[OSM-talk] Disallow Anonymous Edits NOW

Mon Oct 15 16:44:35 BST 2007

On 15/10/2007, tim <chippy2005 at gmail.com> wrote:
> +1 to being able to contact recent editors of node
>
> +1 for history and rollback
>
> -1 for making all edits public
>
> So you think they can be reconciled? I'm sure we are smart enough.
>
> some thoughts:
>
> anonymity is not the same as "rotating logins"

It's not, you're right. But being able to connect together a bunch of
edits in a small area isn't that much loss really. The value of your
rotating logins will depend on how you use them. I'm sure someone
would be able to come up with a tricky algorithm to follow which would
disconnect the different pieces. For most people one account for home
turf, one account for moving around, a new account for every mapping
party or major other mapping endeavour, would probably be enough.
You'd probably want to take more care when mapping link routes. You
can also enter data in the wrong order, and several weeks after your
physical self has moved elsewhere.

>
> "Maybe that person could be forced to read or even reply to such
> messages before making new edits. " is open to obvious abuse.

Yes, that sounds like a generally bad idea... I'd only really want
such a feature as an admin only option... and admins could already do
that if they really wanted to.

>
> "let's see where else this user maps" - targeting of individuals,
> stalking, bullying, increasing the problem of bad edits.

using different accounts would stop this wouldn't they?

>
> "lets make a list naming and shaming the worst offenders of X
> behaviour in this area"

that's not so much a problem as a useful feature. it maybe not very
polite, and it sounds a little subjective, but if you have several
accounts it's not going to hurt you more than someone flinging off a
pile of messages to all the last editors of the worst offending stuff.
If you're just taking offence, well, you probably are anyway because
of this X behaviour being deemed bad enough for someone to want to
make a list.

>
> Spamming of emails/messages/advertisements to all editors who live in
> London about an exciting new website/medicine/business opportunity
>

Ah, spam, now there's an interesting problem!
I suspect when this starts to become a problem we'll get spam filters.
And an option not to be informed of new messages (opt out basically).
This is a problem for any mechanism that permits contacting users,
whether they remain unnamed or not.

> Chinese mappers and other places with less liberal views on privacy.

I'm not actually sure there's much difference to this. From a
technical perspective the authorised login that happens for each edit
can be tracked (it's not encrypted) if you have control over the
firewall -- and in reality you're looking at the IP address which is
far more identifying. The only issue is with being able to tie this to
previous edits which you didn't track... but that's more of a problem
in legal systems where you actually have to provide evidence. In those
cases you might fully expect some random legal request to end up on
the OSMF's doorstep. And if you're using TOR or similar then tieing
edits together really doesn't help/hinder unless some of those edits
give away the real person... which you can overcome using multiple
accounts.

>
> With a little thought I'm sure you can also think of other potential examples.

I actually can't. I've been racking my brains on full nefarious attack
mode, and so far I can't think of anything that can't be overcome with
multiple account usage. If it was GPS tracks then yes, but you always
have full control over edits and they don't necessarily give away
details such as where you live (I've only ever edited my road twice
afair). It's true you might have to be more careful.

>
> Also, beware saying "those with nothing to hide have nothing to fear".

+1 to that. It's a silly cliché and easily disproved.

>
> Of course, as previous emails have said it's not directly mappable
> between osm user and real person, but it's one step closer.

Not sure what you mean by "one step closer" here ("someone might be
able to use it", or "in the future it might get extended", but if it's
the 2nd...), but also beware of slippery slope style arguments. Unless
this process actually enables something (whether intended or not),
it's not valid to argue that we shouldn't do it because at some point
in the future it could be extended to do that something. The correct
time to complain about that is when someone actually proposes doing
that something.
Note that the DB already has /all/ of the information being discussed
here + some more, so the future possibilities remain the same
regardless of the outcome of this discussion.

The main problem we have is that to make this contact mechanism
properly useful we have to be able to tie together edits. Personally
I'd prefer the individual users get control over that process rather
than rely on the OSM server to do it in a "safe" way. At least this
way everybody knows the rules of the game.

Dave