How Alice and Bob got telephone/SMS spam on their Moko.

Mon Feb 25 22:18:10 CET 2008

Hi everyone! Today I got another proposal for useful
applications that would make an open mobile outshine 
"oldsch00l" mobiles.

The leader of the Norwegian EFF chapter posted som days in
frustration a question whether there was any kind of blacklisting/spam
filtering capabilities for SMS/Phonecalls on existing mobile phones.
This of course got me thinking about how neat such a thing would be,
especially if it was capable of automated/perioding updating
such blacklists.
As there is an multitude of well developed free/open software that
deals with email spam, how could such work be to adapt such
things into a distributed sms/mms filtering and sender blacklisting
software? 
(I can't even get a 'printf("hello World!");' statment to compile, so
don't look at me. ;-) )

In my ideal world: Alice gets a OpenMoko, and then starts
getting annoying calls from Peach Corporation that would like to sell
here an Peach M-Phone. As Alice dislikes Peach Corporation, she tags
any sms/mms and caller ID's with a "Marketing Call" tag.
	Bob on the other hand tends to get deceptive marketing calls
from Matilda in Canned Meat Marketing. Matilda has created an software
system that automates calling and displays a unknown caller ID, then
hangs up when Bob answers. If Bob calls back he get a canned speech
_and_ Matilda logs him as a potential mark for futher scams. 
	After Bob's Phone Rage has subsidized(thank god he bought the
3rd party ruggedized Moko Case!) he tags the calling ID with "Deceptive
Marketing" tag. Unfortunately Matilda in Canned Meat Marketing
has a pool of several hundred/thousand of caller ID's, and by logging
and some simple software routing she make sure that each call Bob
recieves never shows the same caller ID.

	But, almost every day Alice and Bob decides to access the
internet trough their phones Wifi or 3G. The phone usually checks for
software updates weekly, but when Bob's and Alice's has new "Spam Tags"
they upload anonymized (but cryptographically signed) data to a
spamlisting server. The server applies whatever black magic needed to
create an updated blacklist and every week Alice and Bob downloads a
updated blacklist from the same server.
	Since other people has also reported "Deceptive Marketing"
tags on Matilda's Call ID's and the number of reports passed a
blackmagic threshold her Caller ID's are added to the permanent
shit^H^H^H blacklist. So from that day on Alice's and Bob's phone
refuses to accept any calls from Matilda.
	The number of people that reported Peach corporation on the
other hand also reached the necessary threshold for a blacklisting. But
since Alice and other people used a different Tag the phone only
displays a warning to Bob (depending on his user preferences).

	Of course, each paradise has it's snake and in this case it's
Mallory. Mallory is Alice's ex, and he hates that Bob has
started to become a important figure in Alice's love life.
So Mallory tries to upload his own list (or through
multiple proxies) where Alice's and Bob's 
phonenumbers are listed with the "Deceptive Marketing" tag.

	This could at least be mitigated by _not_ using different
spamtags and by defaulting the Moko's behavior to only display warnings
rather than silently ignore. In addition they contact list in Bob's and
Alice's could work as a whitelist. Any other suggestions on how to
combat Mallory?

	Matilda might also become a snake as she would like to somehow
poison the central servers database with false data.
Matilda is hoping that Alice and Bob would uninstall their local
spamfilter after it gave to many false positives.
Any suggestions on how to combat Matilda?

Sincerly, Heikki Soerum.

Disclaimer: 
I state that any novel ideas are the product of my own disturbed mind.
The content of this email is shared with an Creative Commons
Attribution ShareAlike license. Nor do I or will I claim any patents
related to any ideas contained within. (And please please DON'T waste
mailinglist bandwidth discussing my licensing/patent choice. Email me
in private if it's such a burning topic.)