[OSM-talk] HDYC, login requirement and "privacy"

[Martin Koppenhoefer]

sent from a phone

> On 5. May 2017, at 01:36, Frederik Ramm <frederik at remote.org> wrote:
> 
> Only if you want to distribute it outside
> of OSM you'd either have to remove/pseudonymize the user names or get
> explicit permission (as in: "I am ok with you publishing this particular
> work with my name in it") from the participants. Would that really be
> such a big issue? I think you're making this into a much bigger issue
> than it needs to be.


you write a lot about personal data, but all osm admins have about users is some email address, which often isn't even existing anymore and an associated user name, and this email address is never published. For gpx tracks you can already choose the level of privacy, and even for identifiable tracks you don't know if the timestamps are real, if the track was recorded with an gps device or is simulated, and who has recorded it. In the planet there are only usernames, which can be chosen freely, and if I wanted I could choose "Frederik Ramm" or anything else, and nobody could know if this was my real name or not. HDYC allows to roughly locate someone in an area, but it doesn't allow to say who someone is or where exactly she lives. If you know which username is used by which real person then it is only because the person has disclosed this information and you believed her. If, for example, I map a nightclub frequented mostly by lgbt people it doesn't mean I have been there, it just means I know where it is (and unless I have told you, you won't know who I am), and even if I've been there you still wouldn't know when and for what reason.

Also everyone can create new users at will, if your concern is privacy, you could use a new user for every edit and nobody could associate these edits to the same person.

There are serious issues with surveillance and privacy in the world, but IMHO osm is the least of these problems. Does someone who sells a can of paint have to put a disclaimer on the can because people might write their name on a wall? Does an internet provider have to warn people not to disclose personal information in their blog? IMHO we have to account for different people wanting different levels of privacy: some people like to write their name on a wall (looking at the success of Facebook et al it seems that they are in a majority btw), others prefer to remain in the shadow. 

Maybe it could become an option not to disclose usernames, but actually this metadata is useful for other mappers: you can see if a user is local to a place, how much experience she has, how many discussed changesets, where and for what reason.

Really the people being able to tell who someone likely is are those that already have a huge collection of really private data from everyone, for example those that store the location data of every single step of you from mobile cells (you mostly can't get anonymous sim cards but have to identify with a document) and wireless networks, from passport controls at the borders and from flight lists, from your online orders and credit card payments, from cctv face recognition and fotos you uploaded, from your personal network in social networks, from the network of people you called and that called you, from the emails you send and receive, etc. Whom are you hiding from, the secret services, the government, big multinational companies? These actors will already know so much about you that your osm edits won't change anything, and if you have been able to hide your details from them you can also hide them already in OSM.

Putting a log in to hdyc, from my point of view, doesn't change anything (because everybody can sign up), besides that there are now more data created (Pascal will know who is interested in whom, and osm admins can see how often someone uses the service, and if it becomes common to do it like this, which third party services someone uses).

cheers,
Martin