Register
Blog
Phase 2 Security Issue ? We all know that Phase 2 - when it happens - promises great things with its autolookup of phone numbers etc. But there's something that's bugging me!. Whenever you click on a mobile phone text call link your phone's operating system displays the actual number before you press the Call button to confirm you want to dial it. This is done for security reasons - to make sure the phone number you are about to dial hasn't been replaced by one different to what you're expecting, perhaps a premium rate number. But with the Phase 2 DNS lookup being done by the Telco will this still be possible i.e. you dial a .tel on your handset, the Telco processes the .tel and responds with a number that is displayed on your handset BEFORE YOU COMMIT to the call. Maybe this is possible, just thought I'd ask the question, it's essential that users know when they "dial a .tel" that the number they are sent to is not an unexpected premium rate number. Any thoughts on this anyone? Mike Seaton |
Quote:
By "phase 2" are you referring to dialing-by-domain? That doesn't require any cooperation with the carrier, and Henri's Superbook app (iPhone/Android) already does it. Superbook parses your contacts and lists those that have a .tel domain associated with them, and shows you how far they are from your current location. It can also create a new contact, given a domain. Now, if you tap on one of those contacts it will perform a DNS lookup (or retrieve from cache) and present you with a listing of records to choose from. I suppose it could be done in different ways from a UX point of view. For example, with Superbook; * If I tap on a phone number I'm asked whether I want to call or message it. Perhaps it should just default to calling, unless I long press for a menu. * Maybe you'd want the option of just going straight into the phone dialer from tapping on a contact (long-press for the rest of the contact's information). * Highlight the services I use, and suppress services that are unavailable to me anyway (maybe I don't have Skype) - but still respect the priorities of the records set by the domain owner, and make it easy to "show all". * An option to traverse the domain and display records from all of the sub-domains. Probably only useful for relatively small zones, not large directories. I don't know why, but I think I'd call this feature "Splat!". I don't think dialing-by-domain is the most useful feature in and of itself - making contact books dynamic is much more interesting![/size] |
Quote:
Thanks for your response Wibblenut. I am referring to the concept of "dial a .tel", "email a .tel", "skype a .tel" as described by Henri in his Phase 2 post. The whole idea as I understand it is that Phase 2 should be a universal facility available to anyone, just like dialling a phone number is now, and therefore should not involve any prior device-dependent procedure having to be undertaken by the user, such as downloading an app to their phone. That is why the Telcos etc. will have to modify things at their end and which Telnic have said they can only approach them to do this when "critical mass" - an undefined figure - has been achieved. Hence my post above about the security issue of the user who dials a .tel (and is automatically routed by the Telco) needing the opportunity to see the physical phone number before the call is actually placed. Mike Seaton[/size] |
my two cents on dial by name will be that it will eventually mirror the rules & regs placed around numbers i.e. premium rate numbers need to indicate this or play a short message before start of call and give the user an option to opt out. this is the same as using call forwarding numbers that can redirect to premium rate numbers. If an owner doesn't conform (esp in the UK), report the number/name and it will get shut down quickly and/or fined. |
Quote:
Very interesting[/size] |
Quote:
Could work OK for the 09 premium rate numbers in the UK, but what about "medium rate" numbers such as 08 and mobile phone numbers beginning 07 - all cost considerably more than 01, 02, 03 - but not always - that's the problem. 0870 used to be a medium rate number, but several landline deals now include this for free, so many companies have switched to using 0871 or 0844 to restore a charge to the user. Additionally, many mobile contracts allow you to phone free or low cost to other 07 numbers on the same network, but charge normal mobile rates for 07 numbers that are on another network. In other words, it is impossible to set up any generalised rule in the UK over when numbers should indicate to the user that they are above whatever is defined as a "standard" charge rate - it's all down to each individual's phone package. Hence I believe it is essential that the phone number is physically displayed to the user before they commit to the call being made - just not sure whether Phase 2 can handle that? Mike Seaton[/size] |
Mike, You're correct in recognising that a phone number should not be dialed without the explicit permission of the user, since it could be premium rate, long distance, an emergency number, etc. The same is true in other transactional contexts, e.g. mobile payments services. I expect most applications will want to be transparent about the records they're working with anyway - to not do so just creates more pain and uncertainty than it's worth. For instance, I really hate generic URL shorteners, since they don't hint at where on Earth they lead. But I think it's worth pointing out that the .tel concept is about much more than just using names in place of numbers and other identifiers. It goes much deeper. There's a growing multiplicity of services (voice being one) that creates an array of new problems, and new opportunities. Here is just one interesting example: Give customers lowest-cost connections, Telnic urges mobile operators. So you might say "dial my.tel", but it will mean far more than just altering the literal technique of dialing a number. :-) |
