone system is crap.
it would be a huge improvement for the Phone system to at least be reliable to the same country of origin, but that would hurt the telemarketers, the phone companies won't do that...
If the DMA, etc wants to ever do business with me over the phone again, the
Re: (Score:2)
Turns out, it was the Indiana State Fraternal Order of Police, soliciting donations. I realize such "non-profit" organisations are exempt from the "Do Not Call" list laws, but why do they chose to hide the caller ID info? For all I know, it could easily be a scammer pretending to be the FOP. I give my CC or bank account number to the random person calling my home, and
Re: (Score:1, Offtopic)
well the "State Fraternal Order of Police" calls I get are exactly that, basically a scam. They were not a tax deductible contribution, when asked, it was 80% of profits to police widdows or something, they couldn't answer what % of donation that was. I forget, but I was able to find something around 2-5% of the donation in a local papers investigative report. T
Re: (Score:2)
This makes sense to me. For the last week I've been getting "UNKNOWN" calls, never leaving a message (since of course I don't answer calls I don't recognize). Once I finally answered one (partly out of boredom, partly wanting to know who it was) th
Re: (Score:1)
I should have made that clear in my post, I think the real FOP is a really good orginazation (but I am not 100% sure of that.)
but if only one chapter in a state agrees to take money from a scumm telemarketer (telemarketers are not all scum) then that lends legitimaicy to the telemarketers so they can claim the same higher values of all the FOP ch
Google is NOT the problem - this is great! (Score:3, Informative)
The problem is NOT that Google is letting you fake CallerID - it's that CallerID is trusted by anybody, when the telcos don't care a lick about securing it. (There are dozens of for-pay but cheap services to alter your callerID...) I'd even accept a nontechnological solution involving it being both criminally and civilly illegal for you to spoof it. But that clearly doesn't exist, either.
If anything I hope this abuse gets really widespread and callerID gets dropped as a trustwor
Re:Deserves attention, but not a very hard problem (Score:2)
We we heard about this at work, we spent about 45 minutes setting up crank calls for sex therapists, hair club for men, chinese food joints, etc.
This is stupid. It's not an issue. (Score:5, Insightful)
As a business owner, if I used AdWords (I don't... too much click fraud), I'd try it, because any way that customers can contact you easier is generally good. But if it gets abused by a bunch of 12 year old's, I'd cut it in a heartbeat.
Re:This is stupid. It's not an issue. (Score:5, Informative)
Re: (Score:2)
I don't know how many people will use this. It seems like it's *only* going to be used by people that want to call completely anonymously and people who want to call you long-distance for free. I think that even the laziest person in the world wouldn't find pressing buttons on a telephone to be too
Re:This is stupid. It's not an issue. (Score:5, Informative)
Re: (Score:2)
Re:This is stupid. It's not an issue. (Score:5, Funny)
but what if their fingers are too fat? [thisisarecording.com]
Re:This is stupid. It's not an issue. (Score:5, Insightful)
However, the problem the blogger is concerned about is not the abuse you're thinking of. The problem is that a nefarious user could put click the "Call" link on a Business listing, but put in someone else's phone number. The "Caller-ID spoofing" part comes in here: Google's service calls the phone number entered, but the Caller-ID shows the number of the business that the "attacker" chose.
If, when the person picks up the phone, they are immediately connected to the business, they would assume that the business called them. The blogger is apparently envisioning something of a "Joe job" [wikipedia.org] style attack.
However, this is easily protected against. Instead of connecting to the business directly, all Google has to do is play a recording along the lines of: "This is Google, calling since you entered your phone number on the "Click to Call" service, please press 1 to connect to the business you selected. If you did not initiate this, please hang up or press 2 to disable this service for this phone number."
Alternatively... (Score:1)
Caller ID is broken in the same way SMTP is broken (Score:4, Informative)
Re:Caller ID is broken in the same way SMTP is bro (Score:5, Insightful)
Just get an answering machine. (Score:1, Interesting)
Most telemarketers won't do that, and many pranksters won't bother to leave a message. If they do end up leaving a message, then you can easily delete it.
If the call is valid, and you want to get in touch with that person, pick up the phone before they're done leaving their message, and star
Re: (Score:3, Informative)
Re: (Score:1, Offtopic)
This sounds very similar to the arguments against filtering spoofed packets on the Internet. "Our network is designed such that it needs spoofed packets to work," etc. And yet, responsible ISPs managed to adapt. It's time for the telcos to do the same.
Heh... (Score:4, Interesting)
Star-Eight-Six (Score:4, Informative)
Google ambiguously states that Google "takes fraud and spamming very seriously. We use technical methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls." Seems to me that they at least recognize the potential for a problem and at least have some sort of plan for how to handle it.
All-in-all, though, this seems like a pretty lame idea.
Re: (Score:3, Informative)
It won't work on 911 or 1-800 & 1-900 (because they're collect) calls.
My memory is a bit fuzzy, but I don't think I'm wrong.
Re: (Score:2, Informative)
Re: (Score:3, Informative)
You do not remember correctly. You are thinking of ANI (Automatic Number Identification). If you call a toll-free number, the business always gets your "ANI" number, since they're paying for the call. "Caller ID" (more correctly called "Calling Line ID or CLID) is different, and is blocked with *86 [whatever the correct code is]. ANI and CLID are different fields in the phone signalling me
Re: (Score:2)
At least one system I have used would transmit Private to the customer's equipment yet still display the calling party's number on the bill.
Re: (Score:2)
Blocking is not the same thing as 'spoofing'. If I can call you and it looks like I'm calling from the local police department, that's quite a different thing than "BLOCKED ID" calling you. If I say "Hi, this is Officer Farva," which one do you think gives me more credibility?
Re: (Score:2)
I, for one, automatically drop all calls to voicemail that don't present a CLID. That's something I would nolonger be able to do if people were spoofing their CLID instead.
ANI (Score:2, Interesting)
Re: (Score:3, Informative)
Probably a non-issue, practicaly speaking (Score:3, Interesting)
Re:Probably a non-issue, practically speaking (Score:2)
I think it could be a really valuable service. I know if I see something I want to buy very often I think it would be great to contact the company and ask questions, but I can't be bothered making
I;m reading the service page at google (Score:2, Insightful)
the manipulation is ENTIRELY going into MY phone, if I use the service.
I canNOT use it to falsify my Caller ID info going to the business.
WHAT ALARMING potential does this possibly have? I see naught... can anyone identify a situation where using this service can let me 'get away with something' more intense than a prince albert in a can call?
Re: (Score:1)
Ok, still not getting it. (Score:3, Insightful)
I tell google, I wanna speak with toll free information (800) 555-1212
I select the # for toll free information and type in MY phone number,
my phone begins to ring, the caller id on my phone says the # calling me is (800) 555-1212
I answer the phone, and a few momments later I am connected to information.
where's the potential to misuse?
Grasp the offering-or cite a malixious scenario. (Score:2)
so- I can get the police caller id info to show up on someone elses phone/caller id display, but when they pick up the phone, they are in fact going to be connected to that party(the police) You cannot use it to spoof YOUR caller id and call someone, google uses it to spoof their caller id to match the party they will be connecting you to...
where
Microsoft also provides the same service. (Score:2)
http://blogs.msdn.com/mappoint_b2b/archive/2006/0
Actually, that's not it a all. (Score:1, Insightful)
"Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."
Wrong. That's not what it does.
You enter your phone number in the box, and Google calls you. If you enter someone else's phone number, it calls them, not you. Fi
Useless for abuse (Score:2, Insightful)
Re: (Score:1)
Seems rather pointless (Score:1)
Re: (Score:2)
But when the damn thing wouldn't stop ringing, I'd use another line, ring the pizza place, and conference the lines when the pizza place picked up.
Half the time the person trying to call us ordered a pizza. The other half the time, whomever calling us took out their rage on the poor pizza guy and demanded to know the number to the hardware store.
And you'd
Re: (Score:1, Interesting)
Imagine if the pizza place gave you a small commission for sending those people their way, in other words.
Not news (Score:1, Offtopic)
Re: (Score:1)
http://www.vortex.com/lauren1.jpg [vortex.com]
And it's gas, grass or ass, baby, nobody rides for free.
KFG
Re: (Score:1)
Can also change caller id with asterix (Score:2)
I guess a different form of abuse would be to register a friend as a business and then you have free calls to him, although depending on the description he might get a lot of wrong calls by others finding his listing on google maps.
Also something I never heard about is google providing free sms.
http://maps.google.com/support/bin/answer.py?answe r=32461&query=send+to+phone&topic=&type= [google.com]
And they provide a firefox plugin so you can highlight text and send that.
http://www.g [google.com]
To Businesses Only (Score:2)
wha? (Score:2)
Re: (Score:2)
I don't know of any state in which that is true. And it seems extremely unlikely ... remember how T-Mobile voicemail boxes could be hacked because the default was to allow access without a password if your Caller ID matched the account's phone number? How could T-Mobile even offer such a service if they were forbidden to have Caller ID in certain states?
Perhaps you're thinking of the fact that telemarketers are forbidden to block Caller ID
Re: (Score:1)
uh, then why do all enterpise class phone systems (and many small systems as well) support inbound caller id with call routing based on it, including some extra-charge features for more advanced call handling? if it were illegal in more than a handfull of places you'd think that phone vendors would spend fewer resources creating such features.
poor reasoning (Score:1)
not so much caller id... (Score:2)
Re: (Score:1)
This seems like (Score:2, Informative)
Logging and Spamming (Score:1)
"What if someone enters my phone number instead of theirs as a prank call?
Google takes fraud and spamming very seriously. We use technical methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls. Ple
Re: (Score:2)
Use a "borrowed" WiFi connection or a anonymous proxy. Not much that can do, really.
-b.
Uh, I call BULLSHIT... (Score:2)
Finally.... (Score:1)
Pizza delivery... (Score:2)
We used to have a shore house up until 2001 or so. We didn't have a land line phone there, since there was little point in paying for service year round when we only used the place 2 or 3 months out of the year. The problem was that a lot of the
Did anyone follow the damned link? (Score:3, Informative)
Google is testing a new feature that lets you speak directly over the phone, for free, to businesses you find on Google search results pages. When this feature is available for a business, you'll see a green phone icon in their advertisement or a call link next to their contact information.
Here's how it works: Click the phone icon or call link, and you'll be invited to enter your own phone number into a special field. When you do so and then click Connect for free, Google will call your number almost immediately. Pick up, and you'll hear ringing on the other end as Google connects you to the business you selected. When they answer, you simply talk normally as you would with any other call.
This isn't for prank calls. It's only use is to keep businesses from using their caller-id to amass a list of telephone numbers. They could arguably claim that the "do not call list" doesn't apply because they'd be returning calls to people who have called them.
It can help businesses too. If you're too small of an operation to afford a toll free number, you can have your customers call you for free and place orders from you.
There's no down-side to this.
LK
Lauren needs to re-read this service (Score:2, Insightful)
How intelligent.
Is google also copying the idea??? (Score:1)
Google promoting spam? (Score:2)
Today, I received some spam into my gmail's "Spam Folder" with that word as the subject line!!!
The word I had searched for is too unique for any random chance of it popping up just like that. My question who is the culprit? Google? Merriam-Webster? Or me, for trusting Google's login system?
Re: (Score:1)
As for the Google "click to call" service, this is certainly a non-issue. There is little potential for abuse, along with little incentive in the first place... Lauren claims how CID should NEVER be manipulated, but she doesn't know what she's talking about and should learn a few things before making wild statements such as this.
As a company who utilizes VoIP to save money, we have several terminating (outgoing) s
There ARE already problems (Score:1)
Interesting way to smackdown spammers... (Score:2)
0ur Attorneys have discovered a loop-hole in the banking laws. Applying what
we have found, we're successfu1 by totally eliminating creditcarddebt with
out them having to pay another cent, We know that our firm can help you
with this too.
You can contact us at
1--3 1 3--263--2706
[[plus that common gibberish that tries to make it look like a real letter from someone...]]
Fun way to tie up their phone number? Hit Google Maps and start co