[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?

[John Smith]

2009/12/26 Frederik Ramm <frederik at remote.org>:
> 1. What do we want to protect?

This depends who you ask.

> 2. Whom do we need to protect us against?

At this stage mostly spammers, accidental incidents and malcious
incidents, but with current growth rates is the level of current
issues going down or up? Will new problems stay new problems?

> 3. What resources (and what other means to get to 1.) does that guy have?

Well someone was antagonising the Chinese government the other day
about not caring about their mapping requirements, they have large
amounts of resources to counter the antagonism.

> Sometimes, for a balanced reaction, you might also want to add:
>
> 4. How realistic is the threat *currently*, and if the threat is not
> *currently* realistic, then how much damage would be done if one just
> waits until the threat becomes real?

5. If you are reactionary do you want to end up looking silly as a result?

> The existing demands for encryption seem more politically/ideologically
> motivated ("we should long since have done X"), with the answers to the

Erm, isn't that the same reasons OSM exists?

> above being something like "our privacy" for 1, and "world governments"
> for 2. - I don't believe in the notion that general paranoia heightens
> your personal security and privacy.

For #2, the US has already been shown to be doing large scale snooping
that proves 2 is occurring, and the UK government wants it to occur.

As for #1, China just jailed a dissident for 11 years:

http://news.yahoo.com/s/ap/20091225/ap_on_re_as/as_china_dissident_sentence

And so #2 and #1 are the same thing in some cases.

> As for OSM, I'd say we can afford to wait until governments start
> large-scale spying on their citizens (or subjects, for those of us who
> live in monarchies), and then we can still encrypt everything.

Well the US/China already are, and many others lining up to follow suit.