I don’t see any evidence in the proposal that fraud is known to have originated from UK-based SIM farms. Maybe I missed this, but even so I can’t imagine that banning these devices would have any impact on fraud.
It would be just as easy to get SIMs that support roaming and text outside the UK, or better yet just use WiFi texting.
What about the sim farm I use to delegate my SMS OTP codes to?
No VOIP numbers don't work for everything, no using the same SIM card doesn't work, no I don't want to worry about running dozens of phones with batteries and no I'm not even sending messages.
Local TOTP key as a second factor should be more standard.
Especially if I'm already paying for a service you shouldn't need SMS as a crappy veiled proxy for some human verification.
Supposed to pretend like this doesn't just force people to use more phones?
Many clients are dependent on me to ensure their accounts are safe and backed up - lockouts with no recourse are real. I will not tolerate having a singular SIM card being the point of failure across a client pool, especially due to some nebulous aggressive policy.
I need a reliable way to manage OTP codes for many clients, having one SIM is just not good enough. Partially the same problem because I've run into limits - having a separate card is just less likely to be a problem.
This service wouldn't be useful to me because the number reputation seems poor.
Actual delegation would not rely on pooling numbers for increased user per SIM card. It's one client per SIM card.
Mitigating account lockout risk across lots of clients. Separate SIM for each client, having account lockouts are unacceptable. Yes, I've had problems with no recourse.
We can all agree that fraudsters preying on the UK citizens are a bad thing, so the intent of the proposal is sound. What is not s the definition of a SIM farm. Any device with more than 4 SIMS would be outlawed. Don't know if you ever watch live TV or video streams from remote places, like breaking news stories, or sports events or civic events? These are pretty uniformly transmitted from the camera to the production control room via IP-video over bonded cellular. The encoders used can carry more the 16 SIMs. Plus bonded cellular is used t provide data connectivity for a whole range of commercial and public service uses. As it stands the proposal would make these legitimate uses criminal offences.
> SIM farms are devices that can house hundreds of SIM cards, which can send out thousands of scam texts to defraud the UK public of millions of pounds. In addition to sending scam texts, these devices are used by criminals to run scam call campaigns and to post misleading, false or phishing messages on social media in bulk.
> Whilst there are some potentially legitimate uses of the technology, these are limited and should not require using more than four SIM cards, based on the number of mobile operators in the UK. We have very limited evidence that there are any legitimate use cases for devices that allow the use of more than four SIM cards, and for all such cases alternative options exist.
The justification seems sound. What is the issue here?
They propose a total ban that does not require fraudulent intent to criminalize possession, an unlimited fine, and ignore that most of the use is just bypassing rentseeking A2P SMS charges? Along with the fact that it’s unclear who is even asking for it. UK similarly banned GSM gateways in the early 2000s but recent court rulings said the way it was banned was illegal and is in the appeals process.
Sites like smspva.com would have dozens of those devices, should they be illegal? I can think of uses of these devices, yes most of them are “grey market” but they don’t involve stealing from people.
By “A2P fees” I’m referring to the fact that in most countries it costs more to send an SMS with Twilio than a 5000 message or unlimited message retail plan. I won’t deny that some SIM farms are used for scams but if you look at the countries that have banned them the reasoning is not because of fraud it’s because they have a monopoly phone provider and people effectively use these devices to convert international calls or SMS like verification code messages to domestic so that they don’t have to pay higher termination fees which costs the carrier some profits. They can also make tracing calls harder which is why India bans them. But given that there is VOIP I don’t see why banning this would prevent any fraud.
> Sites like smspva.com would have dozens of those devices, should they be illegal?
Your argument is that since this clearly sketchy service ran from Hong Kong that is dedicated to giving people the ability to automate signups on sites/apps and “earn money using our service” utilizes dozens of these devices, these devices are OK?
Plenty of civic minded people find services like these useful for registering Signal accounts not tied to their own number. Or for scraping sites like LinkedIn. There are companies like this run from other countries if you don’t trust Hong Kong. I don’t think arguing that some unknowable fraction of fraud traffic flows through these devices is persuasive when the legislative conversation in the countries that banned these devices is almost entirely about carriers losing some termination fees and national security fears.
In the UK we can still get anonymous SIM cards for cash, if you want an anonymous Signal account.
Having recently looked at commercial SMS gateway pricing, I am inclined to the argument that these devices have a role in thwarting rent-seeking on the part of telcos.
I mean it literally advertises itself as a service that enables people to make money by bypassing restrictions that require phone numbers.
You might not make money using it and instead just use it to sign up for a single signal account, but you’re not really the target audience in that case.
The people making money from it wouldn’t exist without people buying the verification codes. If you Google smspva or services like it and read forum posts about it the majority of discussion is about people using it to automate account registration.
Sorry, I misread your previous comment. The site doesn’t advertise itself as a way to make money, its just incidental to how some people make money. Is scraping a malicious purpose? Maybe in some cases. Either way I don’t see why this use of sim boxes shouldn’t be a civil dispute between companies and needs to be something the government should criminalize. Fraud is already illegal.
> The smspva website has been operating since 2013. During this time, we have gathered a large audience of users who trust us and earn money using our service
And the use case they showcase involves mass creating Facebook pages. Come on. Are you really truly that naive?
It’s vaguely legitimate business that just happens to offer a service that’s super useful to a particular type of clientele. Just like bulletproof hosting.
Is that supposed to always be bad? Unless the pages are used to promote some kind of fraud I don't think that's illegal. It's "dual use" like any other kind of anonymity technology. Cloudflare says 90% of Tor traffic is malicious - does that mean hosting relays and using Tor should be criminalized?
Regardless, that was just a minor point about one potential use of SIM farms. The proposal says they intend to make possession a criminal offence and they don't even have data on whether these devices are used for fraud at scale in the UK.
If you go around selling micro sized mobile phones close to a prison then you can plead all you want that it’s not fraudulent, it’s just for people with tiny hands and it’s ridiculous to imply that it’s anything other than a legitimate business.
However, it’s not. It’s got one clear use case and one clear market.
We started this discussion on sim farms and your very first point here (and in other places in this post) linked directly to the kind of thing that should, and hopefully will, be criminalised in the UK.
Because it’s quite obvious what it really is, even if you apparently can’t see it?
Scraping services that require phone verified accounts but reject VOIP numbers. Someone (in house or a service like smspva) operating SIM farm would be required in order to do this economically.
that's the first time I heard about creating fake verified accounts to scrape. I wonder how profitable that is compared to the obvious malicious use cases like astroturfing/spamming
Something like that provides for programatic sms and maybe voice calling. Most likely, using consumer market sims, so tarriff arbitrage is likely a large component.
You might use something like this to do bulk SMS, which could be spam or could be phone number confirmations (like it or not, it's a common activity). If voice works, it could be a backup outbound connection for an office PBX (although, unless you had fancy SIMs, you are going to get the sim's phone number as caller id which is undesirable).
Many countries have been making a2p messaging harder and harder; using a sim farm is a tempting way to opt-out of official restrictions, although it seems like a lot more operational work.
Govt id is required to purchase a sim card in many EU countries. If the UK Govt decided to implement such a policy based on something like 'security' there wouldn't be a lot of push-back.
Let's overlook the fact that such policies just make stolen id a lot more valuable than it is already.
I'm all for it continuing, but it always struck me as wild how you can just pick a UK SIM up at the airport from a vending machine. I don't know of many countries where this is possible.
Maybe a standarized national system to report spam, or maybe even as part of the cellular protocol? I never heard of such a system deployed nationally, but I'm wondering if it could help.
Most of the time when a spam number calls me, I can find it through spam reports on 3rd party websites by googling it.
No, it seems most spammers here use cheap SIMs without spoofing (which seems to be what OP is about). They even leave voicemail messages asking to call back.
But spoofing is also something that should be fixed. I know it's difficult because of VoIP and backwards-compatibility, but it's not impossible either.
You're forgetting that 1) carriers have near-zero engineering capability to fix this and 2) don't actually have an incentive to prevent spam/fraud because fraudulent traffic still pays them money.
This is not about stopping fraud, this is about preventing "grey routes" that do arbitrage around tariffs and bypass carriers' outdated business model.
In my opinion, this is again just an excuse reason for a backdoor law to better control the population. 1984 style
Ensuring that they can more easily control the lines that you have.
Like that they can make mandatory the used of a registered phone number for online registrations like social accounts and be sure that you will not circumvent blocking by opening new lines.
Think about it, if you want to solve the problem that they pretend they want to solve:
Each subscriber in UK is registered, so that if you open one or 50 lines, the will know you identity the same.
So, if you are a scammer or fraudster, they should already be able to arrest and jail you!
But take care, because here they only speak about sim, but it will also probably apply to virtual sims and require that you register all your foreign sim cards that did not use to be declared so far...
Ensuring that everyone is enslaved by their telco and becoming more dependent on their data collection device (phone) on them at all times and subsequent payment infrastructure used to facilitate etc.
Avoiding saying no to telcos.
Turning me into a criminal for being the best at helping people with their mundane legitimate businesses.
Are operators doing spam filtering for outgoing SMS messages? The messaging patterns must be quite different from normal customers. Maybe you could also detect the suspicious amount of messages originating from certain location (cell).
Given that gov.uk is already so surveillance happy, I’m surprised they haven’t just mandated ID cards and then required SIMs to be linked to one of those or a passport
For reasons I’ve never really understood the UK (or at least the UK parliament) is wildly opposed to ID cards. There’s been a few attempts to introduce them which got massive pushback and were eventually aborted.
Personally I think it would be quite a bit easier than the current mish-mash of identification documents for different purposes, everyone in practice carries some form of ID if only so they can show it when buying age restricted products on the odd occasion someone asks for verification.
Various governments tried at various times. There is historic resistance as ID cards were originally a wartime measure https://en.wikipedia.org/wiki/National_Registration_Act_1939 and considered to be a symbol of war and so lack of freedom. You don't have to carry a driving license while driving, just present it later if asked. The latest elections required ID to vote and there is a lot of opposition to that, as it has never been a requirement.
> The majority of national governments (around 160) require mandatory SIM-card registration, which means you need your real name and personal details to sign up for phone service. And just under 20 of these also require biometrics, e.g. your fingerprints or a facial scan, with eight more countries in the process of implementing such requirements.
The biometrics part is unnerving to be sure, but anonymous SIMs or DIDs are incompatible with fraud and spam fighting efforts. If you terminate bad actors, they’ll just keep spinning up more resources.
The interesting thing is despite the rules governments in countries like India or Ghana with strict registration laws will routinely find 3000 SIM cards on raids on simbox operators.
Of course it doesn't. Especially with the low roaming costs inside Europe. Just grab one in another country and use that. It's purely theater. This is why it's so annoying.
My current provider Orange even requires me to re-ID at their shop periodically now :(
IDs are stolen yes but they are generally discarded. They're just a side catch for pickpockets and the moment they steal the wallet they will take the money and dump the IDs in a nearby bin.
I was pickpocketed a few years ago and I searched all the bins in the area and I came up with ID cards, medical cards, bank cards etc of 9 different people that had been robbed that night!
I think the thieves do this because if you point them out to the police they won't have any evidence on their possession. Because if they have someone's ID on them they will have some explaining to do. For some cash not so much, you can't prove it was yours.
Not that the police do anything anyway because the Spanish law lets them go free with a minor fine if they stole less than 400 euro, even if it was the 50th time this month. This is really why pickpocketing is so extremely rampant here, it's risk-free and the gangs are basically professional businesses.
Thanks for the insight. I was robbed in Spain and the only thing of real value they got was my passport. Since you need ID to buy a sim card I just assumed there would be a huge market for stolen identity documents.
> Today, I have published a Fraud Strategy setting out the government’s ambition to cut fraud by 10% from 2019 levels, down to 3.33 million frauds by the end of 2024.
Our current gov taking on these kind of moonshots makes you proud to be British.
Incorrect, they can have an assigned phone number and can do anything a normal SIM can do.
There are SIMs (either physical or eSIM) that do not have a phone number and/or has restrictions on what it can do. It's not the form itself that limits the functionality, it's the mobile network provider who decides what functionality each individual SIM has.
E.g. Mobile card payment devices may have a SIM that has no phone number and is data only with connection only permitted via a certain gateway to the payment provider.
When an eSIM in a phone is provisioned to a carrier, with some plan, usually it does have a phone number and could send and receive SMS.
Though yes you are correct, if you're only thinking of a single chip (eSIM) instead of the system it usually goes in yes, you are be correct - those systems can currently exist.
iSIM, integrated eSIM with SOC (cpu, gpu, ram, wireless baseband, eSIM) will eventually be more common in phones.
Unless we are thinking of different technologies, you can use esims for all of that? Just last week I ordered a usmobile.com esim, installed it on my phone, received a +1 415 number and received and sent SMS with it
It would be just as easy to get SIMs that support roaming and text outside the UK, or better yet just use WiFi texting.