[openstreetmap/openstreetmap-website] Prevent mechanical signups by malicious users (Issue #4307)
SomeoneElseOSM
notifications at github.com
Tue Oct 24 00:44:04 UTC 2023
@matkoniecz The main reason why I raised this is because whatever we're doing as a project right now, it isn't good enough. Just in the last couple of hours we've had significant vandalism by at least 20495461, 20495462, 20499080, 20499083, 20499226, 20499230, and 20499223 (and possibly more - those are just the ones I've spotted).
We cannot allow scripted signups like this for a couple of reasons - one is to prevent vandalism, but another is to prevent "clever" people adding data mechanically to OS without the person submitting the data ever actually seeing the Contributor Terms etc. - if someone has never read what data is license-compatible with OSM how can we be sure that the data that they submit actually is?
Whether this is dealt with here or on https://github.com/openstreetmap/openstreetmap-website/issues/1083 I really don't care - but that issue has languished there since 2015.
We absolutely shouldn't underestimate the effort that @tomhughes has put into trying to resolve this - the rate limiting introduced by https://github.com/openstreetmap/openstreetmap-website/pull/4198 has helped greatly. There is, unfortunately, still more to do.
It does seem that the team working on this code is is vastly under-resourced - hence https://github.com/openstreetmap/openstreetmap-website/issues/3815, I guess . There are various ways that the root cause of that could be addressed (some discussed on that ticket, although I'm not convinced that "reviewing randomly-submitted PRs" - which is what it sounds like is happening at the moment - would really help).
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4307#issuecomment-1776277137
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4307/1776277137 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231023/d6bbffc6/attachment-0001.htm>
More information about the rails-dev
mailing list