[openstreetmap/openstreetmap-website] API for user blocks (#1618)

[Frederik Ramm]

I'm not sure this needs to have any bearing on what we are discussing here. The gist of what @simonpoole refers to as "woodpeck discussions" is, in one sentence: **We might at some point in time want, or even have to, restrict the display and distribution of contributor user names to people who have "signed" that they will only use this data for OSM-related purposes.** This would, for example, mean that the OSM API would only return data with user names to logged-in users (who, as a condition of signup, have agreed that they will only use them for OSM purposes), and it would mean that the normal, unrestricted, public planet file would not contain user names (while a second one that you could download after logging in or clicking some "I agree" button or so would).  

This would not protect our contributors from being stalked through OSM data (after all, you can see from our data who was awake and at the computer at what time, sometimes even who was in a particular area at a particular time), but it would at least make such stalking violate our rules (while currently it totally fine with us to milk the planet file for all it's got about a particular individual and put that on a web site, duly ODbL'd). It would set a clear sign from the project that this data is only meant (and necessary, think QA) for OSM project purposes, and make us less vulnerable to data protection complaints. 

(Unlike with the geodata itself, we never promised anyone that we would distribute the metadata under ODbL so license-wise this could be done.)

This discussion originated in a data protection BoF at FOSSGIS in Passau, and has motivated Pascal Neis to make his HDYC tool "login only" (after he had also received, unrelated, legal threats from mappers who were surprised to see what they considered personal data published openly). The matter was discussed in English on the talk list here: https://lists.openstreetmap.org/pipermail/talk/2017-May/077940.html

I think it is an interesting and important topic, but IMHO it doesn't belong here; if we should ever decide to limit username information to logged-in users, we'll simply have to revisit all API calls and modify them accordingly, and it won't make a difference if there's one more or less.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1618#issuecomment-325979478
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170830/2b291c8a/attachment.html>