from Hacker News

T-Mobile: Are you blocking specific words and suspending accounts?

by QUFB on 8/1/20, 1:10 PM with 57 comments

  • by Someone1234 on 8/1/20, 2:05 PM

    There's two different but both problematic things here:

    - Really poorly written spam detection.

    - Failure to notify customers/no remediation procedure.

    No doubt people will bring up "but then the spammers will know!!" Or similar, but honestly spammers are already limited by the cost of buying SIM cards ($5/ea), and I feel like customers being negatively impacted outweighs the minor benefit to spam-fighting (particularly when spammers could buy a single second number and detect this 100% of the time anyway).

    Plus I'd be pretty upset if I was a customer paying for service, and I lost access to a part of that service for 10 days because I sent the word "butt" in a conversation. I'd feel particularly irritated if I wasn't told that my messages weren't delivered, and vital ones were just going into a void.

  • by tyingq on 8/1/20, 4:07 PM

    PayPal has a similar problem. They do really loose string matching on the OFAC list[1], for any data, in any payment field...even a comment. Match a magic string in a comment, and your PayPal account gets locked down in a way that's very hard to undo.

    [1] https://www.treasury.gov/resource-center/sanctions/sdn-list/...

  • by Hippocrates on 8/1/20, 3:26 PM

    This is a great reminder to switch from SMS to something that is e2e encrypted.

  • by simonebrunozzi on 8/1/20, 8:28 PM

    T-mobile is a joke. I lost my @simon Twitter account [0] because of T-mobile's and Twitter's utter incompetence, and it took me more than 3 months to regain control of it.

    The way the attacker gained control of my phone number should have never been possible. I'm still a customer, why? Because there's no better alternative in the US, although I'm pondering Google Fi at the moment. Thoughts?

    [0]: https://medium.com/@simon/mobile-twitter-hacked-please-help-...

  • by timeinput on 8/1/20, 4:11 PM

    I ran into this a few months ago when texting the phrase "work from home" it was really strange. We rationalized it with the spam / phishing thought process, but it still seems wrong for the carriers to block messages so poorly.

    It makes me wonder if I really want them filtering 'spam' calls.

    tinfoil hat maybe that's their end game!

  • by jasode on 8/1/20, 2:36 PM

    From the scant details about the word "BELLY" triggering the blocks, it looks like some hypothesize it's a "Scunthorpe" type of programming bug:

    https://en.wikipedia.org/wiki/Scunthorpe_problem

  • by chevman on 8/1/20, 2:19 PM

    T-Mobile has also not been approving new short codes on their network since earlier this year. Frustrating for folks trying to execute legit SMS comms.

  • by zachrose on 8/1/20, 2:36 PM

    I’ve been developing SMS chatbots and using my T-Mobile phone for testing. They will also drop messages that contain URLs, although the rules for which TLDs are allowed are hard to reverse engineer, much less rationalize. Last I remember, .club URLs are blocked, .com is allowed, and bit.ly is allowed.

  • by dogma1138 on 8/1/20, 2:58 PM

    Are US carriers even allowed to do this?

  • by Scoundreller on 8/1/20, 2:12 PM

    Bell and Telus in Canada we’re doing this. But only if your SMS contained the term « secure message ». Strange to say the least.

  • by dredmorbius on 8/1/20, 6:27 PM

  • by speedgoose on 8/1/20, 3:20 PM

    Facebook Messenger does the same with some porn links.

  • by wdr1 on 8/1/20, 7:45 PM

    TL;DR: spam detection is hard