Re: Voicemail without a call

Frank Slootweg <this@ddress.is.invalid> wrote:

VanguardLH <V@nguard.lh> wrote:
[...]

However, I tend to distrust texts since most do not identify the caller.
I see "24530" as the caller.  What the fuck is that?  Personal callers
usually show their phone number, so there's a match up to my Contacts
list, but stupidly all those 2FA codes sent by a web site do NOT
identify the web site sent them, and 2FA mining is a problem.  Maybe I
just did something, like renew a prescription at my pharmacy's web site,
so a text from some garbage numbered sender that says it is from my
pharmacy that arrives within 2 minutes of my action at their web site
provides context for the text.  However, context is not the same as
identification. 

 
  Hmm? Strange! Not that I get that many SMS messages for 2SV or
information, but the ones I get, always have a 'name' - for example an
airline - or a telephone number.
 
  Perhaps this no-name problem is US-specific? (I am in The
Netherlands.)
 
  But indeed, also for our pharmacy, it's a number, but it's always the
same number, so no problem. If I could be bothered, I could put the
number in my Contacts list. Problem solved.
 
[...]

I have not checked how many phone numbers I can record per contact.  For
example, I pay yearly for grocery delivery from a couple stores (cheaper
than me paying for gas to go to the store).  The stores send texts, but
their numbers keep changing.  Maybe they rotate through a small set of
phone numbers that I could add to their contacts.  At least, they do
show phone numbers on their texts, but forget about looking them up.
Plus, they come from area codes 900+ miles away (probably some handling
center for their online orders).

Unfortunately I'm a neat freak, so I've cleared out my history of texts,
and have only the one sent yesterday to check on how that text was
identified.  However, I have received 2FA codes sent from 5-digit
numbers which obviously don't identify the sender.  Only the context of
when the text was received, and some text within give me a clue as to
the sender, but the sender can put whatever they want in the body of the
text (like e-mail senders can put anything they want in the From header,
but server-side headers help identify the sender).

As I recall, the 2FA codes sent by my bank are "identified" with a
sender ID, not a phone number.  I just tried to login, but got
interrupted with their 2FA security theater.  Luckily I do not have to
go searching for my smartphone to get the 2FA code.  I configured Google
Voice to send texts as e-mails, so I get the e-mail with a copy of the
SMS text using my e-mail client on the same desktop where I am trying to
login using a web browser.  But that won't do a lookup on Sender ID to
clearly identify the sender of the text.  While I can enter phone
numbers in a contact record, I cannot enter Sender IDs to matching them
up with received texts.

As for those senders identifying themselves with a numeric string
(Sender ID) that is not a phone numbers, companies and spammers have a
slew of such sender IDs which means the sender is not identified.  While
Sender IDs can be registered, there is not a requirement to do so. 

https://www.comreg.ie/industry/electronic-communications/nuisance-communications/sms-sender-id-registry/

In the USA, Sender IDs must be numeric strings, but elsewhere they can
contain alphabetic characters.

https://help.twilio.com/articles/223133767-International-support-for-Alphanumeric-Sender-ID

That's in Ireland.  Apparently there will be a feature to block
unregistered Sender IDs.  However, very few Sender IDs are registered.
In fact, some providers let their users generate "personal" Sender IDs;
i.e., not registered, so the sender is still not identified.  As yet, I
don't think there is a central Sender ID registry, but that would
probably scare off users that want to remain anonymous or untraced (but
I don't want calls or texts from those users).  There are numerous
carrier registries that other carriers require to get texts receive at
those destinations, but this is not a central registry for lookup.  If
there were such a public accessible registry, Sender ID would be trivial
for apps to do a lookup to identify the sender.  Alas, as with domain
registrations that get redacted to hide the registrants, the GDPR would
probably fuck up the use of a central Sender ID registry by requiring
the sender have an option to remain anonymous (i.e., the registry could
have its records similarly redacted) to neuter the whole identification
procedure.  Oh yes, let's protect the sender to fuck over the recipient.
Screw the GDPR.  I wish there were a similar feature for web browsers:
if the domain registrant is hidden in a domain registration (i.e., shows
the domain registrar instead of the domain registrant) then I don't want
to visit a site where the registrant is hiding.  They provide a publicly
accessible web site, so they should also be publicly identified.  If
they don't want to identify themself, go hide in the Dark Web where I
never visit.

If there were a Sender ID registry publicly accessible for registered
IDs, and with a feature at the provider (an account option) or in the
client app to do Sender ID lookups, I could block anonymous callers
("unknown").  As yet, there is no option to block unknown (unregistered)
Sender IDs.  There is no lookup.  Just because a Sender ID looks like a
phone number doesn't mean it is a phone number.  How many more decades
do we have to suffer SMS spoofing, because the sender is given higher
priority than the recipient?