On 4 May 2017 22:33:47 IST, Frederik Ramm <[hidden email]> wrote:
>It doesn't matter that anyone can sign up and then view that data; we
>can at least make people promise to only use the data for project
>internal use when they sign up.
While I'm not looking forward to having to login to use various tools, I understand that it might be a step in the right direction for privacy-sensitive contributors.
But seeing how low this new barrier is, I don't think that we should advertise it as a privacy-preserving feature, because it'll give a false sense of security to the very users we are trying to help.
It's also annoying that it migh increase "contribution-less account bloat", but that's something we have to live with anyway.
I'd be more interested in annonymising features like a "randomize changeset and gpx timestamps a bit" account setting and providing a best-effort "delete my account and as much data as you can" button. These are more invasive and complicated than "login to see usernames" but they would be much more useful.
> Today, if you are looking for a job and you're being interviewed by a
> potential employer, the potential employer could say: "I can see from
> OpenStreetMap that you've been editing a lot during the day in your last
> job. Did you not have any work to do?" - and the employer would not even
> be "wrong". Harvesting the full history file for totally OSM unrelated
> information like that is not against any of our rules; it might be
> against the law in some countries but certainly not in others. If you
> publicly complained about what happened to you, it is very likely that
> there will be many people like in this thread who will say "duh, you
> idiot why didn't you use a pseudonym, didn't you read what you signed up
> for, lah lah lah".
> I would like to come to a point where, if this happened to you in a job
> interview, you could afterwards point to an OSM policy and say: Clearly
> this company has violated OSM rules, they must have created an account
> under false pretenses to get at this data and they're using it for
> purposes not sanctioned by OSM. That won't make you get the job, but it
> would at least make clear that we stand with our contributors against
> abuse of their data.
This scenario is not specific to OSM map edits at all. They could also
use mailing list archives to see you have been arguing about OSM
tagging conventions during work hours. Or see that you have been
editing Wikipedia. Every web forum, mailing list, social network,
wiki, etc. that has usernames and timestamps would be "vulnerable" to
Yet I don't know of any such platform that has rules on how such
metadata can be used, and I don't see anyone here arguing that we need
rules on the use of mailing list archive metadata.
On 07.05.2017 22:54, Nicolás Alvarez wrote:
> Yet I don't know of any such platform that has rules on how such
> metadata can be used, and I don't see anyone here arguing that we need
> rules on the use of mailing list archive metadata.
One thing at a time. Pascal's request for identifying yourself as an OSM
user is a tiny first step. Farther down that road there might be
conditions for the release of user-related information (e.g. "you can
get this info but you have to affirm that you won't abuse that"). Making
mailing list archives accessible to mailing list members only is also
something that Mailman offers out of the box and that we could one day
switch on if we like.
It is a common issue in OSM (and elsewhere) for people to use the status
quo as a reason. "Admin boundaries are not visible on the ground and
they are mapped, THEREFORE I can also map everything else that is not
visible on the ground" - no! And you're doing it the other way round,
saying "your privacy goes down the drain if you do anything online
anyway, so why should we at OSM take steps to protect it more".
Perhaps: because we can, and because it's a good thing?
On Sunday 07 May 2017, Frederik Ramm wrote:
> It is a common issue in OSM (and elsewhere) for people to use the
> status quo as a reason. "Admin boundaries are not visible on the
> ground and they are mapped, THEREFORE I can also map everything else
> that is not visible on the ground" - no! And you're doing it the
> other way round, saying "your privacy goes down the drain if you do
> anything online anyway, so why should we at OSM take steps to protect
> it more".
But we also should be careful not to apply the 'analogy sledgehammer'
the other way round - just because restricting access to data can in
some case reduce privacy issues it is not necessarily always the best
way to deal with such a problem.
Specifically that putting a login via OSM account in front of HDYC makes
sense for this specific tool and some specific concerns regarding it
(mainly the 'invitation to stalking' matter) should not lead anyone to
consider this a useful standard measure for all privacy related
Side note: Mailing lists are a very different matter for a variety of
technical and social reasons. I would say that the idea of restricting
mailing list archive access due to metadata based privacy concerns is
fairly far fetched (in contrast to content related concerns about
privacy or confidentiality - which make much more sense) considering
the archives show almost nothing of the mail metadata except 'From'
and 'Date' which can be freely chosen by the user.
Frederik Ramm wrote:
> saying "your privacy goes down the drain if you do anything
> online anyway, so why should we at OSM take steps to protect
> it more".
> Perhaps: because we can, and because it's a good thing?
...or perhaps it isn't quite that black and white.
OSM, at its best, is a community of real people, mapping their neighbourhoods, and taking responsibility for their edits. I stand by my edits in Charlbury and nearby because it's verifiable that I live here. If anonguy1 comes along and repeatedly edit-wars "Market Street" into "High Street", OSM defers, correctly, to me as the accountable local who feels a sense of ownership for my part of the map. If I wrongly armchair some TIGER and Todd from North Carolina says "hey, actually that should be a tertiary road", I defer to him - it's his map, I'm just visiting. As Mikel says upthread, "[OSM] depends so much on user reputation to retain quality".
Breaking the connection between real people and "their map" fundamentally alters the OSM community, and, I think, makes it closer to the toxic, identity-free, virtual-personality environment that Wikipedia can so often be. You know and I know that several of OSM's most challenging edit wars in recent years have involved people who have not admitted, or have heavily obfuscated, their real names - sometimes generating a succession of disguised identities. I do not think this is coincidence. With identity comes accountability.
There is nothing wrong with us saying "100% privacy is valuable, but it's not compatible with the way OSM works, and if you can't cope with your edits being trackable then OSM is perhaps not the project for you".
On 05/08/2017 10:53 AM, Richard Fairhurst wrote:
> Breaking the connection between real people and "their map" fundamentally
> alters the OSM community, and, I think, makes it closer to the toxic,
> identity-free, virtual-personality environment that Wikipedia can so often
Therefore I am skeptical of the knee-jerk recommendation so often given
to people who are concerned about their privacy: "You can choose any
pseudonym you want, even make multiple accounts if need be", or, taken
to the extreme in the thread above: "If you *really* value your privacy,
just create a new account for every single edit you make."
I would prefer if we could achieve a situation where users can dare to
be a little less protective of their privacy inside the project, because
we as a project take steps to keep what happens in OSM, in OSM.
I know this can never happen in an airtight way. But I would like it if,
when someone abuses one mapper's OSM "metadata" for reasons it wasn't
intended for, the community stands behind that mapper and says: This is
an abuse of our data, stop it - instead of engaging in "victim shaming"
by telling the mapper that they were stupid to use their real name (or a
traceable nickname) to begin with and/or that if they can't stand by the
edits they make they shouldn't have joined in the first place.
> You know and I know that several of OSM's most challenging edit wars in
> recent years have involved people who have not admitted, or have heavily
> obfuscated, their real names - sometimes generating a succession of
> disguised identities. I do not think this is coincidence. With identity
> comes accountability.
You are coming dangerously close to suggesting a "real name policy" here
in OSM. I wouldn't categorically oppose that, but it would mean an even
greater responsibility on our side to protect the privacy of users. Most
arguments raised in various other places (Facebook etc) about real name
policies hold true for OSM as well; some people might open themselves up
for prosecution or feuds if it became public that they're mapping in OSM.
> There is nothing wrong with us saying "100% privacy is valuable, but it's
> not compatible with the way OSM works, and if you can't cope with your edits
> being trackable then OSM is perhaps not the project for you".
For me there is a very big difference between hiding user names
altogether, and hiding user names from "project outsiders who haven't
clicked a button promising that they will play by our rules".
What's been done by Pascal, and what I am advocating, is the former;
what you seem to be arguing against, is the latter.
On 05.05.2017 at 11:38 Martin Koppenhoefer wrote:
> General Data Protection Regulation (GDPR)
just a hint to a talk held at the FOSDEM 2017 (including the video):
https://fosdem.org/2017/schedule/event/foss_and_the_gdpr/ Maybody some persons discussing here might want to have a lock at that