HDYC, login requirement and "privacy"

Many know Pascal Neis' site HDYC which displays detais about an OSM
user, like first created node, activity area, edit stats and so on:

http://hdyc.neis-one.org/

Today to view any stats of a user you have to login with OSM.
Pascal replied to me that this is related to this discussion on the
German users forum:

https://forum.openstreetmap.org/viewtopic.php?id=57813

I don't like the idea how this was never introduced and discussed
outside of the German forum.
I think that such "privacy" measures are futile and go against the
spirit of OSM - transparency.

Maybe this is due to some "moral panic" in Germany revolving around
privacy, just like StreetView ban - except it's made clear that your
edits are public and you agree to it!

Michał

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On Thursday 04 May 2017, Michał Brzozowski wrote:
>
> https://forum.openstreetmap.org/viewtopic.php?id=57813
>
> I don't like the idea how this was never introduced and discussed
> outside of the German forum.

So you think the German community should be required to proactively
communicate any subject they discuss in German language channels to the
international community?

> I think that such "privacy" measures are futile and go against the
> spirit of OSM - transparency.

Well - HDYC is a tool offered by Pascal Neis, AFAIK it is not even open
source.  Pascal could turn it off any time if he wanted to and of
course he can also put up constraints.

If you think that is against the spirit of OSM that is up to you but
don't forget that there are tons of tools based on OSM data developed
and run with restricted access you never hear about.  It is not really
conceivable how in case of HDYC making such a tool available for all
mappers based on authentification with an OSM account makes this less
in the spirit of OSM than a private tool that is not even known to the
public.

> Maybe this is due to some "moral panic" in Germany revolving around
> privacy, just like StreetView ban - except it's made clear that your
> edits are public and you agree to it!

Just to make this clear since there are likely quite a few people
reading here who will not be able or willing to parse the discussion on
the German forum - discussion there was about privacy concerns w.r.t.
editing metadata, which is what is the basis of HDYC.  Mixing this with
the subject of openness of geodata and privacy concerns reagarding
geodata (like mappers recording names from the doors of private homes
etc.) is not really appropriate - two very different matters which need
to be considered separately.

--
Christoph Hormann
http://www.imagico.de/

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

2017-05-04 17:21 GMT-03:00 Christoph Hormann <[hidden email]>:
I don't think Michał was mixing those two different matters. "Your
edits are public" also means the fact that *you* edited *that
particular* piece of data is public, from which someone could infer
eg. where you live; it's not mixing the subject of privacy concerns
with the data itself.

--
Nicolás

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

> So you think the German community should be required to proactively
> communicate any subject they discuss in German language channels to the
> international community?

I think the tools are _de facto_ used by the whole OSM community
worldwide, that's why I think any sort of announcement would be
appropriate. I am realistic.

> Well - HDYC is a tool offered by Pascal Neis, AFAIK it is not even open
> source.  Pascal could turn it off any time if he wanted to and of
> course he can also put up constraints.

Keep in mind that I don't make it appear that my requests are based on
something formal, they're not. I simply hope that people will tell him
they don't agree with me and two already did ;)

I think it also emphasizes how open-source tools are important. There
are tons of obscure analysis pages which don't have their source
available.

For starters, there's a little known program called ChangesetMD which
allows you to load changeset and discussion metadata to Postgres.
However, this is changeset only and one won't be able to do all of the
analyses (bboxes alone often are inaccurate, also no info on tags).

Michał

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On Thursday 04 May 2017, Nicolás Alvarez wrote:
Michał made a connection to privacy concerns regarding Google StreetView
which were exclusively about the recorded data and not about the
recording metadata (which Google obviously has no interest in
publishing).

--
Christoph Hormann
http://www.imagico.de/

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On Thu, May 4, 2017 at 10:48 PM, Christoph Hormann <[hidden email]> wrote:
> Michał made a connection to privacy concerns regarding Google StreetView
> which were exclusively about the recorded data and not about the
> recording metadata (which Google obviously has no interest in
> publishing).

Yes, these matters are separate, but I was talking about the sentiment
towards privacy and over-exaggeration of it. Hence I wrote "moral
panic".
I think any of us here knows how Streetview and OSM work.

Michał

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

This seems to be derailing rather fast.

The background is that we are publishing a fair amount of meta data
about our contributors that could at least be seen as not totally
harmless from a privacy and data protection point of view.

This includes all the changeset meta data, user ids and display names in
the data and last but not least timestamps, distributed in the data
dumps and the website. It is currently rather simple to generate a
profile for a specific editor and likely even finger print contributions
over multiple accounts.

Most of us, I would hope, are aware of the potential consequences and
accept the risk that contributing out in the open implies, but this is
definitely not universally true. It has been suggested that one possible
approach to resolving this is to remove all the relevant meta data from
places where it can be accessed without an OSM account (that would imply
no changeset dumps, and no user-ids etc in the planet dumps, and
re-working the website to only show such information to logged in
users). This would have to be accompanied by a new set of ToS that would
clearly lay down how such meta data can be used.

Naturally the above will not stop the bad guys, but it would make it
slightly less trivial to misuse OSM. Pascal, who has in the past been
threatened with legal action wrt privacy issues, reacted very promptly
to the discussion and implemented such a login-only access model, I
don't really see how he can be faulted for that given that it doesn't
limit community access at all, and he is fully responsible for what he
is publishing.

Now the other aspect is the upcoming (2018) changes in privacy
regulations in the EU. They will undoubtedly impact any such discussion
and future policy and the LWG has budgeted a fair bit of money exactly
to investigate and potentially implement any such required changes,
which could very well include all of above and more.

Personally I'm not very happy with the concept of reducing the
availability of contribution meta data as it will make lots of things
harder (vandalism detection and fighting for example) and likely require
many things to move to OSMF run tasks that are currently done by the
community at large, but it may be something that we can't avoid.

Simon



_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On Thursday 04 May 2017, Michał Brzozowski wrote:
>
> > Well - HDYC is a tool offered by Pascal Neis, AFAIK it is not even
> > open source.  Pascal could turn it off any time if he wanted to and
> > of course he can also put up constraints.
>
> Keep in mind that I don't make it appear that my requests are based
> on something formal, they're not. I simply hope that people will tell
> him they don't agree with me and two already did ;)

I can only say if i was in Pascal's position here and i had decided to
add the requirement of authorization to my tool because i am convinced
this is important for the privacy of mappers (and i don't want to imply
that i would see it that way nor that this was actually Pascal's
motivation) users not liking my decision but having no convincing
arguments w.r.t. the basis of my decision would not have any bearing on
the matter.

> I think it also emphasizes how open-source tools are important. There
> are tons of obscure analysis pages which don't have their source
> available.

Yes - and the situation about HDYC would have different dynamics
obviously if it was open source.

But also keep in mind that the functionality of HDYC is not really that
complex.  Writing a replacement for it would certainly be quite a bit
of work but it is not really rocket science.

--
Christoph Hormann
http://www.imagico.de/

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

Hi,

On 05/04/2017 09:33 PM, Michał Brzozowski wrote:
> I don't like the idea how this was never introduced and discussed
> outside of the German forum.
> I think that such "privacy" measures are futile and go against the
> spirit of OSM - transparency.

I think that what we mainly want to create in OSM is a geo database, not
a database of where a particular OSM mapper was at a particular time, or
whether a particular OSM mapper tends to stay up long at night editing OSM.

I have personally talked to people who said they don't want to
contribute to OSM because Pascal Neis' page was "inviting stalkers".

Those people were not the geek elite who have made it a habit to
thoroughly think about what gets published and how to ensure that
there's no link between their online identity and their private live if
they don't want their privacy violated. Those were people from groups
currently underrepresented in OSM, people whom we would like to see more
of in OSM, but who felt unsafe making themselves visible like that.

We are currently doing far too little to protect the privacy of our
mappers, and our methods of educating mappers about the privacy
consequences of their actions in OSM are laughable at best. That your
contributions to OSM can lead to a detailed analysis of your online
behaviour like the one produced by Pascal Neis is obvious to the
tech-savvy among us but certainly not to everyone who signs up. We have
a duty to, at the very least, educate new mappers about what happens to
their data, and ideally we should also do more to protect their data.

The "metadata" of *who* edited what when is not a necessary part of our
database proper; someone just wanting to *use* the data does not have to
know. We use this information inside of OSM to improve quality, to
contact mappers, to find vandalism and so on. But I don't think that the
broader public necessarily needs to know about such internal aspects.

I am very much in favour of limiting at least the value of the "user
name" field to project-internal use. Pascal has made a first step in
that direction. Currently, anyone can download the planet file with all
user information intact and thereby circumvent the (extremely low)
barrier of having to provide an OSM username; I hope that in the long
run, we will stop making username information available to the public,
and instead make the user name only available "for project internal
purposes", i.e. to logged in users. I think this will not hurt any
legitimate use case, while at the same time making clear that we
consider this information privileged and not for general consumption.

It doesn't matter that anyone can sign up and then view that data; we
can at least make people promise to only use the data for project
internal use when they sign up.

> Maybe this is due to some "moral panic" in Germany revolving around
> privacy, just like StreetView ban - except it's made clear that your
> edits are public and you agree to it!

It is made clear that your edits are public, and we even explain about
the meta data (the Privacy Policy says: "All edits made to the map are
recorded in the database with the user ID of the user making the change,
and a timestamp at the time of change upload. In general all of this
information is also made available to everyone via the website,
including links to allow everyone to easily cross-reference which user
has made which edit. "). But we are hiding this like the small print in
a contract; there are many people who have signed up to OSM and who are
shocked to find their life reflected in Pascal's analyses. You might say
it's their fault, they are stupid not to read what they signed up to; I
say it's out fault, we have a duty of explaining to them what they are
signing up to. Every single person who signs up to OSM and who doesn't
understand what they are publishing about themselves is our fault.

Pascal has recevied numerous legal threats about his pages. Making them
"for project internal use only" considerably improves his legal standing
should anyone ever actually try and sue him. It's his service, his legal
risk, and his decision. New EU data protection regulations announced for
2017 will make things even stricter, and we will have to spend serious
thought on how we can protect the privacy of our mappers if we want to
expand the project past the group of geeks who know how to manage their
privacy online. And it is not just a legal issue; you might call it a
"moral panic", I call it a moral duty to do everything we can to ensure
that our mappers don't suffer disadvantages from contributing to OSM.

Bye
Frederik

--
Frederik Ramm  ##  eMail [hidden email]  ##  N49°00'09" E008°23'33"

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On Thu, May 4, 2017 at 11:33 PM, Frederik Ramm <[hidden email]> wrote:
> I have personally talked to people who said they don't want to
> contribute to OSM because Pascal Neis' page was "inviting stalkers".
>
> Those people were not the geek elite who have made it a habit to
> thoroughly think about what gets published and how to ensure that
> there's no link between their online identity and their private live if
> they don't want their privacy violated. Those were people from groups
> currently underrepresented in OSM, people whom we would like to see more
> of in OSM, but who felt unsafe making themselves visible like that.


How many people? I think we would make it worse for many just to have
a handful of people happy. I don't think we should strive to catch
mappers at any cost. I know the intentions are good, but reality has
often taught me otherwise.

Many national communities use their own change monitoring tools that
will break, for instance greeting and monitoring new mappers. We use
one site in Poland and the Dutch community also uses another site.
There's also Overpass API.
This is not feasible on a technical level IMO and would require
significant effort to satisfy just these paranoid people. I don't
trust OSMF to accommodate everyone's needs on change monitoring.

Also, I see no reasonable way that upcoming EU privacy rules would
affect us. Would they consider OSM as a special case or what?
Everything mappers do, as has been said, is consensual and explicit.

When I said spirit, I though for instance mapping parties which were
once very popular and still somewhat are. It was customary to make
animated progress maps colored by user.

Long story short: weigh "benefits" to all the far-reaching implications.

I really hope this won't come through. Really.

Michał

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

Hi,

On 05/05/2017 12:39 AM, Michał Brzozowski wrote:
> Many national communities use their own change monitoring tools that
> will break, for instance greeting and monitoring new mappers.

Why? Would it be so hard to adapt the tools to log in to OSM to access
user information?

> We use one site in Poland and the Dutch community also uses another site.
> There's also Overpass API.

Sure, all these would have to change in the long run but it is such a
big deal? Even today, Overpass only gives you user names if you
explicitly ask for it.

> This is not feasible on a technical level IMO

I don't agree, I think it would be quite easy.

> and would require
> significant effort to satisfy just these paranoid people.

I don't think it is fair to talk of "just these paranoid people". Our
mappers are not enemies; they trust us with their data and it is our
moral duty to handle the data they trust us with responsibly. (And I'm
not even starting to talk about what our legal duties are!)

> I don't
> trust OSMF to accommodate everyone's needs on change monitoring.

I don't know what "everyone's needs" are but if these needs include "I
must be able to download personal user data without logging in" and "I
must be able to distribute personal user data without taking any
safeguards as to its further use" then I'm not sure if these needs
*should* be accommodated.

I am sure that all existing quality control measures can be kept up even
if we start saying that username data is for internal use only.

> Also, I see no reasonable way that upcoming EU privacy rules would
> affect us. Would they consider OSM as a special case or what?
> Everything mappers do, as has been said, is consensual and explicit.

As I said, I think that even in a world without data protection, it
would be our duty to think about how to protect the privacy of our
contributors. Just saying "you've signed this here, ha ha ha, your fault
if you haven't read the small print" is not enough. Certainly not
morally; maybe even not legally.

If you start looking at the legal side there are many aspects that need
to be evaluated. I am not a lawyer but I have a feeling that even today
there's a lot of issues not directly related to the above topic where we
fall foul of data protection rules, for example the way we continue to
offer old planet files for download complete with user names, even if
people have asked us to delete their personal information. (Remember,
even if people should have agreed to the distribution of their personal
data on signup, they can - as far as personal data is concerned - always
withdraw their agreement; we cannot then say "har har it is too late now
the data is already released under ODbL".) It is also totally unclear if
this "metadata" is even part of the ODbL licensed database. Another
issue is that there's no way for downstream users mirroring our data to
know that "user XY has revoked permission to distribute their user
name". Another big issue at least for European users is likely that many
governemnt institutions and large companies have strict house rules on
working with personal data; if your random government agency importing a
planet file into a database were told that this actually contains a ton
of personal data, they'd probably have to stop their machines
immediately and ask for permission from the relevant data protection
commissioner or whomever.

But I don't want this to become discussion about "how low can we go with
data protection to still be legal". I want this to be "how high can we
go with data protection to still be useful", and I think there's a lot
that can be done that will make our project better, friendlier, and a
safer place to be for everyone.

> When I said spirit, I though for instance mapping parties which were
> once very popular and still somewhat are. It was customary to make
> animated progress maps colored by user.

I think that a viable middle ground could be to make user data available
to signed-up project members only, and they'd have to promise to only
use that data for project-internal purposes. Hence, anyone with an OSM
account could make such an animated progress map, and it could be shown
to anyone with an OSM account. Only if you want to distribute it outside
of OSM you'd either have to remove/pseudonymize the user names or get
explicit permission (as in: "I am ok with you publishing this particular
work with my name in it") from the participants. Would that really be
such a big issue? I think you're making this into a much bigger issue
than it needs to be.

Bye
Frederik

--
Frederik Ramm  ##  eMail [hidden email]  ##  N49°00'09" E008°23'33"

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

Am 05.05.2017 um 00:39 schrieb Michał Brzozowski:
> ...
> Also, I see no reasonable way that upcoming EU privacy rules would
> affect us. Would they consider OSM as a special case or what?
> Everything mappers do, as has been said, is consensual and explicit.
>
> ...
Well I don't remember giving Pascal permission to process my data, and I
believe nobody else has :-)

And that is the crux of the matter, in a scenario in which a) any such
processing needs to be opt-in, and b) the permission for processing
needs to be explicit both wrt the entity doing the processing and what
is being done with the data, most such community activities become
impractical.

Which vandal is going to actively consent to their edits being feed in
to an osmcha instance outside of one run by the OSMF? We just  may be
able to make giving such permission to the OSMF a required condition of
getting an account but that is likely going to be it. And there are lots
of other aspects that I would rather not go in to right now, as it is
just asking for trouble.

Simon


_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

On 2017-05-05 09:17, Simon Poole wrote:
But what Pascal does is not what you do, so how is this applicable?

We have all agreed to the contributor terms (although I can not find the
version I have agreed to, I can only find a version from 2016) and that
says that OSMF has the right to sub-license. Which would include what
Pascal (or anyone else using or working on the data) is doing.

And, "You also waive and/or agree not to assert against OSMF or its
licensees any moral rights that You may have in the Contents."

That is pretty broad and basically tells you to shut up or put up.
Not that I see that as the last in this discussion though.

Maarten

_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

Am 05.05.2017 um 09:47 schrieb Maarten Deen:

> ...
>
> And, "You also waive and/or agree not to assert against OSMF or its
> licensees any moral rights that You may have in the Contents."
> ...
"the Contents"  is defined  as "in contributing data and/or any other
content (collectively, “Contents”) " further it is limited to "to the
geo-database" and refers only to the the "intellectual property rights
in any Contents" that the contributor actively "that You choose to
submit" contributes.

This is very unlikely to include meta data generated by the act of
contributing and other supplementary account data and does not cover any
privacy related rights to start with (not to mention, as I've already
pointed out, that blanket use permissions for privacy relevant data are
likely invalid in any case).

Simon



_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk

Am 05.05.2017 um 09:47 schrieb Maarten Deen:
> ..
> We have all agreed to the contributor terms (although I can not find
> the version I have agreed to, I can only find a version from 2016) and
> that says that OSMF has the right to sub-license.
PS
https://wiki.osmfoundation.org/w/index.php?title=Licence/Contributor_Terms&action=history




_______________________________________________
talk mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/talk