Political spam texts are harvested from voter registration rolls as well as just about any participation in political activities. Apparently political spammers take efforts to identify likely supporters. The reason is that basically this is a numbers game - they don't want to encourage the opponents' supporters to vote.
Therefore, the spammers' data sources are linked to political identifiers. Examples are:
- Personal data from voter registration rolls
- Primary election voter lists (lists identifying political party)
- Contributions, including partisan support groups
- Direct harvesting of volunteers' personal data
- Communications with elected representatives
- Personal data provided by activist groups
These sources make political spam particularly pernicious. This also provides an opportunity to make the data less useful.
As with any data harvester, entities that sell personal data to political campaigns look to improve the quality of the data. While "low grade" data may be useful for a budget campaign, most are willing to seek better quality data for their most aggressive harassment campaigns. That means that the data is going to be matched to different databases to the extent practical.
It is at this point where it is sometimes possible to reduce the usefulness of the harvested personal data. The best place to do this is where the data is expected by the data harvesters to be stable, which is also where it is most accessible to the victim:
- The voter registration rolls; or
- The people harvesting the data.
Since data is typically combined, just as it is combined by commercial entities, it helps to identify both sources of data.
Schrödinger's cell phone
The idea is to provide a bad number, but a bad number that is still a valid number for receiving SMS texts.
Political campaign data harvesters are likely to be able to link voter registration data with political interests and harvested personal information. It is difficult to protect this data and nearly impossible to convince data harvesting businesses to expunge it. The strategy is to feed bad data. This tactic is effective because automated data harvesting algorithms terminate a data search when it arrives at a credible result. If an automated data harvesting algorithm continued beyond arriving at a credible result, that would likely diminish the quality of the harvested data. So...
The idea is to provide bad data to the obvious data sources, which are:
- Data harvesters you know you engaged with; e.g., on-line activist organisations.
- Data harvesters that look familiar, and which you may have used. Examples are on-line activist organisations. You may not remember responding to their "Save the Single Puppies" campaign, but it is possible that at one time or another you trusted one of these organisations with your personal information. Remember, it is the aggregation of information from multiple sources that data aggegators use against their victims.
- Entities that are likely to match your political views in their promotions.
- Political parties.
- Fundraising wings of political parties - ActBlue and WinRed come to mind (for US). If you donate a small amount (e.g., via paypal, which doesn't cost the political entity much, so even $1 is okay), the data you provide will be resident on their system. If you make a payment with an on-line service (e.g., PayPal), be sure to insert the desired contact data (especially "no-answer" phone number and bogus email address) on the payment entry. (e.g., PayPal provides the default address, but allows the sender to change that data for a donation.)
- An entity associated with a segment of the political party, e.g., Club for Growth; various progressive groups.
In particular, that "bad data" you need to provide would be the telephone number and email address.
The email address is easy - any dedicated sender-identifying, throw-away or known spammer's email address will do. (Sender-identifying addresses are optimum because you can receive confirmations and turn off the email after receiving the confirmation. Examples are 33mail.com and Spamgourmet.)
For phone numbers, if a number is not SMS-capable, their phone spam software will search databases for a likely cell phone. Therefore, provide a bad-but-valid SMS-capable number. Options are:
- On-line free SMS "drop box" phone numbers for receiving SMS messages.
- Cell phone numbers of previous spammers - i.e., those people who think other people like getting spammed. (Note that some campaigns use "burner" phones, but others find volunteers who are willing to use their own phones to send the malicious texts.)
- SMS text phone numbers of politicians who engage in this practice.
1. Voter registration rolls
In most states, voter registration data is readily available, at least to registered political parties or the like. They are likely to require that the data only be used for political campaigns, but that is typically without consent of the victim.
Voter registration data includes of course the voter's name and other salient data, but many states also collect other data such as telephone numbers and email addresses. So update your voter registration to insert "bad data" in those spurrious data fields.
Voting rights are unlikely to depend on the quality of that additional data. The obvious targets are phone numbers and email addresses. Select a "no-reply" phone number. It only needs to be a phone line that is basically not answered by a human, preferably an otherwise valid number.
As a "no-reply" phone number the numbers such as your work fax are inviting, but there is an advantage to selecting a number that is SMS-capable (actually capable of receiving SMS text messages). The reason is that if the listed number does not receive SMS text, automated equipment will sequence to supplemental data sources.
Good sources of SMS numbers are:
- On-line SMS "message drop" numbers. A few websites with these numbers are listed at:
- freephonenum.com/us (US numbers)
- freephonenum.com/ca (Canadian numbers - may cause the spammer to incur international texting charges)
- SMS boilerrooms that have previously sent SMS spam (using full 10--digit numbers) - they are SMS-capable for obvious reasons. In other words the people who attacked you. (Note, however, that many candidates use "throw-away" numbers for spam purposes.)
For email, there are multiple options. Generally it is possible to refuse providing email addresses, but a throw-away email address also works.
2. The people harvesting the data
First, try to either give bogus numbers or no number to people collecting numbers. It is best to give bogus numbers, because you want to feed the data harvesters bad data. Let the person collecting the number (often for legitimate purposes) know that the number won't be answered or something of that sort. (i.e., "I may be hard to reach, but I will try to keep in touch with you.") That way the person will collect the bad data number and also know that the number may be worthless (for actual communication).
If you're volunteering, you will probably show up on your own or on the basis of a website, so the number is of marginal use. "It's unlisted&" is generally a polite way to refuse a number to avoid harvesting.
Email is important here, and again, there are multiple options. Generally it is possible to refuse on the basis of not having a service to handle bulk email on your behalf, and the obvious problems with email security. Alternatively, a throw-away email address works. The ones I use are spamgourmet.com and 33mail.com, but the idea is to provide a throw-away email address of your choosing.If someone has a need for an email address or (more pointedly) objects to a disposable or sender-specific address, there is a reason, and it's probably not the person's romantic interests.
For on-line sites, it's easy - just update your information. Be sure you have at least one registration that matches the way your name appears on the voter registration rolls. That way, the collected data will be matched by the data harvesters and go to whatever bogus or semi-bogus phone number and email address you provide. (The idea is to make it easy for the data harvesters to associate your voter registration with bad data, and therefore not sequence to good data.)Typical on-line sites are change.org and moveon.org for progressives, and America First, Americans for Prosperity and Maggie's List for conservatives. These are listed in Wikipedia (List of PACs), and the cognizant ones should be easily recognisable. Look for any political issue-oriented group you may have interacted with.
... typically until the next election cycle, but providing bad data will stop at least some of the attacks even in the current election cycle. (A handful of campaigns use old lists, but will use current data.)
There are multiple ways of doing this.
- If you trust the entity, you can reply STOP . That presumes you trust the entity to comply and not confirm a valid number.
- Use canned replies asking the person questions they will refuse to answer, such as the data source they used for your the personal information. Many of the more hostile spammers will address the victim by first name, presumably for intimidation purposes. (Don't let them intimidate you.) Reply by addressing the caller by the same first name with your question, but identifying yourself with a different name in reply. (i.e., the number being used does not even belong to "xxxx".)
- "Wrong number" response - tell the caller you are someone else (e.g., because this is a new phone, so their data is apparently out-of-date).
- If you have a voice-to-text app, ask very long questions and ramble on. (Those things can easily be made very annoying!)
- Collect candidate names and let the spammers know that you are doing this because those are the real enemies that you want to vote against. And do it. (vote against them because they are the enemy.) Note that the most outrageous spams are sometimes "false flag" attacks, but those should be obvious.
(Of course, save the names of the candidates that called you so you know who sent these attacks when voting, and share that list with local social media groups, etc.).
- Post these names on local social media lists -- this can be very effective.
... a good thing
A boring story of getting blacklisted by an SMS calling service apparently involved in SMS text spam is on a page describing The Numbers (SMS calling tactics).
- Use Caller ID block (*67) if you want to block your name. Only works for voice calls.
- Calls to toll-free (800 numbers and the like in the North American Numbering Plan (NAMP)) will always provide the recipient with the calling number because toll-free services provide "automatic number identification", which works independently of caller ID data even if the ID is blocked. (Therefore "*67" does not work. The called party may or may not have the caller name. )
- Replying to a call or text will confirm a valid number. (That may or may not be a problem, depending on whether you expect the campaign to re-sell your data based on your call.)
- When communicating with an elected politician, use disposible email addresses and either *67 (doesn't work with toll-free numbers) or use a "safe" phone number.
I have mentioned various US political advocacy groups here. I am not attempting to support one political point of view here other than data privacy. For partisan political viewpoints, please visit the entire rest of the internet.
^ "Dedicated email addresses" have the advantage that they permit ongoing email communication with an entity, but if the data is abused, the "dedicated" address can be terminated. Such "dedicated email addresses" also let you know where a different entity obtained your personal data from.
I've found spamgourmet.com and 33mail.com to be convenient in this regard because they "
.forward" to the user's regular email; however, there are several other providers of these "dedicated email addresses".
^ If you usually go by "Kitty" but you've registered to vote as "Katherine", then change your listed name on a political site to match "Katherine", or just re-register (at the site) that way. The same of course applies to "deadname" voter registration -- add site registrations to organisations identifying that deadname if you are getting messages to that deadname. (A "deadname" is a name a person no longer uses, e.g., the birth name of a trans person; not a deceased voter!)
^ Toll-free Automatic Number Identification does not provide subscriber names, but toll-free services can match an incoming caller number with an external database called a CNAM ("Calling NAMe"). CNAM is an outside service that phone companies use to pair incoming numbers with names. CNAMs are not centralized databases and can be ureliable. Each CNAM maintains its own private database on phone number/name pairs in the United States and abroad.
Hanging up does not work!
originally posted 13-May-21 rev 7-Sep-21 Stan Protigal