There was a recent question on why MapRoulette requests user permissions. I thought I'd address that question here.
This is relatively new bahvior. MapRoulette didn't always ask you to log in before using it, but we decided that we needed some kind of user authentication for a few reasons: 1. It would let us customize the experience for a user. If a user logged in, we would remember their preferences from last time 2. It would allow us to loosely associate activity in MapRoulette against a user system. For example, we'd know roughly how many users were using MapRoulette, including if there were super-mappers, or maybe super-vandals. We decided that instead of creating yet another login system, that we'd use osm.org's oauth as a sort of identifier. Since every MapRoulette user is already an OSM user, this made a lot of sense to us. It also meant that we could benefit from using osm.org But OAuth isn't an identification system. We don't know who is authenticated when they log into osm.org- we just have an authentication token to act on their behalf. When a user is logged in, though, we can make an API call to osm.org on their behalf that provides us information about the currently logged in user, eg their username, home location (if set), language preferences, etc. Initially, we thought we would probably use osm.org's internal system of storing user data in key/value pairs to store information about the user from MapRoulette, for example, choosing which challenge they wanted to have by default, but ultimately we moved away from this choice because making the external calls to osm.org was more expensive than making local db lookups. Those preferences don't include anything like passwords, and they don't include things like your email address. In the future, MapRoulette will be doing editing, and then, like any other editor, it will need permissions for editing API calls, just like other applications do (iD, PoiPond, Level0). In our early testing, we asked for those permissions as well, becuase we knew that we'd need them one day, but we made a decision to not ask for them until we needed them (even if it meant that users would have to log back into osm.org in the future). Hope that clear's up any questions people have. - Serge _______________________________________________ dev mailing list [email protected] https://lists.openstreetmap.org/listinfo/dev
