It is opt/in. There's three categories (according to that defcon talk): call originates from the number it says it does, call originates from our network but we're not sure about the number, and call came to us unverified (only allowed by regulation on legacy links).
Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should. The government would have to make them do it and they'll pretend upgrading is super expensive.
> call originates from our network but we're not sure about the number, and call came to us unverified
I'm saying these two categories should be denied by default by my telecom provider, and the user must opt-in to receiving them.
> Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should.
Those operators are not my concern, they can do whatever they want. I want my telecom provider to block unknown/unverified calls by default. I have no reason to ever receive a call from an unverified source. Some people might, because they have business or relatives or whatever in such a region, and they can opt-in to receiving them if so.
Sure, but why do I care? Let them run the legacy links. Just don't make my phone ring.