But it is. There is enormous difference between visibility of a password inside a coffee shop (available to few hundred or thousands of the locals) and a worldwide global digital publishing of passwords (available to dozen billions of people and AIs).
Just like there is no problem of people putting their personal names on their postboxes or intercoms, but putting those same personal names on houses in OSM is a big no-no.
So, IMHO:
-
one definitively shouldn’t put password that is visible only inside cafe or hostel or whatever!
-
I wouldn’t even put it if it is available only on the outside door (see previous discussions why).
-
I would say it is only OK to put in OSM if the establishment also publishes it publicly on their worldwide available webpage of public Facebook profile or similar, or authorizes you in email etc.
If they don’t do any of that, it means that they most likely do NOT want whole world to have digital access to that information, but only locals.
Only problem is that Privacy is not a boolean always/never; it is a spectrum. E.g. one might be fine with their extended family and doctors know about their illness, but not want whole world (or even just whole city) to know. Or for some things you may want only your wife to know, and not even extended family. Or personal names - one might be fine with using their real name in this forum, but would object to being doxxed. Or the mentioned date of birth you might easily give to your friend (and even invite them to the birthday party!), but you might not want it to be available globally on the Internet tied to your name. etc.
Yes, that was kind of the point, to discourage it generally (given the most prevalent “never” answer in the poll).
I did include wording that is might sometimes be OK in some situations, and gave few examples of such extraordinary circumstances, and pointed people to where they can find more information.
I’ve expanded that examples now and tried to clarify a little more that there are (very rare) cases where it might be OK - let me know if you find it better, or how would you improve it, while keeping in with that general consensus of discouraging.
Well, the wiki does explain when the password might be OK, so removing it in those cases is not OK, so you should contact the user and revert the deletions.
I’d suggest using source:internet_access:password=*
to indicate source of that password (e.g. “visible inside a cafe”, “visible on the outside doors”, “published on www.example.com”, “authorized by the owner on 2024-09-23” etc.) if you record verbatim password; which should give extra reason to keep (or remove, as the case might be) those passwords.
That is because it was not intended to be “funny”, but the intention was to change it periodically (to prevent people knowing using the old password, for all the reasons mentioned earlier in the discussion), but the person responsible for that change went away or forgot before transferring the knowledge how to do it their successors. So, as nothing broke, people didn’t notice they need to change it even if they absolutely wanted to.
Kind of like the situation where people do not apply security updates regularly unless there is a popup nagging them, even when they almost always absolutely want to keep their computer secure (instead of getting “hacked” and blackmailed).