[Osmf-talk] hosting in the UK and "anti-terror legislation"

Frederik Ramm frederik at remote.org
Mon Sep 9 11:22:47 UTC 2013


On 09/09/2013 12:39 PM, Martin Koppenhoefer wrote:
> With recent news it seems inappropriate for privacy reasons to host the
> db (users db but also the rest because of IP logging) in the UK. Has
> this been discussed on the board?

"Board has discussed moving all our infrastructure into the Ecuadorean
embassy but the space was already occupied by Julian Assange."

No, seriously - this has not been a point on our agenda until now.

I can see where you're coming from but we'd really have to make a proper
risk assessment - what events to we want to protect ourselves and our
users against, what steps would be required for that, and how important
is that goal to us? (Drastically spoken, if we could get better privacy
for the price of more timeouts on data upload, would we do it?) We would
also have to take into account that other jurisdictions and locations
might bring other problems, like making it easier to sue OSMF or limit
our connectivity.

There are many reasons for keeping stuff at the current London locations
- sponsored hosting saves tens of thousands of pounds every year, and
our admins have physical access when required, and make use of that
regularly - I'll defer to Grant for precise numbers but I'd guess it is
once or twice a month, sometimes on short notice.

We wouldn't give this up without a very solid reason.

Personally, I'd like the OSMF to take a couple other, much smaller, data
protection related steps. For example, much of our current internal
email uses Google's mail systems, and board as well as many working
groups make heavy use of Google docs. If it hadn't been for the paper
ballots filled out in person in Birmingham, Google would have known
Saturday's election results before any of us. It is not impossible that
a GMail user who has voted for a certain candidate is shown "relevant
advertising" (whatever that may mean). This is an undesirable situation
and something that we could rectify with easier means than moving our
hardware to Iceland.

(Btw. I think that Grant mentioned in his DevOps talk that he was hoping
to be able to offer SSL support on all OSM services soon.)


Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00'09" E008°23'33"

More information about the osmf-talk mailing list