Thank You DWG 
.
You are THE group that keeps me motivated 
.
4 Likes
For very related restriction: maybe we should no longer allow anonymous notes to be created? I am unsure is it worth allowing it.
(anonymous comments got disabled already, anonymous edits used to be present and are gone for loooong time now)
3 Likes
I agree, but let’s have a separate thread about it. It’s not the most acute problem that doesn’t corrupt data.
Plus we have several applications that actively use it and we need to warn their developers.
Let’s get back to limiting the size of edits for new users.
We see again edits of 10000 objects already in Israel. Let’s limit the size of edits for new accounts to 1000-2000 changes. That way we’ll make DWG work a little easier.
At the DWG level, I would suggest the idea of trap objects. If some newcomer made a large (in area and/or size) changeset and affected some important established object, then automatically block it for a couple of hours. In the case of name:ru tag vandalism, this should work well.
3 Likes
That’s part of the problem, true, but the sheer volume of edits by new users (which was your first point) means that quite a lot of damage can be done before something is detected. Also, some edits are “indiscriminate” - watching objects does not help there. For example, the most recent vandalism of e.g. this object was spotted “by accident” (well I was half expecting problems in that area, saw it, and blocked and reverted the user (mostly**) cleanly).
Edit: the relevant github issue is this one.
** Some relation edits (maybe a couple of dozen?) require further work.
How can non-DWG users help with this process? It seems like partial reverts have really complicated the process. Should we be trying to spread the word not to do these reverts at all when the DWG is already involved?
1 Like
I can tell you from experience with vandalism in August, it’s best not to do anything with your hands. Only if after reverts that it was not fixed.
In the Russian community we recommended the following Telegram: Contact @ruosm
- While reverts are in progress, do not edit affected names
- To redraw the map in the browser after rollbacks, reload the page without cache: Ctrl+F5 or Cmd+Shift+R.
- If you notice new cases: go to user profile → Report this User
Also at the link you can also see that we reported the current status of reverts and explained how it works, why vandalism may not disappear from the map for a long time.
2 Likes
A bit off-topic w.r.t. the current issues, but since I haven’t seen it mentioned anywhere: Here are two who have investigated using machine learning to detect vandalism in OSM: https://dl.acm.org/doi/10.1145/3474717.3484204, https://dl.acm.org/doi/fullHtml/10.1145/3485447.3512224 (Preprints: [2203.11087] Ovid: A Machine Learning Approach for Automated Vandalism Detection in OpenStreetMap, [2201.10406] Attention-Based Vandalism Detection in OpenStreetMap), Enriching and validating geographic information on the web. The accuracies are not particularly high, but one issue with such algorithms is the labeling of data, which can only get better if more people are involved. Something like this could serve as another, automated second line of defense (after limiting new accounts / introducing trust models), along with rule-based detections.
1 Like
Another reason why it’s important to reduce the size of edits is the abnormal size of the diffs.
HDYC and OSMCha (if I remember correctly because Overpass was unavailable) became victims of such diffs in the past times. Live-update users in OsmAnd also faced huge updates.
Also, edits with 10k modified objects are very difficult to view quickly and without lags in the change viewer. OSMCha, Achavi, JOSM.
And imagine vandalising not just one person, but several hundred organised on some 4chan or on a video blogger’s stream 
3 Likes
If someone is interested in this topic and wants to help: Limit number of edits per user and day · Issue #2342 · openstreetmap/openstreetmap-website · GitHub mentions that code was deployed to a test server.
By the way, code is already deployed for testing here: https://tomh.apis.dev.openstreetmap.org/
You need to sign up there (your main osm.org account won’t work there), and then try uploading some, or even lots of data.
you can test whether reasonable edits are going through and mass scale vandalism is limited (and error handling in editors and API and so on)
5 Likes
@SomeoneElse Looks like a vandal hacked into another mapper’s account. Be careful during reverts. https://www.openstreetmap.org/user/Silka123/history
We’'ll have a look. Blocked for now, we’ll amend that message with more detail once more detail is know.
At first glance it looks like a case of password-stuffing; and if so it wouldn’t be the first example in OSM. The general advice to avoid this sort of thing is for people to ensure that they don’t share passwords between accounts for different things on the internet (so that if passwords for site A get published, they aren’t useful for site B).
4 Likes
Add the ability to rate limit edits by tomhughes · Pull Request #4319 · openstreetmap/openstreetmap-website · GitHub is now merged
large-scale vandal activity should be now reduced, as large edit volume will be blocked, especially from fresh accounts
note that large scale edits from new accounts may be also affected, but should not affect vast majority of genuine new users
brand new bot/import accounts may need to operate in way dealing with rate limits if editing at huge volume, also old ones may be affected if volume is exceptionally large
Thanks for everyone who contributed!
Note that further changes may be needed to make life harder for vandals. For example abusive use of delete account feature likely should be stopped/reduced.
7 Likes
… and now reverted (by several people, including me in this changeset).
Because there have been several people reverting things at the same time, it’d be really helpful if people could see if there are any examples of problem data still existing?
It’s all right. Here is an overpass query with all the phrases used by the vandal, which I used to check the data now and last time. overpass turbo
2 Likes
There are new phrases. For example, "БОЛEE 310 000… ".
1 Like
Have we blocked that nasty tomhughes yet? 
1 Like
OK, that is quite funny automatic title generation 
“quite bad”?
With the latest vandalism in mind:
Wouldn’t it be a good idea to also limit the changesets of new accounts in size (area)?
This would make it slightly more difficult to make global vandalism resulting in this massive tile updates we saw the last week.
8 Likes