Monday, May 18, 2015

What Purple Should Have Done With The Relay

As I've said before in a previous blog post, there were things that Purple could have done that would have been easily programmed. Before I continue, those who ported their numbers to Sprint had to present a drivers license or another form of ID with their address on it including something like a utility bill. I will bring this up again soon.

Over time, I was wondering and thinking about how Purple could have better done their internal protections against the abuse that was being done. To refresh everyone's memories:

Here's Why Purple's in Deep DooDoo!
FCC Did Not Require Monitoring of IP-Relay Calls

What could Purple have done? Plenty! Their non-action led to the death of their IPRelay services, to them discontinuing it, over the FCC's responses. Think of what Sprint did in order to port our numbers over. Here's what Purple could easily have done. I'll be making reference to an "abused number," which would be a number that was used to place fraudulent calls. Four things they could have done:

1. The abused number would be deactivated and not reactivated until the owner would present some form of ID.

Our relay numbers are basically accounts with Purple. Unfortunately, the way Purple set things up, they shot themselves in the feet with a cannon by not requiring some form(s) of ID like Sprint did.

2. The new number would not be activated until owner would present ID.

Some accounts out there are not activated or given full access until a second action is done, like receiving an email with a URL which validates the new account to a degree. Others go further by requiring that plus ID. This is how Sprint protected themselves against the ongoing abuse from moving to their systems.

3. A database of IPs with "associated numbers" or numbers that were most often associated with that IP with notes.

Many help desks and customer service have "notes" which are associated with the customer's account. In this case, the frequently-abused numbers would be entered into a database together with the IPs that were associated with the incoming calls. This way, if a new number was created that was replacing the disabled one, this was a way to help the service keep on top of things. The only issue with this is that IPs can be spoofed but a good searchable database will still give some usable results.

4. Giving the operators more power.

This was probably THE most biggest complaint of all operators, not having enough power to stop or prevent the calls. Help desks and customer service had more power than this. There were forums and websites that talked about this including some Facebook posts.

So, Purple, can you do it?

We need our AIM relay back! The web interface isn't doing the job right.

No comments: