i Hello, I know this topic has been discussed a lot, but I just wanted to add in my $0.02 worth about preventing Goiax from being abused. First, a few things I did which could have raised red flags were restrictions in place. 1. When I first heard about Goiax, I immediately signed up and used IaxComm for Windows. I found that by also using Total Recorder, I could make great recordings of phone numbers. I recently wrote a Time of Day program for Windows which simulates some of the older Time of Day services in the US. There is still one Audichron machine left, using John Doyle's voice, and I wanted to get it recorded. So during a period of approx. forty-eight hours, I dialed 410-844-1212 many, many times to get every possible phrase the machine could say recorded. The system only let me stay on for one minute at a time, thus there were lots of short calls to the same number right in a row, all one right after the other. 2. I also like to record telco recordings. I found out about a set of numbers which let you hear SBC recordings and dialed them all and recorded them. This meant I placed calls to similar numbers, sequentially, very quickly and for short call durations. Now, here are some thoughts on what can be done to possibly avoid abuse. 1. The number sent out over Caller ID on Goiax calls needs to be something different. The current number can't even be dialed, which leaves no accountability. People can just call anybody and since the origin number isn't even valid, the receiver of annoying calls is left in the dark, with nothing they can do. 2. One idea would be to have Caller ID send a telephone number which, when dialed, connects to an automated system. The receiver of annoying calls can dial this number and enter the number that was dialed and specify times and dates, and the system can track who made the calls by this information. The recipient of these calls can request that no further calls should be allowed at that number, either from that particular user or, at the receiver's option, from any Goiax account. If one particular account gets too many complaints, the account is locked. Of course this doesn't keep the abuser from making a new account. 3. Once an account is locked, blacklist that Email address from ever making another account. Once a certain number of Email accounts at a particular domain have created accounts which have been locked, blacklist that entire domain. This will keep a guy with his own domain from creating hundreds of accounts with throwaway Email addresses, then creating hundreds more with different throwaway addresses once his first bunch get locked. 4. Possibly add in some verification to keep bots from making accounts on behalf of humans. Some sites do this anyway to prevent spam. Unfortunately, I'm blind and absolutely hate those picture boxes where you have to type in some text displayed in a picture. Current screen reader technology can't handle these pictures, so if such a system is used there needs to be an alternative for visually impaired users. 5. If suspicious behavior is observed, E.G. lots of short calls, lots of frequent calls to the same number, etc. the system should put an alert on that account and mark it for human examination. If the behavior continues for a certain amount of time, lock the account or lock the numbers being dialed, or put restrictions on how often the service may be used, or... 6. Automated callback verification using a subscriber's phone number is probably not a good idea. For one thing, assuming only US numbers are allowed, this prevents international people from using the service. Also, it's easy to get a new phone number. A user could get a DID from another provider for the sole purpose of authenticating with Goiax. Then, the DID is either discarded or never used again. If discarded and somebody else gets that number and the new Goiax user turns out to be a bad apple, the unlucky person who wound up with that number gets held responsible for the abuser's actions. 7. Only allowing people with DIDs to outdial probably wouldn't be effective. Even if you create some rules like, the DID must have been called at least X times, etc. the user could just stop using the DID. If the DID was sent out over Caller ID, the user could either just not have it active, or set up an Asterisk system or something which answers calls to the DID by saying "You suck!" then hanging up. Or, worse, a user could even go through his logs and post phone numbers of people who call his DID who, presumably, are complaining about annoying calls from this very person, to a public mailing list or something. Well, those were just a few thoughts. Jayson.
This seems like an over complicated way to solve fraud. I think a small one time fee (or yearly fee) to sign up will prevent more abuse than anything. Anyone who would complain about $10 or $20 to sign up for a lifetime (or per year or whatever) is a leech if they can't understand WHY there would be a fraud prevention signup fee. Of course there people who bitch about $9 domain names. It's $9 people - and it stops morons from registering hundreds of domains they will never use! I certainly would pay a yearly fee to be able to dial anywhere in the US. If goiax is nice enough to provide this service we need to give HIM something back, and hard dollars are the easiest way to make sure it stays around. Bill -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Jayson Smith Sent: Friday, October 21, 2005 8:56 AM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Preventing abuse of Goiax i Hello, I know this topic has been discussed a lot, but I just wanted to add in my $0.02 worth about preventing Goiax from being abused. First, a few things I did which could have raised red flags were restrictions in place. 1. When I first heard about Goiax, I immediately signed up and used IaxComm for Windows. I found that by also using Total Recorder, I could make great recordings of phone numbers. I recently wrote a Time of Day program for Windows which simulates some of the older Time of Day services in the US. There is still one Audichron machine left, using John Doyle's voice, and I wanted to get it recorded. So during a period of approx. forty-eight hours, I dialed 410-844-1212 many, many times to get every possible phrase the machine could say recorded. The system only let me stay on for one minute at a time, thus there were lots of short calls to the same number right in a row, all one right after the other. 2. I also like to record telco recordings. I found out about a set of numbers which let you hear SBC recordings and dialed them all and recorded them. This meant I placed calls to similar numbers, sequentially, very quickly and for short call durations. Now, here are some thoughts on what can be done to possibly avoid abuse. 1. The number sent out over Caller ID on Goiax calls needs to be something different. The current number can't even be dialed, which leaves no accountability. People can just call anybody and since the origin number isn't even valid, the receiver of annoying calls is left in the dark, with nothing they can do. 2. One idea would be to have Caller ID send a telephone number which, when dialed, connects to an automated system. The receiver of annoying calls can dial this number and enter the number that was dialed and specify times and dates, and the system can track who made the calls by this information. The recipient of these calls can request that no further calls should be allowed at that number, either from that particular user or, at the receiver's option, from any Goiax account. If one particular account gets too many complaints, the account is locked. Of course this doesn't keep the abuser from making a new account. 3. Once an account is locked, blacklist that Email address from ever making another account. Once a certain number of Email accounts at a particular domain have created accounts which have been locked, blacklist that entire domain. This will keep a guy with his own domain from creating hundreds of accounts with throwaway Email addresses, then creating hundreds more with different throwaway addresses once his first bunch get locked. 4. Possibly add in some verification to keep bots from making accounts on behalf of humans. Some sites do this anyway to prevent spam. Unfortunately, I'm blind and absolutely hate those picture boxes where you have to type in some text displayed in a picture. Current screen reader technology can't handle these pictures, so if such a system is used there needs to be an alternative for visually impaired users. 5. If suspicious behavior is observed, E.G. lots of short calls, lots of frequent calls to the same number, etc. the system should put an alert on that account and mark it for human examination. If the behavior continues for a certain amount of time, lock the account or lock the numbers being dialed, or put restrictions on how often the service may be used, or... 6. Automated callback verification using a subscriber's phone number is probably not a good idea. For one thing, assuming only US numbers are allowed, this prevents international people from using the service. Also, it's easy to get a new phone number. A user could get a DID from another provider for the sole purpose of authenticating with Goiax. Then, the DID is either discarded or never used again. If discarded and somebody else gets that number and the new Goiax user turns out to be a bad apple, the unlucky person who wound up with that number gets held responsible for the abuser's actions. 7. Only allowing people with DIDs to outdial probably wouldn't be effective. Even if you create some rules like, the DID must have been called at least X times, etc. the user could just stop using the DID. If the DID was sent out over Caller ID, the user could either just not have it active, or set up an Asterisk system or something which answers calls to the DID by saying "You suck!" then hanging up. Or, worse, a user could even go through his logs and post phone numbers of people who call his DID who, presumably, are complaining about annoying calls from this very person, to a public mailing list or something. Well, those were just a few thoughts. Jayson. _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
*** THIS IS A RESEND - I got a deletion notice since I used a naughty word previously (replaced it with complain :) ) so wasn't sure if it got out *** This seems like an over complicated way to solve fraud. I think a small one time fee (or yearly fee) to sign up will prevent more abuse than anything. Anyone who would complain about $10 or $20 to sign up for a lifetime (or per year or whatever) is a leech if they can't understand WHY there would be a fraud prevention signup fee. Of course there people who complain about $9 domain names. It's $9 people - and it stops morons from registering hundreds of domains they will never use! I certainly would pay a yearly fee to be able to dial anywhere in the US. If goiax is nice enough to provide this service we need to give HIM something back, and hard dollars are the easiest way to make sure it stays around. Bill -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Jayson Smith Sent: Friday, October 21, 2005 8:56 AM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Preventing abuse of Goiax i Hello, I know this topic has been discussed a lot, but I just wanted to add in my $0.02 worth about preventing Goiax from being abused. First, a few things I did which could have raised red flags were restrictions in place. 1. When I first heard about Goiax, I immediately signed up and used IaxComm for Windows. I found that by also using Total Recorder, I could make great recordings of phone numbers. I recently wrote a Time of Day program for Windows which simulates some of the older Time of Day services in the US. There is still one Audichron machine left, using John Doyle's voice, and I wanted to get it recorded. So during a period of approx. forty-eight hours, I dialed 410-844-1212 many, many times to get every possible phrase the machine could say recorded. The system only let me stay on for one minute at a time, thus there were lots of short calls to the same number right in a row, all one right after the other. 2. I also like to record telco recordings. I found out about a set of numbers which let you hear SBC recordings and dialed them all and recorded them. This meant I placed calls to similar numbers, sequentially, very quickly and for short call durations. Now, here are some thoughts on what can be done to possibly avoid abuse. 1. The number sent out over Caller ID on Goiax calls needs to be something different. The current number can't even be dialed, which leaves no accountability. People can just call anybody and since the origin number isn't even valid, the receiver of annoying calls is left in the dark, with nothing they can do. 2. One idea would be to have Caller ID send a telephone number which, when dialed, connects to an automated system. The receiver of annoying calls can dial this number and enter the number that was dialed and specify times and dates, and the system can track who made the calls by this information. The recipient of these calls can request that no further calls should be allowed at that number, either from that particular user or, at the receiver's option, from any Goiax account. If one particular account gets too many complaints, the account is locked. Of course this doesn't keep the abuser from making a new account. 3. Once an account is locked, blacklist that Email address from ever making another account. Once a certain number of Email accounts at a particular domain have created accounts which have been locked, blacklist that entire domain. This will keep a guy with his own domain from creating hundreds of accounts with throwaway Email addresses, then creating hundreds more with different throwaway addresses once his first bunch get locked. 4. Possibly add in some verification to keep bots from making accounts on behalf of humans. Some sites do this anyway to prevent spam. Unfortunately, I'm blind and absolutely hate those picture boxes where you have to type in some text displayed in a picture. Current screen reader technology can't handle these pictures, so if such a system is used there needs to be an alternative for visually impaired users. 5. If suspicious behavior is observed, E.G. lots of short calls, lots of frequent calls to the same number, etc. the system should put an alert on that account and mark it for human examination. If the behavior continues for a certain amount of time, lock the account or lock the numbers being dialed, or put restrictions on how often the service may be used, or... 6. Automated callback verification using a subscriber's phone number is probably not a good idea. For one thing, assuming only US numbers are allowed, this prevents international people from using the service. Also, it's easy to get a new phone number. A user could get a DID from another provider for the sole purpose of authenticating with Goiax. Then, the DID is either discarded or never used again. If discarded and somebody else gets that number and the new Goiax user turns out to be a bad apple, the unlucky person who wound up with that number gets held responsible for the abuser's actions. 7. Only allowing people with DIDs to outdial probably wouldn't be effective. Even if you create some rules like, the DID must have been called at least X times, etc. the user could just stop using the DID. If the DID was sent out over Caller ID, the user could either just not have it active, or set up an Asterisk system or something which answers calls to the DID by saying "You suck!" then hanging up. Or, worse, a user could even go through his logs and post phone numbers of people who call his DID who, presumably, are complaining about annoying calls from this very person, to a public mailing list or something. Well, those were just a few thoughts. Jayson. _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users