field notes — archive
The complete archive, newest first.
June 26, 2026
- Turing's forgotten voice scrambler
Hackaday points to a Popular Mechanics piece on Delilah, the portable speech-encryption system Alan Turing built late in WWII and then more or less vanished from the record. It was, in many ways, an early stab at digital voice encryption — …
- Branded Calling goes live on Telnyx
Telnyx has flipped on Branded Calling as a generally available feature: outbound calls can now carry a verified business name, logo, and call reason, with the pitch that this lifts answer rates on US calls to T-Mobile and Verizon. It’…
June 25, 2026
- A German court treats Google's AI as its agent
Simon Willison flags Bruce Schneier on a recent German ruling that Google can be held liable for errors its AI overviews introduce. Schneier’s framing is the part worth keeping: “AI agents are agents of the person or organizatio…
June 24, 2026
- The service desk is still the soft spot
A Specops-sponsored piece on BleepingComputer walks through why social-engineering attacks against the IT service desk keep working: the help desk is the designated human override for identity verification, and password resets and account-r…
- Pindrop finds AI text detectors carry demographic bias
Pindrop’s research team tested 16 AI-text-detection systems against a large, demographically labeled corpus and found the bias is “real, model-specific, and most dangerous where attributes intersect.” The work is headed to…
- Stop Scams UK's blocked-SIMs program wins an award
Stop Scams UK reports that its Blocked SIMs program has won an international award for, in its phrasing, burning down a cross-sector fraud route — a coordinated effort in which telecoms and banks share signals to identify and cut off the SI…
- Zoom and BrightHire put deepfake detection inside the interview
Zoom and BrightHire are partnering to fight candidate fraud in remote hiring, including deepfake detection built into live interviews — catching, in real time, the cases where the person on camera isn’t who, or what, they claim to be.…
June 23, 2026
- GASA's RedVDS case study and the rentable infrastructure of scams
GASA’s case study on RedVDS is worth reading less for the takedown than for the framing. “Modern scam operations do not depend only on individual fraudsters sending deceptive messages,” the post argues. “Increasingly…
- Scattered Spider's guilty pleas, and the phone-channel through-line
Two members of Scattered Spider pleaded guilty on the first day of what was meant to be a six-week trial, Brian Krebs reports: Thalha Jubair, 20, and Owen Flowers, 18, over the 2024 attack that crippled Transport for London. The headline is…
- Age verification rides in on the KIDS Act compromise
The House Energy and Commerce Committee’s bipartisan KIDS Act — the chamber’s vehicle for the long-running Kids Online Safety Act — strips out the duty-of-care provision 76 senators have backed, which is the headline The Record …
- 332 comments and counting on the FCC's OSP know-your-customer proposal
TransNexus takes an early read on the comment flood landing on the FCC’s Further Notice of Proposed Rulemaking on originating-provider KYC. The rules would require OSPs to collect a name, physical address, government-issued ID number,…
June 18, 2026
- Apple's Core AI, the on-device successor to Core ML
Via Michael Tsai’s roundup, Apple’s WWDC26 Core AI is the framework successor to Core ML: a modern, memory-safe Swift API for running models entirely on device, a set of Python libraries for converting, authoring, and optimizing…
June 17, 2026
- The FCC's plan to end phone anonymity, on 404 Media
On the 404 Media podcast, Joseph Cox walks through the FCC’s proposal to require voice providers to collect, verify, and store every new and renewing customer’s full name, physical address, and government-issued ID number. The C…
- Gruber and Anil Dash on the epic story of Markdown
John Gruber joined The Vergecast with Anil Dash to tell the origin story of Markdown — the 2002 bet on Apple and blogs, Textile as inspiration, and Aaron Swartz as the format’s most valuable beta tester. What makes this more than nost…
June 15, 2026
- Anthropic's safety conviction as a business superpower
Ben Thompson’s read on the government directive suspending foreign-national access to Fable 5 and Mythos 5 is the sharpest framing I’ve seen of the whole episode. His move is to separate the actions from the justifications. Anth…
- The first domain seizure under the TAKE IT DOWN Act
The Justice Department has seized CFAKE.com and SOCFAKE.com, sites that allegedly hosted nonconsensual AI-generated nude images and videos of women. As BleepingComputer notes, it appears to be the first publicly announced domain seizure und…
- The FCC's effective shutdown order against SK Teleco
The FCC Enforcement Bureau has issued what amounts to a shutdown order against SK Teleco after the provider failed to come into compliance with the agency’s robocall rules. The bureau had warned the company in April that it appeared t…
- YouMail's May index: 4.1 billion robocalls, and the framing that travels with it
Americans got just over 4.1 billion robocalls in May, per the YouMail Robocall Index — about 132.8 million a day, 1,537 a second, roughly 12.5 per person. The figure is down about 2.1% from April and 14.9% from May 2025, with scam and telem…
June 12, 2026
- FCC Enforcement Bureau opens a robocall case over calls to a 911 center
Communications Daily reports that the FCC Enforcement Bureau has notified Florida-based VoIP provider Aspireistic that it is under investigation for “originating apparently illegal robocall traffic” — including calls to a public…
- An RMD removal in motion: FCC tells Mexico IP Phone to show cause
Communications Daily reports that the FCC Enforcement Bureau has found the New Mexico-based VoIP provider Mexico IP Phone’s Robocall Mitigation Database certification “apparently deficient” and directed the company to show…
June 11, 2026
- Warner's critical-infrastructure bill names an AI model as the threat
Senate Intelligence ranking member Mark Warner has introduced the Combat Emerging Threats to Critical Infrastructure Act, per Inside Cybersecurity, directing CISA to take the lead on updating the sector-specific plans called for under the B…
- The decide-execute-deliver sandwich, or why coding agents haven't replaced engineers
Narayanan and Kapoor’s latest extends their “AI as normal technology” thesis to the case everyone keeps invoking — software engineering — and it’s the measured counterweight to the existential-threat framing. Their f…
- Why every chatbot keeps writing about a lighthouse keeper named Elias Thorne
Ask ChatGPT, Claude, Gemini, or Grok to “tell me a story” and there’s a good chance you’ll meet Elias Thorne — a clockmaker, a lighthouse keeper, or a librarian, depending on the model. Samantha Cole’s piece fo…
- TransNexus's May robocall-volume read, the monthly counterpart to the signing data
TransNexus has posted its robocall trends for May 2026, the volume-side companion to the STIR/SHAKEN signing statistics it publishes from the same dataset — signed and unsigned calls observed across the hundreds of providers using its tools…
June 10, 2026
- The numbering fight is really about what a phone number is for
A second round of comments in the FCC’s numbering-rules proceeding lands in the same register as the first: Communications Daily reports that various groups and companies are warning the Commission that some of the proposed changes wo…
- TransNexus's May STIR/SHAKEN numbers: watch coverage, not participation
TransNexus has posted its May STIR/SHAKEN statistics, the latest in a monthly series it has run since April 2021, drawn from signed calls received by hundreds of voice service providers using its tools. It’s a small, consistent datase…
June 9, 2026
- An AI email agent falls for the same phishing that fools people
BleepingComputer reports on a phishing simulation run against OpenClaw, an autonomous email agent, across a range of configuration profiles. The finding: the agent “was susceptible to tactics commonly used to compromise human users,&r…
- Early comments urge caution on extending numbering-access rules to all providers
Communications Daily reports that early commenters are urging the FCC to move carefully on an NPRM that would extend certification and disclosure requirements to all providers that receive telephone numbering resources — direct-access appli…
- Pindrop can flag an AI voice — but not who's responsible for the call
Pindrop introduces its new Chief Product Officer, Nicholas Holland (most recently AI product strategy at HubSpot), in a fireside-chat writeup that doubles as a positioning statement. The line to note isn’t the personal-story framing b…
June 2, 2026
- DNA Finland turns on Hiya's network-level call protection, consumer and business at once
DNA, the Finnish operator in the Telenor Group, has launched Hiya Protect for both consumer and business subscribers under the local brand DNA Numerovahti — “number guardian.” Calls are analyzed at the network level via a synchr…
June 1, 2026
- Meta's AI support bot socially engineered into handing over Instagram accounts
Brian Krebs reports that the Instagram accounts of the Obama White House and the Chief Master Sergeant of the Space Force were defaced after instructions circulated on Telegram showing how to trick Meta’s AI support assistant into acc…
May 28, 2026
- Bandwidth: branded calling needs reputation and authentication underneath it
Bandwidth argues that branded calling is necessary but not sufficient — that without a number-reputation layer underneath and pre-call authentication alongside, “a logo is just a coat of paint on a shaky foundation.” The post la…
May 27, 2026
- GASA's FALKIN: 22,661 bank-fraud operator signals, with account takeover at 69%
GASA’s FALKIN team has published a snapshot of 22,661 bank-tagged signals collected over six weeks from Telegram channels, dark-web forums, and live attack infrastructure. The breakdown is stark: “account takeover and credential…
May 25, 2026
- FBI flags Kali365, a phishing service built on OAuth device-code abuse
The FBI has put out a warning about Kali365, a phishing-as-a-service platform that surfaced in April 2026 and is sold through Telegram to attackers who want into Microsoft 365 accounts without bothering to steal passwords or intercept MFA c…
May 22, 2026
- Call-tracking execs plead guilty to powering tech-support phone fraud
Two former executives of a call-tracking and analytics company have pleaded guilty to concealing a years-long tech-support fraud scheme. Ex-CEO Adam Young and ex-CSO Harrison Gevirtz ran C.A. Cloud Attribution from 2017 to 2022, supplying t…
- FTC settles with Cox Media Group over 'active listening' ad-targeting claims
The FTC has settled with Cox Media Group and two marketing firms — New Hampshire’s MindSift and Wisconsin’s 1010 Digital Works — for $930,000 total over their pitch for an “active listening” advertising product. The …
- Non-human identity becomes a SASE vendor category
Diana Goovaerts at FierceTelecom reports on the way SASE vendors — Versa Networks, Cisco, Palo Alto Networks — are scrambling to bolt non-human-identity controls onto their platforms before agentic AI floods enterprise networks with workloa…
May 21, 2026
- Calypso espionage campaign targets telecom carriers with new implants
Researchers at Lumen’s Black Lotus Labs and PwC Threat Intelligence have detailed a Chinese cyber-espionage campaign hitting telecom providers with two new implants — a Linux post-exploitation framework dubbed Showboat and a Windows b…
May 20, 2026
- First Orion makes the outbound-sales case for branded calling
First Orion makes the outbound-sales case for branded calling — putting a company’s name and logo on the recipient’s handset before they answer. The hook is a stark figure: just 19% of U.S. adults generally answer calls from num…
- Telnyx maps EU AI Act Article 50 onto voice AI
Telnyx has a compliance guide for EU AI Act Article 50, which becomes enforceable on 2 August 2026 and requires that AI-generated voice be watermarked and that deployers be able to tell authentic audio from a deepfake. The sharpest point: t…
- Telnyx argues voice-AI trust belongs at the network layer
In a companion piece, Telnyx makes the case that voice-AI trust has to live at the network layer. The hook is a Mobile World Congress 2026 demo by Resemble AI: 140 attendees tried to tell AI-generated audio from real recordings and averaged…
- The FCC's KYUP proposal aims to expose the upstream providers that carry illegal calls
Light Reading reports on the FCC’s proposed Know-Your-Upstream-Provider rules, which it frames as requirements “designed to expose providers that enable illegal calls and root them out of the voice ecosystem.” It’s a…
- Wiley Rein walks through the FCC's KYUP and STIR/SHAKEN FNPRM
Wiley Rein has posted a detailed walkthrough of the May 20 FCC Further Notice proposing significant changes to know-your-upstream-provider (KYUP) rules, the STI-GA, and STIR/SHAKEN call authentication. The firm summarizes the FCC as proposi…
May 19, 2026
- First Orion frames call authentication as finance's defense against APP fraud
First Orion argues call authentication is now non-negotiable for financial institutions, casting the phone channel as simultaneously a bank’s most critical and most exploited line to customers. The standout claim: only 32% of institut…
- GASA rebuilt its State of Scams methodology to stop overcounting losses
The Global Anti-Scam Alliance has published the methodology behind its 2026 State of Scams reports, and the headline change is a deliberately more conservative way of counting losses. “For 2026, we made a conscious decision to change …
- Vonage exposes PSTN branded calling as an API, with First Orion's INFORM underneath
Vonage has published a walkthrough for wiring PSTN Branded Calling into its Voice API through First Orion, so that outbound calls “display your company name, logo, and call purpose” on the handset instead of a bare number. The t…
- What frontline practitioners say actually prevents fraud against older adults
GASA’s Research Working Group convened around Prof. Mark Button’s study on what actually works to prevent fraud against older adults — a population that gets targeted like everyone else but absorbs far heavier financial and emot…
- Eight of the largest US carriers stand up a joint cybersecurity group
AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon and Zayo are now working together in a communications cybersecurity group set up to share threat information and coordinate a faster collective response to attacks. It is, in effect,…
May 18, 2026
- STIR certificate transparency draft heads for Proposed Standard
Russ Housley has requested publication of draft-ietf-stir-certificate-transparency-02 as a Proposed Standard, on behalf of the STIR working group. The request hit the STIR list on May 18 and moves the document to the next step in the IETF p…
May 14, 2026
- Bouygues Telecom turns on network-level branded calling in France
Hiya announces that Bouygues Telecom has deployed Branded Call across its network, making it the first French mobile operator to offer business caller identity to all subscribers at the network level. The service launches in June 2026, with…
May 13, 2026
- SHAKEN's PASSporT spec gets a revision as 8588bis is requested for publication
Ben Campbell has requested publication of draft-ietf-stir-8588bis-01 as a Proposed Standard for the STIR working group — a revision of RFC 8588, the “PASSporT Extension for SHAKEN” that defines how SHAKEN attestation is actually…
May 11, 2026
- Bandwidth lays out its full robocall and contact-center fraud stack
Bandwidth has published a comprehensive rundown of how it fights illegal robocalls, scam calls, toll fraud, and spam across its network. The post opens with the FTC’s tally of more than $12.5 billion in consumer fraud losses in 2024 —…
May 8, 2026
- Roger Anderson's Caller-ID Vouching and Vetting
Roger Anderson of Jolly Roger Telephone Company has posted a new Internet-Draft, Caller-ID Vouching and Vetting (CIDVV), that proposes verifying caller identity by reachability. The mechanism: before the real call goes out, the originator&r…
May 4, 2026
- Truecaller's Global Insights report tallies 68 billion spam and fraud calls
Truecaller has published its first Global Insights Report since 2021, and the headline number is stark: 68 billion spam and fraud calls identified globally in 2025. Indonesia tops the ranking, where 79% of all calls from unknown numbers wer…
- YouMail clocks March U.S. robocalls at 4.2 billion, ending the sub-4B streak
YouMail’s monthly Robocall Index recap puts March 2026 U.S. robocall volume at 4.2 billion calls — 135.7 million per day, roughly 1,600 per second — a 9.8% month-over-month increase that ends “six consecutive months of staying b…
March 11, 2026
- The Campaign Registry's CNP migration tool ends 10DLC vendor lock-in
Bandwidth walks through what The Campaign Registry’s new Campaign CNP Migration Tool means for business texting: campaign service providers can now move 10DLC campaigns to a new connectivity partner without re-registering from scratch…
February 1, 2026
- TNS's 2026 Robocall Report: the non-Tier-1 STIR/SHAKEN gap is widening, not closing
TNS’s 2026 Robocall Investigation Report — the annual FCC-cited data drop — landed in February. The Tier-1 headline number is familiar enough: top-tier inter-carrier signed traffic averaged ~85% across 2025, ending the year at 85.4% i…