Home page logo
/

interesting-people logo Interesting People mailing list archives

New Google service will manipulate Caller-ID
From: David Farber <dave () farber net>
Date: Sat, 18 Nov 2006 08:20:07 -0500



Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: November 18, 2006 2:39:20 AM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: New Google service will manipulate Caller-ID


Dave,

Google has made available a new "Click-to-Call" service that
will automatically connect users to business phone listings
found via Google search results.

In order for this feature to function, the user must provide their
telephone number so that Google can bridge the free call between the
business and the user (including long distance calls).

An obvious issue with such a service is that there is no reasonable
way to validate the user phone number that is provided.  Google says
that they have mechanisms in place to try avoid repeated prank
calls, but the potential for abuse is obvious.

Of even greater concern is that Google says that it will manipulate
the caller-ID on the calls made to the user-provided number, to
match that of the business being called.  This is extremely
problematic, since it could be used to try to convince a prank target
that they were being called directly by the business in question,
and so cause that target to direct their anger at the innocent
business.  In the case of targets who are on do-not-call lists, it
is possible to imagine legal action being taken by callers upset
that the business in question called them "illegally," though in
fact the call had been made by the Google system.

Google's explanation for this caller-ID manipulation is that it
would be handy to have the called business number in your caller-ID
for future calls.  That may be true, but the abuse potential is way
too high.  Caller-ID should *never* be falsified.

Google has not vetted this caller-ID feature sufficiently, and I urge
its immediate reconsideration.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Founder, CIFIP
   - California Initiative For Internet Privacy - http://www.cifip.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


  By Date           By Thread  

Current thread:
  • New Google service will manipulate Caller-ID David Farber (Nov 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault