[OSM-talk] Re: privacy policy

Martyn Welch martyn at welchs.me.uk
Thu Jul 27 18:09:44 BST 2006


On Thursday 27 July 2006 16:16, you wrote:
> On 7/27/06, Martyn Welch <martyn at welchs.me.uk> wrote:
> > On Thursday 27 July 2006 13:11, Immanuel Scholz wrote:
> > > Other than wikipedia, OSM does not allow the edit without a login
> > > (anonymous).
> > >
> > > I like to have the possibility to edit data without to have to create
> > > an account first. I don't care whether the IP address is used in this
> > > case (as wikipedia does) or not.
> >
> > I *really* don't think that this is a good idea and am supprised that it
> > works so well for wikipedia.
>
> Well this is the point is it does work for Wikipedia, 

Which I feel is the exception that proves the rule. I can't think of another 
project that does allow complete anonymous access.

> and your 
> problems can be used against OSM even with the current model with
> email accounts. 

But it's a damned sight easier to clear-up afterwards with minimal losses.

> If they were used in that way, FUD would be it's name. 
>

Possibly - though it's all about balance.  Possible problems, if for nothing 
other than legal reasons, need to be mitigated. Requiring a login for editing 
and even agreeing to some kind of agreement would IMO a good way to go. Even 
wikipedia has sections that can't be edited without an account and even 
locked sections AFAIK.

> > Can you provide more reasons as to why anonymous write access would be
> > good?
>
> 1. easy for user

So is walking to a shop and buying a Tomtom.

Wikipedia, even with anonymous access, does have barriers to participation. 
Try going into a large article and making major edits as logged in or 
anonymous user without discussing them on the talk page first - your changes 
are likely to be removed.

> 2. easy for dev (e.g. 3rd party web interfaces)

As I said, I think that anonymous *read* access is a good idea. This makes 3rd 
party viewers "easier" to write.

As for designing editors, adding basic authentication is not going to be the 
hardest part. As proof, we already have quite a few that manage fine.

> 3. same level of security, with less hassel.

I disagree. It was no more hassle than signing up to any BBS or mailing list! 
Having a login allows disambiguation between each users edits. Granted, it's 
not perfect, but it's *much* better at this than anonymous access. It is 
therefore much easier to determine which edits have been done by that same 
individual. IP-based disambiguation is not comparable to authentication. 
NATed boxes and dynamic IPs being two obvious problems.

Martyn

-- 

Martyn Welch (martyn at welchs.me.uk)

PGP Key : http://www.welchs.me.uk/martyn/pgpkey/

-- 

Martyn Welch (martyn at welchs.me.uk)

PGP Key : http://www.welchs.me.uk/martyn/pgpkey/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20060727/49d7b385/attachment.pgp>


More information about the talk mailing list