I had (have?) the idea that one could have an off-band signal that "Yes it's actually my number trying to call your number". Anyone who wants to steal it, feel free, but I have a feeling Google/Apple could implement it and eat your lunch.
So before I call the number (say the phone number is 9), my phone app will log into a central server and say "My number is 7, and I'm trying to call 9". The phone 9 will check the server and see that "Oh I'm getting a call from 7" and then ask the server, "Is 7 trying to call me?", and will get a confirmation.
There'll be different warnings if 7 currently doesn't have data connection, or got a new phone and hasn't logged on for a while, or 7 doesn't even have an account on the server. If 7 has recently pinged the server and then tries to call 9 without notifying the server, the server can say "I can't see any sign from 7 that he's trying to call you." then 9's phone can warn her. There'll be different warnings for different situations.
And we can use certificates and do tricks like not needing an account for each phone number, but send a message "Yes this number from Microsoft tech support is actually trying to reach you.", signed with Microsoft's certificate. But then the scammers will get a certificate for "Micro5oft", etc.
Looking forward to a reply moaning about centralized authorities monitoring people's calls. Although as I write this I realize telcos can do this already. Perhaps it can be a P2P solution...
So before I call the number (say the phone number is 9), my phone app will log into a central server and say "My number is 7, and I'm trying to call 9". The phone 9 will check the server and see that "Oh I'm getting a call from 7" and then ask the server, "Is 7 trying to call me?", and will get a confirmation.
There'll be different warnings if 7 currently doesn't have data connection, or got a new phone and hasn't logged on for a while, or 7 doesn't even have an account on the server. If 7 has recently pinged the server and then tries to call 9 without notifying the server, the server can say "I can't see any sign from 7 that he's trying to call you." then 9's phone can warn her. There'll be different warnings for different situations.
And we can use certificates and do tricks like not needing an account for each phone number, but send a message "Yes this number from Microsoft tech support is actually trying to reach you.", signed with Microsoft's certificate. But then the scammers will get a certificate for "Micro5oft", etc.
Looking forward to a reply moaning about centralized authorities monitoring people's calls. Although as I write this I realize telcos can do this already. Perhaps it can be a P2P solution...