How about limit new accounts?

SomeoneElse · September 16, 2023, 11:08pm

In the last few days I can see:

  user_name   
--------------
 caznosi
 coerci
 Emerald Path
 gterpows
 hoij1
 odpsa
 saidThat
 vrg17
(8 rows)

(and there was one more later that night)

 user_name 
-----------
 BorealTed
(1 row)

SomeoneElse · September 16, 2023, 11:44pm

Taking one of those as an example, you can see how the account was used for “legitimate edits” previously before vandalism this evening:

changesets=> select id,num_changes,created_at from osm_changeset where user_name = 'Emerald Path';
    id     | num_changes |     created_at      
-----------+-------------+---------------------
 138547353 |          40 | 2023-07-15 14:33:59
 138547405 |          15 | 2023-07-15 14:34:43
 138547443 |           9 | 2023-07-15 14:35:37
 141360798 |           1 | 2023-09-16 22:33:34
 141361157 |           0 | 2023-09-16 22:54:12
 141361391 |         182 | 2023-09-16 23:03:26
 141361396 |         147 | 2023-09-16 23:03:44
 141361403 |         153 | 2023-09-16 23:04:01
 141361410 |         284 | 2023-09-16 23:04:18
 141361412 |         505 | 2023-09-16 23:04:36
(10 rows)

Intellect · September 19, 2023, 9:11pm

It does. But now you must pay for lock mounting and tenants from now on must always carry a key in a pocket, while thieves still can freely enter your house through window. You could invent difficulties to fair users while not preventing evil users from do damage.
Users should earn reputation. Protected objects should be edited by users with proven reputation only. Important objects should be protected, especially objects with names rendered in tile maps on a large scales.

Hungerburg · September 19, 2023, 9:35pm

I tried to push something like that in topic Earning trust as Newbie but failed.

Still, I do not think consumers should have the say.

Yunkers · September 20, 2023, 6:09am

World is not “black or white”. Locking doors is still very important. While everybody can walk through doors, only few will be physically able to enter through a window. So doors are improving security of your house greatly. Mild inconvenience of carrying the keys reduces the number of people that can stole something from 100% to maybe 5%. Isn’t it worth it?
The same goes with cybersecurity. While we are unable to prevent all attacks or acts of vandalism we can make it as difficult as possible, so only few people can vandalise. It does improve the security of our data.

Thiskal · September 26, 2023, 6:58am

So in the Netherlands there is someone who has been opening dozens of anonymous notes filled with long angry tirades, insults and even threats because we aren’t removing the private footways in their neighbourhood. They have been doing this for well over a week by now, and are no showing a sign of stopping. no matter how much people try to explain or reason with them.
See: Note: 3902872 | OpenStreetMap

This is possible because anonymous people are able to continuously spam notes. A limit on anonymous notes would help, or maybe even disabling them alltogether. Though of course the latter is a tad extreme, and I don’t know how possible the first is. So I’d like to hear what others think about this idea.

A select few of the notes in question (all google translated to English from Dutch)

Also see this thread that started 3 years ago about the same neighbourhood and recently became active again Mapper beroept zich op uitspraak van Raad van State.Gaat dat OSM aan?

Mateusz_Konieczny · September 26, 2023, 11:02am

note comments by anonymous were disabled already due to a dedicated troll spamming single letter comments on repeat (mostly in Eastern Europe/Western Asia)
I am using https://codeberg.org/matkoniecz/OpenStreetMap_cleanup_scripts/src/branch/master/script_assisted_cleanup/watchlist_for_new_notes.py to deal with some trolls/vandals/test edits. Maybe there are some phrases (like one in top-left note?) that appear repeatedly and never in valid notes? Allowing notes to be closed (and reviewed after closure by human, still faster than catching it manually).

If you send me via PM some repeated insults that never ever will appear in useful notes then I can add to what I am closing semi-automatically (see Notes submitted or commented on by Mateusz Konieczny - bot account | OpenStreetMap for what is closed, notes after closure are reviewed)

Thiskal · September 26, 2023, 11:09am

Thanks for the offer. I’ll try to see if I can find some words when I have the time and will PM these to you.

SomeoneElse · September 26, 2023, 11:14am

Personally, I’m not convinced that anonymous notes (any anonymous notes, not just angry tirades or spam) are a net benefit to the project. At best even well-meaning ones can only be a “prompt for a local mapper to survey”, since we can’t take an anonymous contribution on trust.

Mateusz_Konieczny · September 26, 2023, 11:20am

in Poland some were very valuable. For example:

pointed out vandalism
revealed seriously outdated info, fixable with aerial imagery and/or other sources
in the end someone joined as a mapper

(but overall benefits may be small or none or negative, but best case scenario is better than that)

ManuelB701 · September 26, 2023, 5:07pm

It’s… not as bad as you may claim. I sometimes investigate certain nodes myself even by non-anonymous users especially if it’s a couple months old where things could have changed quite quickly, not to mention that non-anonymous users, especially StreetComplete users, don’t leave enough details which also require some manual investigations (trust me, I made that mistake once), not to mention they also help to map things sooner than later.
On top of that, as Mateusz mentioned, reminders that buildings and many other things which can be and are mapped by areal images but haven’t been already don’t require surveys (at worst, it’s a demolished house but that can easily be marked as such).

Anton_Khorev · September 26, 2023, 7:11pm

By the way, you can use bbox parameter when searching for notes with the api.

Mateusz_Konieczny · September 26, 2023, 10:16pm

in some cases vandal made so many notes that it was timing out (and if I run script anyway, I can detect very silly notes worldwide)

SomeoneElse · October 2, 2023, 10:46pm

For information, there is further name removal vandalism taking place.

What is happening in each case is that a “new” account is being created, several thousands of changesets submitted each with one change in them like this, and then the account deleted.

GoID_Yukha · October 3, 2023, 12:22am

How about adding phone number verification? Most countries require identification to register phone number. It could scare off vandals

HikeAndMap · October 3, 2023, 3:29am

We drifted a few times astray from the core issue:“New users shouldn’t, at least in theory, have the possibility to waste time of legit mappers.”

The reality is - everyone who wants to waste time and thus life of legit mappers can do so with the current policies in place by the OSMF and OSM community.|

Options have been suggested: IP limitations, but what about schools or clubs where a whole class likes to join?|
Limitations by phone number, but what if someone doesn’t have a phone or doesn’t want to use it for online registration?
Restriction by you need to login per your valid Google account, Facebook account? Yes everyone can make fake accounts.

But any of these measurements for sure makes it a bit more daunting obviously, no need to deny that.

So how about to offer a few options: you can use for verification your FB account, Google Account or phone number.

Then a legit new user has a few options, with still it’s going to take illicit mappers and vandals significantly more time to sign up.

And then there’s the concept of account limitations. Even on this forum we have this, signing up here as new user you see this, I quote:

Thanks for joining OpenStreetMap Community, and welcome!

I’m only a robot, but our friendly staff are also here to help if you need to reach a person.
For safety reasons, we temporarily limit what new users can do. You’ll gain new abilities (and badges) as we get to know you.
We believe in civilized community behavior at all times.

If you’d like to learn more, select below and bookmark this personal message. If you do, there may be a in your future!

I see no reason honestly why we can’t do both? And have people to verify their accounts through either their phone, FB or Google accounts AND at the same time limit edit capabilities.

Unlocking what one can do - by completing tutorials succesfully on the devs server.
You must complete a tutorial on waterways before you can do that
You must complete a tutorial on buildings before you can touch that
you must complete a tutorial on indoor mapping before touching that
You must complete a tutorial on administrative boundaries before you can edit them

Also have a small examination to each topic, where new users must read on a wiki article and then questions will be asked, alongside the tutorial.

I’m sure who’s legit in mapping and wants to pursue this - this isn’t too much to ask and the serious mappers will agree it’s better to have 100 good edits instead of a 1000 edits which accounts for 0 because it needs to be reverted.

And I’m sure others can come up with other good ideas on changing the signup/mapping process of users.

WarpathPeacock · October 3, 2023, 1:18pm

Good to see you on here @HikeAndMap

SekeRob · October 3, 2023, 2:03pm

Could not remember the procedure when first signing up in 2014 so did a dummy (which I will not confirm to see if that breaks to sign up cycle) and learned that but for a click on a reply mail there’s no checks. Would have expected to at least see a reCaptcha like challenge to stop bot automation but non of that.

kaartjesman · October 3, 2023, 4:19pm

Please don’t centralize the Internet even more, OSM becoming dependent on those big ones is a BAD idea.

I like this idea.

Biggest issue is translations, and naturally people creating those tutorials. But the scaling to all languages is an issue I expect.

For me, I’m still fully convinced that the best way to solve a people problem is to use people, not technology. A new account can only make small changes and only when a mapper that has “karma” (magic internet points) enough then goes and approves those changes the new mapper makes, they become a fully allowed mapper.

This happens in practically all places around the Internet. From github to this forums and everything in between. It is really OSM that is the odd one out. And that is because it didn’t need it yet. Well, I think it does now.

The tutorials idea is a great one, though. We could seriously use those in some step towards growing the access of a new account.

SomeoneElse · October 3, 2023, 4:56pm

reCaptcha itself is a Google service, and I suspect that some people would be opposed to that just for that reason. There are also potential issues with GDPR that would need to be addressed. There are alternatives, often based on “proof of work” rather than “proof that you are a human”, but I’m not convinced that that approach would help here. If you know of an option that (a) could be made GDPR compliant (e.g. by self-hosting), (b) would actually work to force actual humans to fill in an actual form and (c) isn’t ethically problematic for some other reason, I’m sure that people would be interested.