[OSM-talk] HDYC, login requirement and "privacy"

Frederik Ramm frederik at remote.org
Fri May 5 09:59:36 UTC 2017


Hi,

On 05.05.2017 11:01, Christoph Hormann wrote:
> ... or use some rouge open instance running anonymiously somewhere.

I am aware that no matter what we do there will always be "rogue" uses
of our data.

Therefore making all contributors aware of what they are releasing about
themselves and how it could be used against them remains important no
matter what we do. (And we have to find ways to do that without sounding
alarmist.)

In fact, we have a similar situation with our license: We spent
countless years debating and then changed our license to what we thought
was best. We all know that we cannot keep a rogue user from ignoring our
license - but at least we can define what we want to allow.

I am expecting the same for the sensitive user data. We will never be
able to ensure that the data is not used against the wishes of the users
- but we can ensure that those who do this are in clear violation of our
terms and hence "bad guys".

Just to pick a random example:

Today, if you are looking for a job and you're being interviewed by a
potential employer, the potential employer could say: "I can see from
OpenStreetMap that you've been editing a lot during the day in your last
job. Did you not have any work to do?" - and the employer would not even
be "wrong". Harvesting the full history file for totally OSM unrelated
information like that is not against any of our rules; it might be
against the law in some countries but certainly not in others. If you
publicly complained about what happened to you, it is very likely that
there will be many people like in this thread who will say "duh, you
idiot why didn't you use a pseudonym, didn't you read what you signed up
for, lah lah lah".

I would like to come to a point where, if this happened to you in a job
interview, you could afterwards point to an OSM policy and say: Clearly
this company has violated OSM rules, they must have created an account
under false pretenses to get at this data and they're using it for
purposes not sanctioned by OSM. That won't make you get the job, but it
would at least make clear that we stand with our contributors against
abuse of their data.

(If that hasn't become clear already, I am of the opinion that the
current contributor terms don't necessarily mean that the contributor
asks OSMF to distribute their *metadata* under ODbL - I think it just
applies to the *geodata*, and if we wanted we could slap restrictions on
the *metadata* part of things.)

> For a balanced discussion - and i am not saying i would actually prefer 
> this approach to what you are suggesting - the whole problem could also 
> be approached from the other side by reconsidering the possibility for 
> partly anonymous edits. 

Yes. I think both approaches could be grouped under "restricted access
to personal information", and there will probably be still other
approaches with their own advantages and disadvantages.
, and I would even assume that "restricted access to personal
information" and "

>> Hence, 
>> anyone with an OSM account could make such an animated progress map,
>> and it could be shown to anyone with an OSM account. Only if you want
>> to distribute it outside of OSM you'd either have to
>> remove/pseudonymize the user names [...]
> 
> That part is really tricky, you'd have to be very specific on what kind 
> of aggregation is necessary to make the data ok to be published.  
> Obviously just replacing each user name with user<hash_value> is not 
> going to cut it.  Without clear rules here anyone who publishes 
> anything based on such data would be in a legal mine field.

Yes; even today if a person uses a nickname with OSM and not their real
name, I think it would in many cases be easy to make the case that it is
very easy to de-pseudonymize the person. Currently when someone asks us
to delete their account we simply replace their user name with user_1234
(their numeric user id); it is quite possible that this is totally
insufficient at least in countries with strong data protection laws such
as the UK because the person can still be identified and connected to
all their edits.

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00'09" E008°23'33"



More information about the talk mailing list