[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Frederik Ramm
frederik at remote.org
Tue Dec 22 14:47:50 GMT 2009
Hi,
John Smith wrote:
> I gave several good reasons, but you chose to rebuff my question with
> a silly question.
No, you didn't give any reasons, you just basically claimed that "SSL
protects users and passwords", and I said that I think neither is the
case. It is a common fallacy to think so.
> It's not just passwords, that's just the most obvious case, why would
> I even consider uploading private traces in future if the UK govt goes
> ahead and you fail to protect my privacy properly,
The UK government can, at any time, force access to our servers which
are located within its jurisdiction, and download your every private
traces from these servers.
> At least if they request it from OSM they're be required to get a
> warrent and potentially face legal challenges, when they pull data
> over the wire en mass what legal recourse is there?
I don't think spying on people without a warrant becomes more legal if
done secretly.
> Then ask for donations for hardware or to buy hardware that can handle
> the requests, SSL really isn't a resource issue like it used to be,
> hardware has continued to improve greatly and demands from encryption
> is now a minor concern.
Why should we? The issue is kind of moot now since TomH has already said
they're planning to do something but I really dislike your attitude. If
you think that SSL is required then do something to get SSL implemented
- raise funds, work on the API, work on the editors - just don't sit
there and say: "Why doesn't OSM do this and that."
Bye
Frederik
More information about the talk
mailing list