Talk:Privacy Policy

From OpenStreetMap Wiki
Jump to navigation Jump to search

Discuss the Privacy Policy here

Points to add for next update

Note that both numeric user id and display name are stored and even post deletion will be contained in the dumps. Further point out that using your personal name as display name is likely not a good idea if you are concerned about your edits being associated with you. SimonPoole (talk) 21:18, 14 September 2017 (UTC)

Email Addresses

I would like to suggest this wording be changed to "The registered email address for a user is never revealed to other users. It may be used by site administrators to contact users about their edits or other OpenStreetMap related issues and will be used by the server to notify the user if another user has sent a message through the website." -- Dtucny 15:59, 20 August 2007 (BST)

I've made that change to the text of the current privacy policy. Looks like we currently have a machanism for sending a message to another user, although I've never used it. I presume it results in an email, sent to the registerred email address (?)
So that was just a change to the text of the privacy policy. I've split this discussion page into two sections. This top area peoeple can use to discuss the privacy policy wording. Below we can talk about some of the other things you mentioned, which involve implementing changes to OpenStreetMap's handling of personal data (in addition to changes in wording)
-- Harry Wood 15:27, 21 August 2007 (BST)

License

I blew away the paragraph about the license, since this is the privacy policy. That's not to say it's unimportant, just doesn't belong on this page. It's linked instead under 'Other Policies'.

-- Harry Wood 15:27, 21 August 2007 (BST)

Duplicate page

There's been some recent editing activity on this page, and looks like it's more usefully OSM specific, however there was an old page called 'Privacy policy'. I've just redirected that here to fix the duplication, but in old revision of that page there might be some stuff we should rescue. It's a customised version of wikipedia's privacy policy. -- Harry Wood 15:40, 21 August 2007 (BST)

Server logging. IP addresses

The privacy policy currently describes what personal data is exposed to other users. Should we also mention data like I.P. addresses and browser user agents which presumably get logged and sometimes used in various ways (e.g. blocking tile scrapers). Presumably our policy is to not reveal this info publicly, except maybe in aggregate anonymised form. What could we add to the page?

-- Harry Wood 15:19, 15 May 2012 (BST)





Technical improvements related to privacy

Discuss ideas and make proposals for technical improvements related to privacy here (Typically these would also involve a rewording of the 'Privacy Policy' page.

GPS Trace Data

I would propose that this remains as it is except to say that non-public traces could be delivered in track file then timestamp order. Dtucny 16:12, 20 August 2007 (BST)

Agreed, order should be preserved but I think we can say something to the effect that the timestamps themselves will be munged/not provided. -- Kleptog 11:12, 24 August 2007 (BST)

Map Data Proposal: display user IDs

I would like to suggest this be changed to 'All edits made to the map are recorded in the database with the user ID of the user making the change.

If a user has selected the (non-reversible) "make my edits public" option on their account page then any download of current or historical map data from the API, in the Planet file, or in any future method of distributing map data, will include their display name as defined in their profile at the time of extracting the data for any edits made by them.

Edits made by a user who has not chosen to make their edits public will be tagged with 'user-' followed by the internal numeric user ID of the user that made the change.'

-- Dtucny 16:10, 20 August 2007 (BST)

I would support this Change - Mikel
I agree also -- Kleptog 11:12, 24 August 2007 (BST)
One problem with this would be that the anonymity of the system becomes brittle when a particular user's body of work can be identified. It only takes someone identifying the creator of a particular node through some other means (unguarded mailing list post for instance), and anonymity is destroyed. Given the possibility of choosing an anonymous display name, this and the following suggestion are essentially the same.
If the intention is solely to make editors contactable, some kind of interface to send a message to the user that made a particular editor may be a better solution.
-- Randomjunk 12:10, 24 August 2007 (BST)
Is this an actual concern? As far I can see, the only person who can link the user to the the userID is the user. We can't protect people from themselves, if someone posts their address to a public mailing list, it is not OSM's job to censor that.
And generally I think it's important to be able to identify someone's "body of work". If we have a user who makes lots of silly uploads, it is important to be able to identify their uploads as opposed to other people's -- Kleptog 12:43, 24 August 2007 (BST)
If that is the intention, then sure. But we still need to protect the privacy of contributors to the project before this change. At that time they would have been under the impression their edits were anonymous, where as now we would be revealing them. So we need some way of not doing this retroactively -- the make all edits public for new users thing below does this.
We also need to be open about the privacy implications, and I think the option below does this in a more "honest" way. (if you take out the part about making old edits show the user ID that is (which I think should happen)). -- Randomjunk 09:49, 29 August 2007 (BST)

Map Data Proposal: force new edits to be public

I would take the previous proposal further, and I suggest (noting it's not my original idea!):

'All edits made to the map are recorded in the database with the user ID of the user making the change. Any download of current or historical map data from the API, in the Planet file, or in any future method of distributing map data, will include the contributor's display name (as defined in their profile at the time of extracting the data) for any edits made by them.

Accounts created before this privacy policy came into place have been locked unless and until the user has selected the (non-reversible) "make my edits public" option on their account page. Users who wish to make further contributions under this new privacy policy without making their historic edits public should create a new account. Previous edits made by a now locked account will be tagged with 'user-' followed by the internal numeric user ID of the account that made the change.'

-- Socks 12:55, 21 August 2007 (BST)

I'm agnostic on the difference between this and the previous proposal -- either are fine. I'd also add, that for "numeric id" users, rails should be made capable (if not already) of sending messages to these people. The key thing for me is that there's some way to potentially get in contact with editors, with or without screen names. Those recipients are of course free to ignore and not respond. -- Mikel
I'm also unsure of what this buys us. As long as we can contact the user in question it doesn't really matter if it says JohmSmith or user-4854 -- Kleptog 11:10, 24 August 2007 (BST)
I personally don't see the privacy implications of public edits in a system where there is no limit on the number of accounts I can have, and where I get to choose my own display name. But I can understand that people wouldn't want their previous edits (prior to this change) made identifiable. So I support this proposal except for the numeric ID part for old edits. -- Randomjunk 12:10, 24 August 2007 (BST)

User Location

I would like to suggest that this remain as it is unless it can be easily separated out into a seperate 'make my location public' option.

-- Dtucny