I map only “privacy sensitive” information, which has been active published by the operator/owner (flyer, receipt, website, social media, …) or can be easy guessed from internet searches. So it is already public known.
Information, such as passwords for internet_access:fee=customers or other services which are restricted to defined person groups or provide any kind of financial benefit at the end, should never be published in OSM, even if you find it somewhere on the internet.
At least for situation in Germany, it is not a break-in, if you lock the front door and hang the key on a nail beside it, so that everyone can see it and “break in” with it.
Same applies to wireless networks.
So WLAN passwords, can be added to OSM, but as an informed personal decision and not with newbie-apps like SreetComplete. This option is mission in the poll.
There is really many broken/limited hardware out there! So maybe someone think, that turning on encryption makes sniffing a bit harder or non-technical business people think that WLAN encryption is a replacement for turning on e.g. client isolation, if supported.
Well, I was never there so I don’t know, it depends on where you acquired that password. E.g.
if it is written on bikeshare station itself, add source:internet_access:password=written on bikeshare station table, or
if you have to call a phone number and they tell you the password, then source:internet_access:password=you have to call their customer center phone at +xxxxx and they'll tell you the password, or
if it is only available in official app after you login into it, then say source:internet_access:password=only shown in official mobile phone app after authorization when you click on a station on the map, etc.
It is a simple human-readable text, no special format.
no, because there is no majority opinion that phone=* should not be published, so it is not important that people who do publish it try to defend why they think they should put that tag in against community consensus.
Yes, they are sometimes not public, which is why I tried to clarify it by saying “public Facebook profile or similar” (by which I meant “those subset of Facebook profiles which are public”. And that was just a random popular example, it could be public Mastodon account or whatever else internet service published by the owner which is available to public globally without restrictions)
To summarize - republishing in OSM:
Password published on website and public social media by the owner sounds fine probably (and is listed on a wiki as being one of acceptable exceptions).
Password on flyers (which are analog and local and limited quantity) are not a good idea for re-publishing globally and digitally; they were not intended for that for all the reasons mentioned before (if they were, owner would also do the above public global digital publishing if they have one)
Password on receipt is absolute no-no, and people who might think it is fine to publish those globally are main reason for that strong wording on the wiki discouraging using verbatim password.
Receipt is intended for the customer, as is password there as a reward for paying (otherwise, the password would be shown to you on entry door and website and social, and not only on receipt). It is certainly not intended to be shared with everyone in 99.9% of the cases! When your bank send you a PIN for debit card, it is not “public information” just because it was printed on paper and given to one person!
or can be easy guessed from internet searches. So it is already public known.
FYI, building a database of “publicly known” information about a subject and intentionally releasing such a compilation of data is a practice known as doxxing, and is generally not viewed in the most positive light. Just because it can be done, does not mean it should be done. Just sayin’.
What, really? [Citation needed]. And if you leave unlocked bicycle (or locked with a key in a bag), it is not stealing if someone takes it? How about if you leave a car for a minute with a key in ignition and without locked doors (e.g. on a fuel station), are those cars also free for the taking without legal consequences?
This option is not “missing”, but is clearly covered by “It’s complicated” (as it is not “Always” and not “Never”). Which only got 8% of the votes (even after all the arguments and effort to convince the people to change their vote)
That very page disagrees with your claim regarding “publicly known” information:
“The aggregation and provision of previously published material is generally legal, though it may be subject to laws concerning stalking and intimidation.”
Also the first sentence: “Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization…” but a SSID/password of the kind we’re discussing here (the examples I gave of business name or phone number or “Espresso2019” used as the password) is not PII.
You got your community consensus, congrats – no need to accuse other editors of supporting crimes.
Nobody is accusing anyone of crimes; that doxxing aside was intended as an analogy to debunk the idea that (paraphrasing) “because some information can be found / is publicly known, it is allowed (and a good idea) to do whatever you want with that information” by giving relatively well-known example to the contrary.
My apologies if that was misunderstood as personal attack and/or allegations of crime-doing; that was certainly not my intention.
Now for the legal experts in this thread… did I dox them by posting this picture on the internet without asking for a written, perpetual, royalty-free, sublicensable, transferable, non-revocable permission to publish the password for the whole world to see?
(note that noone claimed that posting photos of shops will be doxxing - doxxing would be applying if you would say start posting where shop owner lives and where they children go to school etc)
Doxing - Wikipedia may be not great but it should improve your knowledge what this term means
What other kinds of publicly visible, verifiable data about customer-facing businesses do we consider unsuitable for OSM on privacy grounds?
(I do know about things like people’s names on residential mailboxes in Germany, these aren’t businesses)
Right, sorry, I misinterpreted Matija’s mention “building a database of “publicly known” information about a subject and intentionally releasing such a compilation of data is a practice known as doxxing” - I missed that it probably refers to “subject” as in a person. I’m not entirely sure why they brought it up in the topic about tagging businesses, but that’s still my bad.
[Citation needed]. And if you leave unlocked bicycle (or locked with a key in a bag), it is not stealing if someone takes it? How about if you leave a car for a minute with a key in ignition and without locked doors (e.g. on a fuel station), are those cars also free for the taking without legal consequences?
