Accessing third-party repositories

Dirk Stöcker openstreetmap at dstoecker.de
Fri Feb 14 20:37:17 UTC 2020 

Hello Frederik,

> upon starting JOSM I was greeted by, among other things, messages that
> loaded content from "wikidata.org" and "sophox.org".
>
> I have not actively enabled something that would make these queries, nor
> have I been asked for my consent to transmit the fact that someone is
> using JOSM at this IP number to wikidata.org or sophox.org.

As Vincent already said this is a temporary situation and will be changed.

> I can understand that if I load Ilya's geochat plugin it will phone home
> to Ilya's server, or if I enable certain imagery layers they will load
> data from the imagery server. Also it is clear that JOSM will access the
> OSM and JOSM servers. But I think that we should not add random third
> party web sites that are under control of neither OSMF nor the JOSM team
> to the mix without explaining this to the user and asking for their consent.

JOSM allows to access really a lot of different web resources
* tag specific web sites
* OSM wiki
* JOSM server
* OSM SVN
* plugin/presets/style/rules files and embedded elements (icons)
* maps and map icons.

I try to keep it in a way, so that any connects not going to the JOSM 
or OSM API server somehow must be initially user-initiated (which is not 
100% true ATM, as e.g. maps icons are fetched (and cached) even if you not 
actively add a maps). And probably I also overlook something.

> Would it perhaps make sense to build a generic "consent to access server
> X" feature into the JOSM core, and anyone - whether core or plugin -
> would then have to acquire user consent once before accessing a remote
> resource?

I fear that would only be annoying like these famous cookie requests 
nowadays. And for plugins it would not be possible to enforce. JOSM is 
designed to be an online software and it's not so easy to prevent that 
without loosing much of what JOSM is.

Anyway I created ticket https://josm.openstreetmap.de/ticket/18712 for a 
bit more control.

Ciao
-- 
http://www.dstoecker.eu/ (PGP key available)

More information about the josm-dev mailing list