Almanac Logo

July 4, 2026 Β· Norway

This is how I would stop scam calls once and for all.

In a universe where GDPR doesn't exist, this is how I would END scam calls. The thoughts are a bit agressive but so are the scams.

Scam calls are one of those everyday annoyances that feel small until they are not. A few seconds of interruption is one thing. But when the caller is targeting elderly people, impersonating banks, or trying to push someone into a panicked financial decision, it becomes much more serious.

This article is my attempt to think through a deliberately uncomfortable question:

If privacy laws like GDPR did not exist, how far could we technically go to stop scam calls?

This is not a policy proposal. It is a thought experiment. The point is to explore what might be possible in a world with far fewer privacy constraints, and then sit with the trade-offs. If you have issues with it, tag me and cry in a silent corner or Twitter or something.πŸ€·πŸΌβ€β™‚οΈ

Architecture sketch for a no-GDPR scam call blocking system

The basic idea

In this imaginary universe, there are no consent forms, no data minimization rules, no strict purpose limitations, and no big penalties for processing personal data without permission.

That changes everything.

Instead of treating scam calls as a problem of suspicious phone numbers, I would treat them as a problem of identity, voice, reputation, and money flow.

Phone numbers are easy to replace. SIM cards can be swapped. Caller ID can be spoofed. But a caller’s voice is much harder to change.

So the core of the system would be:

  • verified identity for every phone number
  • voiceprint matching for every caller/ detecting robocalls
  • flagging the "script".
  • real-time AI scam detection on the phone
  • a global reputation score attached to the voiceprint
  • financial consequences when scam behavior is detected

It sounds effective. It also sounds frightening. That is exactly why I found this thought experiment interesting.

1. Universal real-time identity verification

The first step would be to remove anonymity from the phone network.

Every phone number would be connected to a verified government-issued digital identity. No burner SIMs bought with cash. No anonymous commercial calling operations. No easy reset by changing numbers.

When a call comes in, the phone would instantly check:

  • who owns the number
  • whether the person or company has a registered voiceprint
  • whether that caller has a complaint history
  • whether the number or identity has been linked to fraud before

But I would not rely mainly on the phone number, because that is the weak part. The system would rely more heavily on voiceprint matching.

A scammer can change a phone number quickly. Changing their actual voice, consistently and convincingly across many calls, is much harder.

2. A voiceprint-based reputation system

The more I thought about this, the more the reputation system became the center of the design.

Instead of giving reputation to only a number, the system would assign reputation to a voiceprint-linked identity.

A caller’s score could be affected by things like:

  • number of complaints
  • how often recipients block the caller
  • call duration patterns
  • repeated short-call behavior
  • time-of-day patterns
  • fraud reports
  • impersonation language
  • association with suspicious payment activity

If a scammer changes SIM cards, their reputation should follow them. If they use a new number but the same voiceprint, the phone should still know.

In this world, a high-volume scammer could lose reputation within hours. Their voice would become a kind of global warning label.

That is powerful. It is also a very intense form of surveillance.

3. Real-time call recording and fraud detection

The system would record all commercial and sales calls by default.

On the user’s phone, local AI would listen for common scam patterns. For example:

  • urgency language
  • bank impersonation
  • threats of account closure
  • requests for OTPs or passwords
  • instructions to transfer money immediately
  • attempts to move the conversation to another platform

If suspicious language appears, the phone could beep, show a warning, or even block the call.

The call would also be stored as evidence and uploaded to a central system.

In the material I was working from, the local detection stack looked like this:

  • Whisper.cpp for real-time transcription
  • Phi-4-mini for local scam classification
  • a local voiceprint matcher
  • a local reputation cache
  • a notification or beep trigger
  • secure upload to a central server

The phone would not just be a passive device anymore. It would become the first line of fraud defense.

4. Training the AI with unrestricted data

In our actual world, collecting and using call audio at this scale would raise huge legal and ethical issues.

But in this no-GDPR thought experiment, every phone could continuously record and transcribe commercial calls. The raw audio, transcripts, voiceprints, and outcomes could be uploaded to a central server.

That dataset would be extremely useful for training scam-detection models because it would contain real scam conversations, including:

  • actual scam scripts
  • caller voices
  • urgency patterns
  • social engineering tactics
  • impersonation attempts
  • regional variations
  • repeated behavior across many calls

The models could then be updated and pushed back to phones regularly.

Federated learning could still exist here, but not mainly for privacy. In this imagined version, it would be more about efficiently updating models across millions of devices without overloading the central system.

Again, technically impressive. Socially unsettling.

5. The architecture I imagined

The architecture naturally splits into three layers:

  1. Edge Layer β€” the user’s phone
  2. Central Intelligence Layer β€” a government-controlled cloud system
  3. Enforcement Layer β€” banks, telecoms, regulators, and fraud units

Here is the rough version from my notes:

User Phone (Edge Layer)
β”œβ”€β”€ Call Audio Capture Module
β”œβ”€β”€ Whisper.cpp (Real-time Transcription)
β”œβ”€β”€ Phi-4-mini (Local Scam Classifier)
β”œβ”€β”€ Local Voiceprint Matcher
β”œβ”€β”€ Local Reputation Cache
β”œβ”€β”€ Beep + Notification Trigger
└── Secure Upload Module β†’ Central Server

Central Intelligence Layer
β”œβ”€β”€ Global Call Database
β”œβ”€β”€ Voiceprint Database (Core)
β”œβ”€β”€ Reputation Scoring Engine (Voiceprint-based)
β”œβ”€β”€ Model Training Pipeline
β”œβ”€β”€ Federated Learning Coordinator
β”œβ”€β”€ Global Blacklist Service
└── Model Distribution Service

Enforcement Layer
β”œβ”€β”€ Telecom Operators
β”œβ”€β”€ Banks & Payment Processors
β”œβ”€β”€ SIM Issuance System
β”œβ”€β”€ Government Regulators
└── Police & Fraud Units

The data flow would be something like:

  1. A call starts on the user’s phone.
  2. Audio goes to Whisper.cpp for transcription.
  3. Text chunks go to Phi-4-mini for scam classification.
  4. A voiceprint is extracted and checked against the global database.
  5. If a scam is detected, the phone warns the user and uploads evidence.
  6. The central server updates the voiceprint-linked reputation score.
  7. Updated model weights and blacklists are pushed back to phones.

6. A simple happy-flow example

Imagine a known scam ring calls someone from a new number.

The flow might look like this:

  1. The call arrives from a number with little or no history.
  2. The phone starts checking the voiceprint immediately.
  3. The caller says something like: Hello sir, this is your bank. There is a suspicious transaction.
  4. The local AI detects urgency and bank impersonation.
  5. The voiceprint matches a known scammer, even though the number is new.
  6. The user gets a warning: Scam call detected. Voiceprint reputation: 12/100.
  7. The call is recorded and uploaded as evidence.
  8. The central server lowers the caller’s reputation score further.
  9. Banks receive the update and can freeze related accounts.
  10. The model is retrained and improved for future calls.

This is the dream version of the system: fast, automatic, and difficult for scammers to escape.

7. Financial gatekeeping

Scam calls usually exist because there is money at the end of the process.

So in this imaginary universe, banks and payment processors would also be part of the anti-scam system.

If a voiceprint is repeatedly associated with fraud reports, banks could:

  • freeze associated accounts
  • block outgoing payments to known scam patterns
  • share fraud signals across institutions
  • link suspicious phone activity to suspicious money movement

This would make scam operations harder to run as a business. Even if the call works, getting paid becomes more difficult.

8. International coordination

A major problem today is that scam operations often cross borders.

In the no-GDPR universe, cross-border data sharing would be much easier. Countries could maintain a shared global blacklist of voiceprints and identities.

If a scammer is flagged in one country, their voiceprint could be blocked globally once enough evidence is collected.

This would be one of the strongest parts of the system. It would also be one of the most dangerous if misused.

A global blacklist of human voices is not a small thing.

9. A stronger personal do-not-call system

The current idea of do-not-call lists often feels weak. In this imagined version, a user’s preference would have real consequences.

If a person explicitly says not to call again, and the caller ignores that request, the system could trigger automatic penalties:

  • fines paid directly to the user
  • public listing on a government-run scam or nuisance database
  • loss of commercial calling privileges
  • lower reputation for the caller’s voiceprint-linked identity

This would turn do-not-call from a polite request into an enforceable boundary.

10. The nuclear option

For repeat offenders, regulators could revoke a phone number entirely.

Once revoked, the number would never be reissued. The associated voiceprint would be permanently flagged.

That is the maximum deterrent version of the system: not just blocking a call, but removing the caller’s ability to keep operating.

The uncomfortable part

The technical side of this thought experiment is easy to admire.

It would probably reduce scam calls dramatically. Maybe even make them economically unviable at scale.

But the cost is massive.

To make this system work, we would normalize:

  • large-scale call recording
  • centralized voiceprint databases
  • government-controlled identity checks
  • global reputation scores tied to biometric data
  • real-time AI monitoring of conversations
  • financial enforcement based on behavioral signals

That is not just anti-scam infrastructure. It is surveillance infrastructure.

And once such a system exists, it would be tempting to use it for more than scam calls.

That is why privacy laws matter. They create friction, and yes, scammers can sometimes exploit that friction. But the friction also protects ordinary people from systems that are too powerful, too centralized, and too easy to repurpose.

Final thought

In a universe without GDPR or similar privacy protections, stopping scam calls becomes much easier to imagine.

A combination of verified identity, voiceprint reputation, local AI detection, shared blacklists, and financial enforcement could make scam calling extremely difficult. I would want to live in that universe. Maybe a few tweaks here and there for curbing down "mislabeling" instances, but this is something that "gives me more positive vibes" than negative.

The thought experiment helped me see both sides more clearly: privacy rules can slow down anti-fraud systems, but they also prevent the anti-fraud system from becoming something much bigger and harder to control.

So the question I am left with is not only: how do we stop scam calls?

It is also: how much surveillance are we willing to accept to feel safe from them?

References