The purpose of this CXTech Week 26 2023 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech?  The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.

Covered this week:

• Patch Me If You Can: How a New Jersey teenager’s malware threatened the entire Internet
• Everything You Know About STIR/SHAKEN is Wrong
• Announcing TADHack Global, 21-22 October 2023
• Follow this rule from childhood: “Never talk to strangers.”
• G2 CPaaS Landscape
• What’s the Likely Outcome of CAMARA / Open Gateway?
• TV usage drops again in May but streaming keeps growing
• People, Gossip, and Frivolous Stuff

Patch Me If You Can: How a New Jersey teenager’s malware threatened the entire Internet

We’ve covered DDoS for several years, for example at TADSummit 2021 check out “The worst of enemies – let’s talk about DDoS and RTC” by Sandro Gauci. As well as the CXTech newsletter, for example when Bandwidth was hit by a DDoS attack, and we’ve seen many more DDoS attacks through 2019 to the present in programmable telecoms. It all comes from some teenagers in New Jersey and Israel.

The IEEE Spectrum has a good review of the famous DDoS attack created by Paras Jha, on Wednesday night, 19 November 2014, at 10:00 p.m. EST—as the registration period for first-year students in spring courses had just opened—Paras launched his first distributed denial-of-service (DDoS) attack. He had assembled an army of some 40,000 bots, primarily in Eastern Europe and China, and unleashed them on the Rutgers central authentication server.

The article reviews the escalation of their activities, the battles of the botnet gangs, the release of the botnet code and the rise of many more copycats. In the end at Paras’ trial the prosecution recommended five years of probation and 2,500 hours of community service.

The government had one more request, for that community service “to include continued work with the FBI on cybercrime and cybersecurity matters.” Even before sentencing, Paras and his botnet gang had logged close to 1,000 hours helping the FBI hunt and shut down Mirai copycats.

Everything You Know About STIR/SHAKEN is Wrong

Commio’s Michael Tindall has a regulatory update to ensure call compliance and stay out of trouble with the FCC. It’s a frank and honest review, that does a great job in highlighting the benefits of attending the OpenSIPS Summit.

Last month’s (June 2023) annual OpenSIPS Summit brought together cloud comm developers, VoIP architects, and other tech gurus to speak in telecom tongue while mere mortals look on in quiet admiration.

As one of only 30 certified OpenSIPS professionals worldwide, Commio Co-founder and Chief Architect Michael Tindall was there once again to present, lend his real-world expertise to a panel discussion, and bring us back the latest updates.

Announcing TADHack Global, 21-22 October 2023

TADHack (tadhack.com) is the largest and longest running hackathon focused on programmable communications / telecoms. Since its founding in 2014, TADHack has always been hybrid, you can take part in-person or online.

At TADHack you’ll learn about important new technologies, share your hack and skills with the world, and potentially create a solution to an important problem that could become your side-hustle or even main job, like many other TADHackers. This is our 10th year of TADHack, we guarantee you’re going to have fun!

To win cash prizes you must hack on the global sponsors’ technologies. This year we have:
* STROLID. vCon is the new global standard, a ‘PDF for conversations’;
* Stacuity. Mobile connectivity for IoT;
* Jambonz. Open source voice platform; and
* We still have space for one more sponsor, the more sponsors the more prize money, so please let potential sponsors know about TADHack.

Solve problems that matter to you in your home, work or community life using the global sponsors’ technologies. Please mash-up the sponsors to increase your chances of winning!

We have many old and new in-person locations. For example, TADHack Sri Lanka run by hSenid Mobile and Ideamart have been with us since the first TADHack in 2014; TADHack Colombia run by Yeapp is a powerhouse of innovation.

New for this year we’re working with Africa’s Talking, we have 5 in-person locations around Africa including: Nairobi, Dar es Salaam, Kaduna, Kampala and Lagos. Plus Africa remote for the rest of the AT Community. Check out the TADHack Africa page.

All the TADHack regulars can choose a location or hack remotely. All the hacks are judged for the prize pot. The global sponsors’ decide how to distribute the prize money, their guidance is to share the love (prize money) across all locations / regions.

Check out the ‘Choose your location’ section on the TADHack landing page, click on the location you plan to attend, and then on the specific location page click on the register button. If there is no location close by, click on Global Remote and register. You’re now on the TADHack Global 2023 list!

The Location page will contain the address, schedule, and other important information about the specific location (coming soon). Your chances of winning are the same regardless of where you register.

Also thank you to all the TADHack partners for making this possible such as WebRTC.Ventures, TelecomsXchange, Yeapp, W3C, hSenid mobile, Ideamart, NetworkX, Africa’s Talking, and many many more.

Follow this rule from childhood: “Never talk to strangers.”

On SMS scams I’ve been tracking the yawning gap between my personal experience and that of the general market. I use Google Messages and generally only a few dodgy SMS get through per month. The bulk are filtered into ‘Spam & Blocked.’ There are quite a few marketing SMS messages in that folder, it’s a great feature.

However, I’ve been gathering general market data across different countries. It’s not just limited to SMS, WhatsApp is also used for scams. But focusing on the US. The FTC has a good list of the most popular scams from 2022, “IYKYK: The top text scams of 2022“.

The scam business is driven by money and “Copycat bank fraud” is the top scam. Reports about texts impersonating banks are up nearly twentyfold since 2019, see source below. (You might get a fake number to call about supposed suspicious activity. Or they might say to reply “yes or no” to verify a large transaction (that you didn’t make).

If you reply, you’ll get a call from the (fake) fraud department. People say they thought the bank was helping them get their money back. Instead, money was transferred out of their account. This scam’s median reported loss was a whopping $3,000 last year. Worse still, many people report giving their Social Security number and other personal information to scammers, leading to possible identity theft.

Source for impersonating banks are up nearly twentyfold since 2019. The number of fraud reports about text messages claiming to be from banks by year are as follows: 1,355 (2019), 2,231 (2020), 13,677 (2021), 25,725 (2022). The top companies identified in 2022 reports about bank impersonation text scams were Bank of America (14%), Wells Fargo (12%), Chase (12%), and Citibank (9%). These figures exclude reports that did not include a company name.

The article linked in the title for this section has simple advice. Protect yourself by doing this: “Don’t even respond at all and you shouldn’t respond. Just delete it.” My wife and son answer spam calls, hence they let the spammers know that number has a human at the end of it. I receive a fraction of the spam calls they do. Though they both ignore SMS spam.

Follow this rule from childhood: “You never talk to strangers. You teach your children that. Try to practice that yourself in today’s world.”

G2 CPaaS Landscape

Eric from Telnyx did a post about the G2 CPaaS landscape, which included Telnyx in a leading position, see post below and landscape above. G2 tends to have more developer input than the analyst landscapes. And the dirty little industry secret is most CPaaS are B2B businesses, not developer-led. They just ‘talk’ about developers who are actually the employees of the B2B customers, that do what they’re asked.

Every CPaaS landscape I’ve seen has a bias, and to be frank, your specific needs could turn the landscape on its head. So don’t use generic landscapes, talk to people in your industry on what they use and why, talk with potential vendors, get a list together, define your criteria now and in the future (switching vendors is a pain), weight them, and rank your vendor list. Get some quotes and make a decision. It really is that simple.

It’s funny comparing the G2 landscape to other landscapes where Telnyx is omitted and I’m pointing out the omission, even though the company that resells Telnyx is included in the landscape… As always with CPaaS, its a contrived technology label analysts have grabbed onto, not a well-defined market segment. It depends on the specific services / customers / regions: voice (wholesale, UCaaS, CCaaS, gateway, PSTN, SDK), SIP trunking, video, SMS/MMS/RCS, IP messaging (WhatsApp, LINE), email, chat, phone #s, 2FA, bulk versus application specific, omni channel marketing, omnichannel comms, Alerts/Notifications/Reminders, workflows, other value added services (customer data), etc.

In the future this complexity will reduce and IP communications will dominate, but don’t hold your breath this decade.

What’s the Likely Outcome of CAMARA / Open Gateway?

The vendors Nokia & Ericsson (possibly), but most definitely the cloud providers Microsoft, Amazon and Google, are going to run it on behalf of the carriers.

The parallels between CAMARA and OneAPI a decade before are unfortunate. I recently watched the TelecomTV session, ‘Why data and APIs are key to implementing the vision of the digital services provider‘. I found the justification that telcos weren’t ready 10 years ago revisionist. Ideamart (a telco) was ready 10 years ago. Tens of aggregators were ready. Cloud is not a precondition, the market was ready, and the need for collaboration is a telco industry anomaly that no other industry seems to need.

I’ll paraphrase an African saying: “What do you get if you dance with elephants? Squashed.” I saw many start-ups go bust on building businesses with telco APIs, as telcos inevitably change their minds, they have no significant skin in the game. The founder of the start-up loses their business and often their marriage. There’s a terrible personal cost, some of those people are involved in TADS today, and have taken an approach to programmable telecoms / communications that avoids the telco dependency. The innovators that build new businesses are keeping away this time.

A question was asked from the audience in the video, why shouldn’t people just use Twilio’s APIs today. There was a non-answer, and the people on the panel each played the role their employer required, e.g. argue for the software running on Azure as we have the (enterprise) developers, or be upbeat and use the appropriate terms Digital, API, Data, and avoid any specifics on customer value proposition. In fact, there was a statement about NOT defining customer value propositions, rather being on a journey of exploration. This showed the whole initiative is self-focused on plugging the industry’s 5G innovation gap, not on being customer focused. There is no exploring, the paths are well-trodden, as discussed in this article, Why has service innovation in programmable communications been difficult for carriers?

But back to how this is all going to end. I’ve been talking for a while about telcos are taking large B2B (Google, Meta, Amazon) SMS business from the aggregators in the Middle East and Asia, cherry-picking as the market matures. We’re seeing TCR making life tough for the SMS aggregators in North America. This will put the squeeze on some parts of the SMS aggregators’ businesses.

Telcos lack the people, processes, and technology to cost effectively deliver solutions beyond the large global accounts. IP Messaging will become more attractive given hurdles being put in place for SMS campaigns. Also alternative solutions, like silent verification will further lower reliance on SMS. The programmable communications industry will adapt through being customer focused.

The Open Gateway Initiative will launch, large B2B deals will the attributed to the success of CAMARA. When in reality it’s just cherry-picking from aggregators. Beyond those revenues, success will be in short supply. Carriers will pull back, and most likely one or more of the cloud providers Microsoft, Amazon and Google will ‘join forces’ with the Open Gateway Initiative (history repeats itself) as they can solve the problems of Fragmentation and Complexity, see linked article in the title that is setting up the justification.

The institutional investors I know are shrewd business people, some of them even read my blog. They know they’re being fed a line. There is no clear path to new 5G revenues, just squeezing more out of the state granted oligopoly through raising prices as what choice do customers have?

A well-trodden path is being re-explored with inevitable results, as discussed in this article, Why has service innovation in programmable communications been difficult for carriers? We’ll start to see carriers talking about the costs of transporting all these services because they did not receive their ‘fair-share.’ And shortly afterward prices will rise. The fixed telcos did this a few years ago, and the mobile telcos will follow suite.

TV usage drops again in May but streaming keeps growing

The primary driver for the decline is cost of living decisions for many families. Internet is an essential for all family members (either mobile or fixed internet for work and education), however, pay TV is increasingly a luxury.

The TV plans do claim low starting plans at $20-25, but the average cable TV plan costs around $83 per month. About $1k per year, or the equivalent of roughly 3 unlimited Mint Mobile plans, well 6 at the moment as they have a $15pm offer on unlimited. Or in more practical terms for families making those decisions, over one month of food for the family. The price range for cable TV plans is $20–$79.99 per month for starter plans, $50–$99.99 per month for mid-level plans, and $70–$139.99 per month for premium plans.

The reason YouTube is greater than Netflix is simply the volume of content watched by teens and young adults. YouTube Shorts has improved its engagement, see below, and is bringing in older people who watch ‘traditional’ YouTube channels that are now offering Shorts.

NileRed is a channel I occasionally watch and Shorts is a nice reminder of the channel. Think of Shorts as as a linear curated stream of content where I can quickly flick through and find a channel of interest to watch. My son can be entertained purely by Shorts, that doesn’t work for me as stuff starts to get interesting then it skips to the next short, which I find annoying.

With Netflix there is a wall of titles and categories, which starts autoplaying as you wait on the title. Both are fine content discovery tools, Netflix is optimized for the big screen, while Shorts for the phone. Last night I was watching YouTube Shorts on my phone, as my wife was obsessively gaming on the ‘big screen’, though we were in the same room.

On a similar topic, Netflix recently removed one of its basic-without-ads subscription plans in Canada. The basic without ads service was previously available for C$9.99, allowing viewing on a single screen at any one time, with an ad-supported version available since last November for C$5.99. Canadians can still sign up for Netflix’s standard package permitting access on two screens for C$16.49, and a premium offering with access on up to four screens, for C$20.99.

As the streaming market matures we’ll likely see further consolidation around the world into ad-supported, standard, and premium.

People, Gossip, and Frivolous Stuff

Kuddusi CIFTCIBASI is now Infrastructure Solution Architect at EUROCONTROL. I’ve known Kuddusi for about a decade, since his time at Turk Telecom.

Ismail Melih TAS is now VP Application Security at Instinet Incorporated.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack.