Just as an update, I blocked some more accounts that had appeared overnight (up to this one). As far as I can see, no new problem accounts have appeared since then (but please email the DWG if you think that accounts that should have been blocked have not been).
Edit at 16:36 UTC: Still no new problem accounts of this form.
There’s still a lot that needs reverting (and thanks for everyone who’s done that), but I think that the priority must be to address the ability to create new vandal accounts at will (as per e.g. here). We need to fix the hole in the ship’s hull so that the bailing out can be effective.
I have some questions,is it possible to limit the number of accounts that can be created within a certain IP segment within a day or longer? Or can DWG check to see if the email address used by these users are from a particular provider?
If there are hundreds of bot accounts (such as this round) performing this type of sabotage, is it compliance to disclose such technical details?
Anybody is entitled to call out vandalism, to draw attention to instances they find, but please people use less emotive language such as ‘driven by hatred’. This kind of language does not help with easing tensions within the larger OSM community and therefore reducing the possibility of further vandalism.
IP address and email address details are visible to site admins, not moderators (the DWG). Whilst I’m sure that there are things that can be done (see above) any changes need to be implemented with care to avoid causing problems for legitimate users.
I believe that the admins have taken some actions to make this sort of vandalism more difficult in the future. We’ll keep an eye on the situation and see what happens next.
Could we do something like a 1 second per feature delay between changesets for new users?
If using JOSM or ID I think it generally takes a fair bit longer than that to do genuine edits.
Accounts created for imports and automated edits would need to be manually exempted, but this might help make sure the process for those is being followed anyway.
As far as I recognized new users normally register to add new information or objects to the map.
So in my opinion new users shouldn’t have the permission to remove existing information from the map. This restriction should at least last for two days. If the API detects multiple violations of it in the form of tries to delete something while uploading, it is extended to one week or or more if the tries continue.
Maybe this could be combined with mapping days to get the permission to delete tags and objects.
This should be an effective way to prevent vandalism. Then mass user creation wouldn’t help them any more.
Of course vandalism could still occur the way something is modified and after the start restrictions were passed around but the effort for vandals would be way higher.
I a new user really would like to delete something because it is an error in the map, he/she could raise a note on the map and ask someone to do it like an unregistered user already can do.
Of course the documentation should reflect such a change in behave.
Another update - more blocks, including on some accounts created earlier than mid-August, which had started to be used for vandalism, like this one. If anyone wants a list of problem accounts the last 6000-odd here is a good start.
There’s still data that needs reverting, and finding it is unfortunately easy; see e.g. here.
Edit: As far as I’m aware, no “new” vandal accounts after ‘2023-08-21 20:15’. Please let the DWG know (by email preferably) if you find any that we have missed.
Edit 2 23/8/2023: The “unfortunately easy to find” example has now been fixed - thanks!
Also, I’ve just blocked 333 new “potentially problematic” new accounts.
Aquarix, yes, but the problem is that there are different forms of vandalism. We have removing vandalism… but we also have adding vandalism ! So I think your solution just take one side of the problem.
I agree with the idea of Spatialia : it would be a good idea to create a new working group for this specific subject. Because there are too many consequences, the community needs good advice to make its choice.
Furthermore, two different decisions should be taken :
one in the short term to remove vandalism for the next few days,
one for the long term issue, for the problem of temporary hard vandalism.
Perhaps a mechanism could be enable and disable for emergency problems ?
Does the OSM database is very vandalised in normal times ?
And for everybody, don’t hesitate to take a look at how Wikipedia works :
it seems to me that it is necessary to introduce stricter rules for registration, for example, to add verification by phone number, or other points that will make it impossible to register a large number of accounts, and in general I do not see the need for a person to have 1 account, and all auto-, techno-, bots must be created from the main record
This reminds me of a recent case where someone readded (not removed) Ukrainian names after their (constant) removals even though said names were added hastily by a different (now banned) user:
That’s why I also consider ezekielf’s suggestion more powerful as this many changes are unlikely to be done by a single user. Of course, editing geometry will easily blow up the amount of changed objects (depending on what’s ultimately counted as an object) Mateusz noted, though I’m sure most beginners do start simple and edit single nodes like shops or stops first, StreetComplete or otherwise (I know I did) and even then, it’s better to start slowly with geometry and don’t edit a huge area.
hi! I am actually the person who reverted those exact changesets two times where literally tens of thousands places in Russia (mainly in Moscow and Saint-Petersburg) and Belarus which do not have a name in Ukrainian were “translated” mechanically, user of original changesets is banned, the account (it seems that it belonged to the same user) which restored those translations was also banned, now for 10 years, and now this happens again… I don’t know, it’s just a huge amount of basically meaningless and well… vandalism changes for places like hospitals, pharmacies, military camps, roads, city names, heh, the whole city districts…
Sure, I reported it, account will probably be blocked, probably I will revert it again - but if a random new account can add those translations again and again, (or add something new, like the case we had recently with offending names for huge number of objects in Russia), it’s a battle I’m not sure I’m willing to continue undefinitely…
A few more changesets have appeared just now. You currently can see them here.
“New” likely problem accounts have been popping up, and been blocked, continually. I blocked a few hundred last night; there have been around 6500 in total.
Latest vandalism wave should be reverted now by @NorthCrab (they made some custom tool for handling that, hopefully everything what should be reverted is now gone).
I’m not all that well known with OSM protocols and processes, maybe someone can answer my question below.
I loved the talk on this thread which directly was related to the actual proposal, to limit new accounts and find some social way to make them more powerful over time. I think it has been only positive in reception. Obviously, my simple strategy may not be optimal and I do agree with the suggestion to make some working group, if that is how OSM does things. Where a viable alternative a ‘just do it and iterate’.
So, the question I have is how do we kick-start such a process? Is there a need for the foundation to approve a working group or a policy change with regards to limiting new accounts? Is there a different way to get the ball rolling?
My take is still that a new account that is limited to only things that a zero-day mapper would do, and it takes actual positive contributions over some time to extend the power of that account, this solves the vast majority of social problems. Including massive vandalism that we’ve been seeing for some time now.
It would be good to start rolling this process sooner rather than later. Main rationale is that people are getting tired of reverting. I can’t even imagine what the DWG people feel on this repeated issue.
Knowing that this will not just continue for the next year(s) in the same vain is needed to avoid burn out, and for that some sort of structural solution should be expected to be in place at some point in the foreseeable future
For what its worth, I would go with the roll-out and iterate approach where the server adds some new error codes for going over the limits and the main iD editor adds basic error codes for the same. New accounts made from that day forward are limited.
And then iterate. Increase usability, make more editors support nice feedback UX feautures, and on the server add features like fetching limits and quotas under an account.
And iterate also in numbers of what people can do. Start small, react to new people complaining about what they can do. Adjust limits and repeat.
The rationale for going with the ‘move fast and break stuff’ approach is that its only for new accounts which severely limits the number of affected users, and stuff is today quite broken and as such its probably cheaper (on the community) to do an imperfect thing fast than to take 4 months to have a working group come up with the best proposal before its activated while the community keeps cleaning up messes.
So, when I suggested the idea of a working group, I looked up the process for that. According to the wiki, a process was proposed, but not ever put into place, but seems like a reasonable place to start: Working groups/Proposing a new working group - OpenStreetMap Wiki
I agree with you though on approach. Part of what made me open this thread is I’d had similar thoughts on the style of account limits (similar to what Discourse itself does with permissions), and wonder if some combination of that plus wikipedia-like moderation (temporarily lock specific tag values, temporarily lock specific geographies) will end up being useful, along with an API that reports current locks so editors can warn users before they prepare changes. But the specifics matter a lot and need hashing out, as the rest of this thread shows.
I’d be curious what the people on the affected teams think of the idea of a working group - is there someone on the teams who has time to participate and thinks it’s a good route forward? I don’t want to propose it officially if it’s going to take time away and they’d rather continue informal coordination, but the discussions I’ve seen on this have seemed inconclusive at determining tools to develop because the number of considerations is large and crosses groups - as a result it feels like our admins lack tools necessary for the scale of the problem and it will just get worse.
Current measures does not helps a lot - map is in damaged state for several days already.
Is it possible to temporary ban IPs from which accounts were registered as an emergency measure?
I think that it might help to clarify what you mean by a “damaged state”. As of now (6:28 UTC on 25/8/2023) there absolutely are issues, and if you zoom in and look at the history you’ll see that reverts are in progress.
As of midnight last night, I’m not aware of any outstanding data issues. There absolutely were cached tiles in the CDN with old data visible, and other data consumers would have similar issues, but I think that the efforts to revert vandalism had largely caught up with the actual vandalism at that time - unless of course you know different.
Oh, yeah, when I read this part I couldn’t process it (being late at night and so) but then I opened up @SomeoneElse’s link and that vandalism goes much worse than I thought. Of course, it doesn’t help that there are actual supporters of this vandalim (not just @BaboucheVerte but also @Anti1982 as given here, possibly @darkonus for liking the former’s post*), it’s a quite sad situation especially for something minor.
*Yeah, I know I too “liked” Babouche’s post but I accidentally kicked on liked instead of angry and by the time I noticed it, Discourse doesn’t allow me to change it.
