[openstreetmap/openstreetmap-website] Limit number of edits per user and day (#2342)

Sun Aug 27 12:03:25 UTC 2023

Preamble: I am aware that repository maintainers are aware of facts stated in this comment. This comment is attempt to summarize what was posted so far and propose some specific limits. I made it with hope that it will be useful.

So we have few types of edits:
- regular low intensity edits, should not trigger rate limit
- DWG, can be exempt from rate limit
- power users, for example people reverting vandalism. Ideally they can be issued some flag but for now maybe just exempt from limits accounts with more than 2000 edits? (also, once changeset rate limit exists: maybe such accounts can be exempt from changeset comment limit or get it relaxed?)
- new users accounts that should be able to survive with small allowed edit rate
- bot accounts, especially new one can be tricky. Rate limits will hit them. But is it really so bad to ensure that new bot accounts are forced to go slowly?

For specific limits:
- DWG and accounts with more than 5000 nonepty changesets: no limits or something like 6000 changesets/h and 5M affected elements/h
- people with more than 2000 changesets: 600 changesets/h, 500k affected elements/h - first six additional unresolved reports filed about them reduces it, each by half (maybe count only one report from given account? Either way floor is needed here to avoid locking account by report spam. And reports from blocked accounts should be ignored here.)
- people with more than 100 changesets: 100 changesets/h, 50k affected elements/h limit (reports affect them in the same way)
- people with less than 100 changesets: 10 changesets/h, 5k affected elements/h limit

Costs here are additional complexity, also for editors that need to handle this (one it starts being developed it would make sense to ping at a least iD maintainer, likely also other developers). Mostly by providing new error message. The same goes for API libraries.

Is it viable for new legitimate user to edit more than 5000 elements and try to submit as their first edit and become stuck

Maybe it would be feasible to reduce limits by factor of 10 and count each tagless node as 1/100 of object? That would reduce vandal bit impact without risk of blocking new people mapping landuse.

Is it possible to assign greater penalty to empty edits? This is associated with buggy software and vandals. For example by counting opening changeset as 5, then reducing count by 4 once first data is send.

For future: rate limit exempt flag. Would it make sense to discuss with community/DWG/whoever relevant how it would be assigned? Or is it better to wait for at least initial implementation?

Would it make sense to include also IP-based rate limit, not only per account rate-limit?

Considered: button to temporarily bypass rate limits (complex, will help in small subset of cases), taking into account OSMF membership (not happy about this starting to give any privileges in mapping). Date of registration - reduce limits for new accounts (additional complexity, seems easy to work around it but may make sense).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2342#issuecomment-1694650004
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/2342/1694650004 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230827/2ff2b95d/attachment.htm>