Public wifi menace

A couple of days ago, I was looking up a bus timetable from my ‘phone.  All perfectly mundane.

The address I thought I wanted failed: I don’t have it bookmarked and I’ve probably misremembered.  So I googled.

Google failed too.  With a message about an invalid certificate.  WTF?  Google annoyingly[1] use https, and I got a message about an invalid certificate.    Who is sitting in the middle?  Surely they can’t really be eavesdropping: with browsers issuing strong warnings, they’re never going to catch anything sensitive.  Must be just a hopelessly misconfigured network.

I don’t care if someone watches as I look up a bus time, I just want to get on with it!  But it’s not obvious with android how I can override that warning and access google.  Or even an imposter: if they don’t give me the link I wanted from google, nothing lost!

So has my mobile network screwed up horribly?  Cursing at the hassle, I go into settings and see it’s picked up a wifi network.  BT’s public stuff: OpenZone, or something like that (from memory).  This is BT, or someone on their network, playing sillybuggers.  Just turn wifi off and all works well again as the phone reverts to my network.

Except, now I have to remember to re-enable wifi before doing anything a bit data-intensive, like letting the ‘phone update itself, or joining a video conference.  All too easy to forget.

Hmm, come to think of it, that broken network is probably also what got between me and the bus timetable in the first place.  That wasn’t https.

[1] There are good reasons to encrypt, but search is rarely one of them.  Good that google enables it (at least if you trust google more than $random-shady-bod), but it’s a pain that they enforce it.

Text message joe-job

Having just blogged about spam, here’s another puzzling thing that’s been happening in the past week or so. I’ve had several messages from people claiming to have received text messages “from” webthing.com, and asking to be removed from “your list”. One of them described the text message as obscene. One mentioned a voicemail.

They look genuine, and most of them come from the contact form, which makes it particularly unlikely to be automated crap. The senders seem to have taken some trouble, to visit the site and fill in the form, and they include (US) phone numbers that are probably genuine. Most of them were also polite, which is interesting if they thought they’d been spammed.

What really puzzles me is how any text message can be seen to come “from” a website. For the record, even if some cracker had pwned the server, it doesn’t have the physical hardware (whatever that may be) to make phone calls to anywhere. I understand US phone systems are different from ours: maybe they include something akin to SMTP headers, and perhaps equally easy to forge?

Talking of which, is UK caller ID tamper-proof, or can it be spoofed? Yes, of course it can be withheld, but that’s different.

Phone spam

Anyone phoning me from outside the UK: please use my mobile number, or contact me in advance to let me know you’re calling. Otherwise I may assume it’s spam.

There’s some wretched call centre trying to call me most days. It’s from outside the country and my phone doesn’t display the number, but I think it’s the same one persisting. If I answer, the pattern is always the same: a few seconds of silence followed by an Indian voice asking the standard “am I the owner of this phone” question.

This is my home phone number. It’s not advertised on my website, and doesn’t solicit any kind of calls. It’s for friends and family, and a small number of business contacts who I’ve given it to individually. It’s on the UK national don’t spam me list, so (in theory) any UK-based spammer abusing it could be in trouble. So they outsource their dirty work.

The last couple of times (including today) I’ve tried to get the fax machine to answer and give the bastards an earful. Who knows, they might even have a computer that notes the fax on the number and stops harassing me. But I can’t do that in the time available unless the fax machine[1] is already turned on. And I use it so rarely it can go for weeks without ever being powered up.

Can anything be done? What I’d like is a ‘spam’ button I could press when I receive a call, that would instantly charge the caller – say – £1 (US$2). Enough that it gets expensive to spam when people start using it. I don’t care who gets the money: presumably not the consumer (too open to abuse) or the telecoms provider (ditto – though I guess they could take a small admin fee). Charity would be nice, but I’d even be happy to see the government pocket it. Just so long as the spammer has to pay it.

[1] Actually an all-in-one printer/scanner/copier/fax machine.