DWG username impersonation

This is a highly hypothetical question. In worst case the database would be stopped and some backup restored or something like that.

A “pool of pre-established accounts” is not unusual for this sort of activity in OSM, and seems to have been a factor here too - although I think we need to reserve judgement on a couple of the potential accounts (assume good faith and all that).

The other thing that I don’t think has been mentioned so far is password-stuffing of existing accounts. Lots of large password leaks have occurred on lots of other sites, and people (especially 10 years ago) often shared passwords between sites.

The idea of a maximum number of edits per account and day - that could
be increased on a case-by-case basis in the case of properly discussed
imports - has been floated and could, together with even stricter limits
for newer accounts, help reduce this threat.


One clear response today is to find the changesets removing names in Russian and revert all of them to remind people that this sort of action doesn’t pay. Taginfo still has 400,000 down.

@DWG are you going to revert the Changesets by ixpoDre or should the community do this.

The idea of a maximum number of edits per account and day - that could
be increased on a case-by-case basis in the case of properly discussed
imports - has been floated and could, together with even stricter limits
for newer accounts, help reduce this threat.

I’m not sure that this really scares off bad actors.
someone used over 15’000 different IP addresses from quite a number of
IP different address blocks from various countries and specifically used
crafted Overpass requests to make the system unavailable for everyone else.

I’m confident that this has been the third or forth round of attacks
after two or three earlier rounds have been contained by Overpass’ quota

There are definitely both aggressive and sophisticated actors out there
that might be able to command a huge number of user accounts. However,
trying to predict attack patterns is Movie Plot
not actual security.

Don’t forget that there might be attacks to disrupt more the community
than the data.

I’d rather focus on tools that give insight into the state of our own
data and the community. Such tools help to reassert ourselves that our
data and community is still in good shape. There is a lot of things that
can be improved there.

Nonetheless, it always makes sense to prepare lines of defense than can
be turned on when other options are dire. Restricting edit activity per
day and account clearly falls into that category.


If there is ever need for that, we could require asking for mobile number verifications, just as some big tech does. Or alternatively via U2F keys (their ID is unique) for privacy conscious people.


Here’s where it was floated:

Bruce Schneier’s point about movie plots is that a society should counter broad threats by thinking about the bigger picture, rather than playing whack-a-mole, going out of our way to address very specific scenarios, some of them imaginary.

This is good food for thought, but it shouldn’t dissuade us from increasing the cost of evading blocks, hiding vandalism inside slash-and-burn changesets, harassing users anonymously through sockpuppets, and other techniques that are so easy that even more casual troublemakers may be tempted to try them. API-level restrictions, improved analysis tools, and stricter enforcement of existing policies can all contribute to addressing these challenges.

As for the bigger picture, realistically, this project isn’t going to solve the war in Ukraine. But that doesn’t mean we must be an attractive target for vandalism masquerading as solidarity.


I made a CLI tool, uniwhat which shows the unicode characters which could be useful too. Homoglymps were an issue for taginfo too. Those feeling evil can generate homoglyphs from homoglyphs.eu.


Do we know why old_name:ru has suddenly dropped? Edit: I misread, the total is back to normal.

No, it does seem to be dropping rapidly, it’s reasonable to assume that it’s related to recent edits to ·name:ru, can you find out which accounts are deleting old_name:ru? Or make a precautionary observation on all *:ru ?


The latest Taginfo lists 1,479,472 occurrences of name:ru, which is still 100,000 less than there were recently. Do we know why that is?

This is starting to morph into a general discussion of the deletion of Russian name tags, less tangential to the impersonation of a DWG member. I am considering renaming the thread or splitting it just so you folks know if this continues for a time.

1 Like

This has started happening just recently. Majority of the thread is about impersonation.

1 Like

Some sort of Telegram “decolonization” operation…

I saw this user “Anti1982” leave a (not) nice comment in a changeset from the impersonator… lo and behold, the nastiness of the comment outed himself as a vandal. Here’s a specific example near Sumy: Way History: ‪Кленова вулиця‬ (‪239299960‬) | OpenStreetMap

The changeset contains a link to a Telegram channel which then links to a website with a large list of objects in Ukraine that need to be “decommunized”.

Edit: I am talking about the name:ru tag removal, not the street renaming in general. The name:ru tag has been alternatingly added/removed in the last 30 days. In fact, the change of the “name” tag from Ватутіна to Кленова and the removal of name:ru at the same time probably didn’t trigger any automatic checks, so I think this is a relevant edge case.

Could this be streets that were officially renamed? The images posted in the Telegram channel look like official documents, although I couldn’t check their authenticity.

1 Like

Indeed, the municipality was renamed these objects at the end of 2022

I would be happy if the order of discussions followed the guidelines and addressed the changeset author first rather than posting here, of course without any words “vandal”. Although it is true that in source provided by Anti there was no stamp on the document and there was the word “Проєкт” (Project), which means that was still considered, but not accepted yet

This thread was started when an impersonation account mass-removed Russian-language names (name:ru) both inside and outside Ukraine. These removals continue. It is perhaps understandable that people are now getting twitchy about any such edits.

1 Like

According the Neis daily change set matrix this person, currently in a block expiring in a dozen hours as of this writing, has/had done 380 CSs today.July 25, 2023.:triumph:.

Not from that account they don’t…