How does recovery work though? Without delegating to multiple other people or a centralized service?

What's wrong with delegating to multiple (unknown-to-each-other) people you trust? They wouldn't all have to be reliable, as you could require N-of-M shares to unlock the full key.

I am receiving increased SMS spam past week. Is connected to this exploit? Msgs are all different domains with unique ID appended.

Hearing Americans regularly complain about SMS and robocall spam still blows my European mind. I haven't received a single spam call or SMS in my life, ever.

Back in the 90s and early 2000s the worst that could happen was, say, texting a commercial number to get a polyphone ringtone, and that actually being a subscription. But obviously that is something you have to initiate first, not something passive.

I live in Germany and I get a lot of spam calls and spam SMS. It's always in waves. Some days I stop answering calls if I don't recognise the number, because its one of these days where Interpol has informwd me already three times that my identity was stolen and I have to give them all my details to fix this ..... They're very patient at Interpol, I keep hanging up on them and they never give up.

When I have a spammer/scammer on the phone (and I actually picked up), I usually just put my phone on mute and stop talking to them. They waste a bit more time that way before they hang up (without more effort from me).

I try to help them out by letting them know that I have been trying to reach them about their car's extended warranty.

That's fun, when you have the time and want to spend it.

Side anecdote, I was taking to some sales people and they mentioned this concept of "ringless voicemails" ugh idk why people have no shame.

I solve that problem by just not having any voicemail box.

I, in Australia, had never received a spam call or SMS, until two years ago. I now receive several per day. All automatically blocked, but still.

My number was leaked in a particular data breach that actually had nothing to do with me, but a different family member who had all of their contacts vacuumed up before the breach. So from my perspective it was passive.

in india its pretty common for businesses/ orgs to sell number data in bulk which is bought by advetisers.

you can be sure to be bombarded with calls and sms if a students applies for a notify thing or gives their number somewhere outside exam halls or on student help websites.

same for shops asking for mobile numbers.

then there are marketers who randomly call each number, send sms to see what sticks.

the situation is pretty bad i would say because for every careful person who sees through the ruse, there are hundreds who fall for million dollar prizes and kyc scams and all.

people call you and say "we are form bank. main branch. you need to verify your debit card or your account will close". no name of bank, no place of branch, just "from bank. main branch".

If you have your number up on the net somewhere, you will recieve calls. For example that domain registration you did 30 years ago that required a phone number... I got myself a smartphone for the reason I could easily block out of country phonecalls. I haven't had any recent spam calls though, was many years since the last one.

Here in Singapore SMS and phone spam comes and goes.

At the moment it's pretty bad with lots of calls from overseas. (People with hilariously un-local accents trying to tell you they are calling from the Ministry of Health of Ministry of Manpower...)

Those overseas callers are faking caller id to look like local numbers.

Probably not. No signs that this is linked to any mass activity.

Tax time

Me too, receiving spam job offers with bit.ly links.

I too saw one of these. Very odd since I was expecting a note about a job.

Don’t reply to those SMS. Your geolocation can be derived from your reply, even a STOP or UNSUBSCRIBE reply.

Can you explain how this works if you don't click any links?

I read about it on HN some months ago. I don’t recall if it was in comments or an article. But I read the info and sources and was convinced enough at the time. I’m sorry I didn’t save the original info. I’ll try some googling “geolocation from SMS” and see what I can find.

Here’s the best I could find:

https://stackoverflow.com/questions/18523417/can-i-retrieve-...

(Twilio is awesome by the way)

That information is completely derived from the phone number.

Presumably if they have the number to text to, they already roughly know the geolocation for most people, through the area code.

That’s not what I’m talking about. And since number portability and mobile devices became possible, area codes are mostly irrelevant. For example, I’ve lived 2000 miles from the area code of my phone number for probably 10 years now.

They're not mostly irrelevant. 72% of Americans live in or close to the city that they grew up in. Area code is remarkably accurate.

Only in the US (or whole NANP?)

Mobile numbers are non-geographic everywhere else that I know of.

Well, depends. For example, Singapore's numbers are 'non-geographic' in that sense. But Singapore itself is small enough.

Greek here, mobile phones are non-geographic but used to be service provider specific, but even this practice isn't applicable due to number portability.

Landlines used to be geographic but this isn't relevant any more again new to number portability.

I mean non-geographic within the country. As far as I know, the US practice of assigning mobile numbers to 'area codes' is unique.

Yes. I was broadly agreeing with you.

Just saying that some countries are small enough that it's essentially the same.

Can you provide a pointer showing how this is supposed to work?

Yes, would like to learn more as well.

I read about it on HN some months ago. I don’t recall if it was in comments or an article. But I read the info and sources and was convinced enough at the time. I’m sorry I didn’t save the original info. I’ll try some googling “geolocation from SMS” and see what I can find.

yeah, this annoys me as well. although maybe not intention, appears deceitful. actually, maybe this could be useful for blockchain tech. i don't know of another way you can check the date on a webpage from frontend?

lazy web: do these not require an account to get content?

Yes they do.

Had the same thought, are there repercussions?

i think it's a step that cuts it off, does look like it though

i did not understand the need for the hostile language.

i regret letting this access my account. i would recommend others to not give this tool access, it is not worth it.

Same. I gave it access to my data, it spat out a bunch of vague insults that just... didn’t mean anything.

It called me a “manic pixie dream girl” - I’m male.

It said I was “local-talk-radio-bumper-sticker-bitch“, which isn’t even an adjective.

I revoked access afterwards but like you I felt a bit conned.

Stay curious, try new things! Party of being a developer is exploration and discovery. Do not discourage!

If anyone is looking for a used car, they have a lot of their fleet up for sale here: https://www.hertzcarsales.com/

Agreed. Actually just returned a nice jeep cherokee this morning back to Hertz. Had it for a week out of their Newark airport location. $240 for the whole week! The return lines were completely full from people who rented during the weekend. Had to take the airtrain over to the terminal to get an uber, airport was eerily quiet. Hopeful that things will pick back up once we get a vaccine.