Archive for Canada

The CRTC Is Implementing Tech To Stop Scam Calls…. Except That It Will Not Work

Posted in Commentary with tags , on December 10, 2019 by itnerd

Yesterday the CRTC announced that it was getting Canadian telcos to implement STIR/SHAKEN technology to stop scam calls. You know, the calls for duct cleaning services, or the ones where scammers pose as government agencies who threaten you with all sorts of bad things if you don’t pay up. Here’s how the CRTC explains STIR/SHAKEN technology:

STIR/SHAKEN will enable service providers to certify whether a caller’s identity can be trusted by authenticating and verifying the caller ID information for Internet Protocol-based voice calls. This new framework will empower Canadians to determine which calls are authenticated, reducing the frequency and impact of caller ID spoofing.

In case you are not familiar with caller ID spoofing, which is faking the number that someone is calling from, this Wikipedia article can help with that.

Now it sounds good on the surface. You’ll be able to tell at a glance if the call is coming from a legitimate source, or is a scam call. So in theory by the time this fully rolls out in September 2020, Canadians should be safe from the scumbag scammers of the world.

Well, not so fast. There’s two reasons why this may be a short lived victory:

  • It’s entirely possible that these scammers will simply change their tactics. Right now many overseas call centers utilize VoIP calling, but route all of that activity through a private branch exchange (PBX) based in the United States or Canada.  That means it appears as a phone call originating in the U.S. or Canada. While STIR/SHAKEN would mean that scam calls originating from suspect PBX operators would start to get marked as spam, they could just set up shop with another PBX and be back in business. In other words, it would be like play whack a mole.
  • STIR/SHAKEN is currently only supported in the U.S. and Canada. Other countries would have to sign on for STIR/SHAKEN to be really effective. And as far as I am aware, that hasn’t happened with any other country on the planet. So seeing as the majority of scam calls come from countries like India, this may not make that much of a difference. And as an aside one has to question if the government of India has the will to actually implement STIR/SHAKEN seeing as scammers in that country are basically bringing in large amounts of money into their economy. Though they are doing it in less than legal ways.

So STIR/SHAKEN is a good step in terms of cutting down on scam calls. But it’s only a step. More has to be done to keep people safe from the scumbags who are behind these calls and I hope that the CRTC and others are working on that.

 

A New Report Highlights That Canadian Telcos Have A Long Way To Go In Terms Keeping Their Customers Happy

Posted in Commentary with tags on November 28, 2019 by itnerd

It’s that time of year again when the Commission for Complaints for Telecom-television Services (CCTS) releases its annual report that sheds light on how Canadian Telcos treat their customers. And this year it’s pretty bad.

The worst offender is Bell Canada with almost 5900 complaints filed against them. That’s not a shock because Bell has consistently topped this list year after year and seems unwilling or unable to improve on that front. This despite the fact that they have some compelling offerings that if their customer service weren’t so bad, I would consider taking advantage of.  Next on the list is Rogers with 1,800 complaints. Followed by Telus with 1,600 complaints.

Now while Bell and Rogers did have slight decreases in the number of complaints that they received, Telus who is usually pretty good on the customer service front had the number of complaints skyrocket by 71 percent. Clearly Telus has some work to do on that front.

What’s also telling is this: The report notes 158 violations of the Wireless Code. That’s a 42 per cent increase. Most involved a failure of companies to provide customers with key documents, and not giving proper notice before disconnecting a customer’s service. Bell accounted for 29 per cent of all Wireless Code breaches, while Rogers and Telus each accounted for 20 per cent.

What’s clear from this report is that all three of the “big three” need to step up their customer service game. That’s because the fact that bad customer service from Canadian telcos is a recurring theme does not cast any of these telcos in a good light. Canadians deserve much better from them, as well as the smaller players in the marketplace. The question is, when will they wake up, smell the coffee, and deliver the levels of customer service that Canadians deserve?

Canadian Telcos Preparing To Roll Out Universal Network-Level Blocking Of Calls With Invalid Caller IDs

Posted in Commentary with tags on November 4, 2019 by itnerd

As a result of a CRTC directive that was made almost a year ago, Canadian telcos are preparing to roll out Universal Network-Level Blocking Of Calls With Invalid Caller IDs. What does that mean? Say you got a call with an caller ID of this:

000000

That is clearly an illegitimate caller ID. Which means it is likely a scam or nuisance call. The CRTC directive requires telcos to block this sort of call at the network level. Meaning that it will never hit your phone, and ideally it should cut down on the number of scam and nuisance calls that you get. Telcos in Canada have until December 19 2019 to roll this out. And I am seeing evidence that this is happening. For example, there’s this tweet from Rogers:

I also expect other Canadian telcos to have similar communications shortly.

So, this all sounds good. But I am going to throw cold water on this. It won’t stop the problem of scam and nuisance calls. I say this because if I look at the call history on my cell phone, not one single call that as a scam or nuisance call came from an invalid number. Instead they came from a spoofed number with a local or toll free area code. By using a spoofed number, it makes you more likely to answer the call. There’s not much that a telco can do about that as far as I know. But if you have an iPhone you can use the silence unknown callers feature to at least stop your phone from ringing. There’s a similar functionality on Android called call rejection, but that varies between Android devices. Thus you should check your user manual to see what this feature is called and how to turn it on. One thing to note whether you are on Team Android or Team iPhone, this feature can cause you to miss a legitimate call because of how they work. Thus in my case I don’t have this feature turned on and I just live with scam and nuisance calls coming to my phone by punting them straight to voice mail. And you don’t get this option on a landline phone which means that there’s nothing that you can do at home to stop scam and nuisance calls from happening.

The bottom line goes something like this. It’s nice to see that steps are being taken to address this issue. But it’s clear that more needs to be done by both the CRTC and Canadian telcos to make our lives a bit more quiet when it comes to receiving scam and nuisance calls. Thus I hope that all parties concerned do what they can to make this a non-issue.

BREAKING: Ontario Science Center Has Had A Data Breach

Posted in Commentary with tags , , on October 28, 2019 by itnerd

Thanks to tip from a reader of this blog, it has come to my attention that the Ontario Science Center has apparently had a data breach according to this. What is weird about that statement is that it isn’t posted to the Ontario Science Center website. The reader in question got it in an email. Thus I suspect that the broader public doesn’t know as a quick browse of their website indicates that they haven’t posted anything in the public realm about this.

Anyway, here’s the key details:

On August 16, 2019, the Ontario Science Centre received notification from Campaigner that someone made a copy of the Science Centre’s subscriber emails and names without authorization. No other personal identification, financial information or passwords were accessed.

An investigation conducted by Campaigner revealed that the credentials of a former employee were used from July 23 to August 7 to access and download the information contained in the Science Centre’s client account. Upon learning of the breach, Campaigner immediately discontinued use of the credentials and implemented further measures to prevent a similar issue happening in the future. Campaigner also notified law enforcement and are assisting the authorities in finding the perpetrator.

So what that says right off the top is that the Ontario Science Center would have had no clue about this had Campaigner not pointed it out. That’s not how things should work kids. In any case, the statement has all the usual things that companies say when they’ve been pwned in some way. Including the fact that the  Information and Privacy Commissioner of Ontario has been contacted.

Yes, I am becoming a bit jaded because this sort of thing happens way too often.

It will be interesting to see if the Ontario Science Center will make a public disclosure beyond what they have already done. I’m keeping an eye out to see what happens next.

UPDATE: CBC News is now reporting on this. I don’t see any other media reports thus far.

 

Freedom Mobile Suffers Data Leak….Credit Cards, Email Addresses, And More Exposed

Posted in Commentary with tags , on May 7, 2019 by itnerd

If you are a Freedom Mobile customer, you might have a very good reason to be concerned about the security of your personal information. According to Tech Crunch, a server belonging to Canada’s fourth largest telco is leaking data:

Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.

Rotem and Locar, who shared their findings exclusively with TechCrunch and published his report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.

The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.

Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and Freedom Mobile account numbers.

The logs also answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.

We also found full credit card numbers, expiry dates and verification numbers stored in plaintext.

None of the data was encrypted.

This is a #EpicFail on the part of Freedom Mobile. Partially because the server was leaking data, and partially because someone else had to tell Freedom Mobile about it which implies that the company wasn’t on the ball. Now 15000 customers were affected and the server was secured after the researchers told them about it. Though Freedom Mobile all but tossed a company called Apptium who managed the server under the bus for this. No matter. It’s being investigated by the Office of the Privacy Commissioner and I hope they dole out the right level of punishment as this sort of thing simply cannot go unpunished.

#PSA: Your Devices Can Be Searched And Seized By CBSA Without A Warrant

Posted in Commentary with tags , on May 6, 2019 by itnerd

I’ve written about the fact that CBSA or the Canada Border Services Agency can search and seize electronic devices such as cell phones and laptops. Often without a warrant or even a reason. This was highlighted when this CBC News story came to light where a lawyer returning to Canada from South America had his laptop and phone seized because he wouldn’t hand over the password so that they could troll them for reason unknown.

I’m not going to debate whether this is right or not. Though I will say that perhaps it would be wise for these laws need to be reviewed. but what can you do to protect yourself from this. I’d take the advice that I gave in this article that I wrote about crossing the US border with your devices. The fact is that CBSA can search of your devices for no reason whatsoever. That means that you need to protect yourself and your data from loss. The fact is that while you can replace your phone/computer, as well as complain about this, you can’t replace your data.

 

The Big Three Carriers Don’t Remove “Device Subsidy” Charges From Your Bill Once Your Phone Is Paid For… Here’s How To Avoid This Trap

Posted in Commentary with tags , on May 5, 2019 by itnerd

If you’re a customer of Bell, Rogers, and Telus, and you get a phone from them directly, You are almost certainly paying them what is called a “device subsidy”. In short. you are paying off the cost of the phone via monthly payments that may be combined with a nominal up front cost. That way you don’t have to shell out $1500 up front for the latest iPhone or Galaxy Phone.

Now as soon as the phone is paid off, that “device subsidy” should come off your bill. Except that it doesn’t come off your bill. Global News has a story that shows that these “device subsidies” are remaining on their bills long after their phones have been paid for. In other words, if you got your phone in this manner, you’re being ripped off by the big thee telcos. And if you call them on it, you may find it is easier to switch carriers rather than to fight. Which is not how things should work. On top of that there is nothing in the wireless code that stops the big three telcos from doing this, which is also not how things should work.

So, how can you avoid being a victim of this? It’s simple really. Never, ever buy a phone at a subsidized price from a big three telco or an authorized agent of a big three telco. That way you never fall into this trap. I will freely admit that you are going to pay way more than a cell phone than you might be used to because you are paying for the full value of the phone up front. But by biting that bullet, you get the following in return:

  • You get to pick the carrier that you want and get a plan, usually called a BYOD or “bring your own device” plan at a lower rate, often with no contract.
  • If the carrier in question does something to make you mad, you can switch carriers easily.
  • You can take the phone overseas and use a local SIM card and avoid the insane roaming fees that the big three telcos charge. Sure you lose your Canadian number while you are overseas, but you will save a ton of cash so it is totally worth it.

The fact is that this illustrates that the big three telcos in Canada really do not have your best interests in mind. If they did, they wouldn’t be doing this. But since they don’t, and the CRTC nor the federal government show no interest in fixing this, consumers have to protect themselves from becoming victims of this trap that the big three telcos have set for their customers.