[Talk-us] SEO Damage to OSM

Ethan Nelson ethan.nelson.osm at outlook.com
Wed Jul 5 22:27:48 UTC 2017

Just to bring a little perspective from the DWG (but speaking in a personal capacity):

The issue of SEO groups adding information first came up at the beginning of 2016. We were able to revert a lot of the data for a while in cooperation with vigilant users. Blocks are useless in these cases because you are playing whack-a-mole with new accounts. Additionally, I compiled a list of some of the users to check with sysadmins, and it turned out all the accounts had the email domain and IP address outside of the US. As a result, we added some countermeasures to try and stave off the issue. The main characteristics on these edits were each account being named after a business and adding only that business (including the 'Keywords' key in their tags). What made detecting these edits difficult at the time was mappers coming by and correcting the tags to be more "mainstream" (such as changing 'Keywords' to 'keywords' or 'description').

Over time, though, the editors became smarter (attackers adapt to defenses) as they started to use "mainstream" tags instead of sore thumbs, register with emails that were not all the same, and register from different IP blocks. Without a clear connection, it was a matter of loose-leaf accusations against some company for accounts that blended in a little more. And I doubt the sysadmins would agree to block whole range of IP addresses.

Some of the edits shared a common thread and pointed towards an SEO company based in California. Over time, I have attempted to contact them. This has entailed sending emails to their support addresses (not only from my personal address but also from a DWG address), the CEO directly through their address on LinkedIn, filling out contact forms on their website, and tweeting them. In addition, I have tried to directly contact some of the businesses whose information was added to inquire who they hired for their online presence, website, and so on. Not a single response was received in any of these cases. And were I to try and call that company, I speculate I would not even be able to get a hold of anyone past level 1 support or sales.

Really, I can't say for certain this company is even responsible, so it's difficult to craft some official letter from e.g. the Board. It could be this company contracts out geoSEO work. And maybe even their contractor subcontracts it to yet another firm. Also, some of the examples show different characteristics than the first group I had brought up before (which I don't believe I ever saw add information to a street), so there could be more than one group at play here.

It is not the easiest task to automatically sort out legitimate businesses from SEO editors, so that means it will probably require manual screening of all new user accounts.

What's the solution? I don't know. That and vandalism detection are two million dollar questions (reward money not supplied).


Ethan aka FTA, speaking about his DWG experiences in a personal capacity

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk-us/attachments/20170705/5531b346/attachment-0001.html>

More information about the Talk-us mailing list