Re: How Alice and Bob got telephone/SMS spam on their Moko.
If we don't need white/gray/black listing, we could look at the SMS'es as network trafikk. If we did that, we would think about a firewall and could block, drop or nat in iptables. This would only apply to phone numbers (single or defined groups) and we could specify what kind of trafic we would block (SMS, calls, data) both incomming and outgoing (useful if someone borrows the phone). Of course it would need a little front-end, but that would be easy to make. By adding an iptables kernel module, we could have something that would be more than good enough for most of us. We would also have a high cohesion (all firewall stuff one place). It is just one idea. I don't know how complicated it would be. (This would need the gsm driver to be in the kernel, but I assume it is.) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
Flemming Richter Mikkelsen wrote: It is just one idea. I don't know how complicated it would be. (This would need the gsm driver to be in the kernel, but I assume it is.) It is not. *g* Receiving SMS is something the GSM unit makes almost autonomously. gsmd (the driver ;) )just reads the messages out if they arrive. No need to cram this into the kernel. Besides the fact that sms is something completely different than a network stack with addresses protocols and so on... Designing a filter system is no black magic. Beginning with the fact that it does not have to filter thousands of packets with low latency. So even a five year old could make a decent filter that would be enough for filtering sms. ;) In Germany we have the saying 'shooting sparrows with canons' ;) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
How Alice and Bob got telephone/SMS spam on their Moko.
Hi everyone! Today I got another proposal for useful applications that would make an open mobile outshine oldsch00l mobiles. The leader of the Norwegian EFF chapter posted som days in frustration a question whether there was any kind of blacklisting/spam filtering capabilities for SMS/Phonecalls on existing mobile phones. This of course got me thinking about how neat such a thing would be, especially if it was capable of automated/perioding updating such blacklists. As there is an multitude of well developed free/open software that deals with email spam, how could such work be to adapt such things into a distributed sms/mms filtering and sender blacklisting software? (I can't even get a 'printf(hello World!);' statment to compile, so don't look at me. ;-) ) In my ideal world: Alice gets a OpenMoko, and then starts getting annoying calls from Peach Corporation that would like to sell here an Peach M-Phone. As Alice dislikes Peach Corporation, she tags any sms/mms and caller ID's with a Marketing Call tag. Bob on the other hand tends to get deceptive marketing calls from Matilda in Canned Meat Marketing. Matilda has created an software system that automates calling and displays a unknown caller ID, then hangs up when Bob answers. If Bob calls back he get a canned speech _and_ Matilda logs him as a potential mark for futher scams. After Bob's Phone Rage has subsidized(thank god he bought the 3rd party ruggedized Moko Case!) he tags the calling ID with Deceptive Marketing tag. Unfortunately Matilda in Canned Meat Marketing has a pool of several hundred/thousand of caller ID's, and by logging and some simple software routing she make sure that each call Bob recieves never shows the same caller ID. But, almost every day Alice and Bob decides to access the internet trough their phones Wifi or 3G. The phone usually checks for software updates weekly, but when Bob's and Alice's has new Spam Tags they upload anonymized (but cryptographically signed) data to a spamlisting server. The server applies whatever black magic needed to create an updated blacklist and every week Alice and Bob downloads a updated blacklist from the same server. Since other people has also reported Deceptive Marketing tags on Matilda's Call ID's and the number of reports passed a blackmagic threshold her Caller ID's are added to the permanent shit^H^H^H blacklist. So from that day on Alice's and Bob's phone refuses to accept any calls from Matilda. The number of people that reported Peach corporation on the other hand also reached the necessary threshold for a blacklisting. But since Alice and other people used a different Tag the phone only displays a warning to Bob (depending on his user preferences). Of course, each paradise has it's snake and in this case it's Mallory. Mallory is Alice's ex, and he hates that Bob has started to become a important figure in Alice's love life. So Mallory tries to upload his own list (or through multiple proxies) where Alice's and Bob's phonenumbers are listed with the Deceptive Marketing tag. This could at least be mitigated by _not_ using different spamtags and by defaulting the Moko's behavior to only display warnings rather than silently ignore. In addition they contact list in Bob's and Alice's could work as a whitelist. Any other suggestions on how to combat Mallory? Matilda might also become a snake as she would like to somehow poison the central servers database with false data. Matilda is hoping that Alice and Bob would uninstall their local spamfilter after it gave to many false positives. Any suggestions on how to combat Matilda? Sincerly, Heikki Soerum. Disclaimer: I state that any novel ideas are the product of my own disturbed mind. The content of this email is shared with an Creative Commons Attribution ShareAlike license. Nor do I or will I claim any patents related to any ideas contained within. (And please please DON'T waste mailinglist bandwidth discussing my licensing/patent choice. Email me in private if it's such a burning topic.) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
Heikki Sørum wrote: In my ideal world: Alice gets a OpenMoko, and then starts getting annoying calls from Peach Corporation that would like to sell here an Peach M-Phone. As Alice dislikes Peach Corporation, she tags any sms/mms and caller ID's with a Marketing Call tag. One of my favorite features from grandcentral.com is being able to tag numbers as spam which plays the this number is no longer in service tone and then the appropriate message about being a disconnected line. Being able to do this within OpenMoko would be pretty slick too, though you won't really gain anything by marking SMS messages as spam -- you're still paying for the incoming message whether to tag it as spam or not, you'd only have the ability to place it within a 'spam' folder to review later. Anyone want to port SpamAssassin to OpenMoko? ;o) -id ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
On Mon, Feb 25, 2008 at 1:18 PM, Heikki Sørum [EMAIL PROTECTED] wrote: Hi everyone! Today I got another proposal for useful applications that would make an open mobile outshine oldsch00l mobiles. While I've never thought of taking it that far, this is one of the prime reasons I will be getting an OM. Most phones have very limited inbound call rules. I'll setup certain phone numbers to always ring the phone, only allow unknown numbers to ring the phone during certain times, etc. -- Steven Kurylo ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
On Monday 25 February 2008 22:39:04 ian douglas wrote: Being able to do this within OpenMoko would be pretty slick too, though you won't really gain anything by marking SMS messages as spam -- you're still paying for the incoming message whether to tag it as spam or not, you'd only have the ability to place it within a 'spam' folder to review later. not every nation have operators that charge you for incoming sms ;) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
On Mon, Feb 25, 2008 at 2:18 PM, Heikki Sørum [EMAIL PROTECTED] wrote: from Matilda in Canned Meat Marketing. Matilda has created an software system that automates calling and displays a unknown caller ID, then ... 3rd party ruggedized Moko Case!) he tags the calling ID with Deceptive Marketing tag. Unfortunately Matilda in Canned Meat Marketing Well if it's unknown caller ID then Bob can't do that. Besides it might be counter-productive to blacklist big blocks of numbers which might later belong to somebody else when the telemarketing co. shuts down. I would propose sending unknown callers into a menu system: recorded message Your caller ID is blocked or turned off. If you are a telemarketer, please be warned that we are registered with the national Do-Not-Call list and do not wish to receive marketing messages of any kind. Otherwise please press 1 to leave a voice message, or enter your friend code. Then if some friend who calls from work complains that he always gets this because the phones at work have blocked caller ID, you give him a friend code which he can enter to authenticate and actually ring your phone. Otherwise you don't even know any of this is going on until you get a voicemail notification, and the friend codes are only needed in the special cases. Plus you can still blacklist small quantities of known-bad phone numbers. This sort of thing can probably be done with Asterisk. You could even do that with calls which do have caller ID but which are not on your whitelist. Or do that only during certain hours (when you are usually sleeping). Or make everyone enter a friend code when you are sleeping. :-) I think I would probably do that; as it is, I keep my cell turned off much more than I should, just in case. (Hate being woken up in the morning before my usual time to get up - one distraction like that can make me tired for a day or two if I don't get back to sleep.) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
Heikki Sørum wrote: This could at least be mitigated by _not_ using different spamtags and by defaulting the Moko's behavior to only display warnings rather than silently ignore. In addition they contact list in Bob's and Alice's could work as a whitelist. Any other suggestions on how to combat Mallory? A reputation/karma system combined with probability ratings might help a bit. A central trusted list like dns blacklist would probably not work, because checking reports would be unsolicited calls for the checked number and it would produce cost. Therefore the only method would be some kind of social network thing. People could be trusted when they submit data that other persons have also reported. A extended check could check for unrelated clouds, like multiple persons reporting the same data. A cloud of reports bound together by multiple persons reporting the same thing could become more trusted when the same people also reported sigificantly to other clouds... But i think spam fighting methods could be added later when the systems becomes a targed. What i mean is, not having a working spam fighting mechanism yet must not mean that we should not start building this system. I know people working in a social media platform, and they got along with implementing their spam fighting techniques later, and they tested multiple methods to solve this problem and are constantly changing it still. But i'm sure a system like 'i trust someone because i trust that one because i trust...' (you get the idea...) would be the answer. In my eyes, trust should be calculated automaticly, not by manually defining trust (like pgp). Using the system could improve it. I have better things to do with my life than managing trust relations for my spam filter... And by the way. Spamassassin (or better something 'lighter') for sms sounds like a really really good idea... Just my 2 Eurocents Tilman PS: This calls for a interception API on the phone. Fighting spam would not be the only thing that would be nice to hook into these events. Configurable ringtones for different people, programmable ringtones and so on come to mind. Is there anything there yet? Or planned? ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
On Mon, Feb 25, 2008 at 3:27 PM, Joseph Booker [EMAIL PROTECTED] wrote: Cell phones can be placed on the do-not-call list? It's already illegal for telemarketers to call you on one (since you would be paying for unsolicited advertising). Well if they are calling, you still need your own defense because they obviously are getting away with it, for a while at least; or they don't know that it's a cell. But in practice I don't really get telemarketing calls on my cell, and nowadays seldom get them at home. I have gotten SMS spam though. I guess there is less that you can do about that; just blacklist or whitelist, and decide which ones to ring vs. which ones to just silently preserve in the inbox (or spam folder). Obviously if you want a custom voice menu it has to be implemented on the phone, so people who access that are causing you to pay for some minutes and are not using your provider's voicemail service. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
On Mon, 25 Feb 2008 15:11:14 -0700 Shawn Rutledge [EMAIL PROTECTED] wrote: recorded message Your caller ID is blocked or turned off. If you are a telemarketer, please be warned that we are registered with the national Do-Not-Call list and do not wish to receive marketing messages of any kind. Otherwise please press 1 to leave a voice message, or enter your friend code. Cell phones can be placed on the do-not-call list? It's already illegal for telemarketers to call you on one (since you would be paying for unsolicited advertising). A blacklist for military or frat recruiters who regretfully obtained the number legitimately would be pretty nice though. SMS spam is one thing, but I'd wager individual blocking for calls is more useful then block lists. -- Joseph Jon Booker signature.asc Description: PGP signature ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
ian douglas wrote: Tilman Baumann wrote: In my eyes, trust should be calculated automaticly, not by manually defining trust (like pgp). Using the system could improve it. Perhaps number of successful phone calls, and length of phone call to add a number of trust 'points' ... the more successful calls over some length of time, the more trusted someone becomes. Still, having individual profiles as someone else mentioned, would be ideal too. For example, I'd want my wife's phone call to ring no matter time of day or busy status (meetings, etc). A call from my mother-in-law, however, should never play any ring tone during business hours, and unknown caller ID values should never play any ring tone and route them immediately to voice mail. This would be a locally managed call managing system. Definitely a thing we need to. But not quite the same thing as we discussed. But i am absolutely with you, wee need this. And it would probably be a good idea to design a system like this first. And then extend it in the future for distributed network blacklists. I have better things to do with my life than managing trust relations for my spam filter... Well, even tools like SpamAssassin need training to teach it what is considered spam or not. Yea. But this is limited to a simple question 'was this call spam?'. What i mean was that you should have 'the list[tm]' that is automatically the right thing for you. And not havong to decide actively whoms reports you trust. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
Tilman Baumann wrote: In my eyes, trust should be calculated automaticly, not by manually defining trust (like pgp). Using the system could improve it. Perhaps number of successful phone calls, and length of phone call to add a number of trust 'points' ... the more successful calls over some length of time, the more trusted someone becomes. Still, having individual profiles as someone else mentioned, would be ideal too. For example, I'd want my wife's phone call to ring no matter time of day or busy status (meetings, etc). A call from my mother-in-law, however, should never play any ring tone during business hours, and unknown caller ID values should never play any ring tone and route them immediately to voice mail. I have better things to do with my life than managing trust relations for my spam filter... Well, even tools like SpamAssassin need training to teach it what is considered spam or not. -id ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: How Alice and Bob got telephone/SMS spam on their Moko.
Tilman Baumann wrote: Yea. But this is limited to a simple question 'was this call spam?'. What i mean was that you should have 'the list[tm]' that is automatically the right thing for you. Yes, I agree, it should be personalized to the user/phone, and being prompted after a call to specify spam/non-spam would be nice, but might get annoying for users too. Using a downloadable database of spammy phone numbers to block calls or SMS message from could get quite large. Plus you have to deal with users attempting to poison the database, such as the Mallory user that Heikki originally discussed. I don't have access from work, but has anyone started a wiki page about a feature list for a call/sms filtering package? I'd be happy to add my $0.02 to a feature list and help with building some of the software. -id ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community