Re: Accessing third-party repositories
Hello Frederik, upon starting JOSM I was greeted by, among other things, messages that loaded content from "wikidata.org" and "sophox.org". I have not actively enabled something that would make these queries, nor have I been asked for my consent to transmit the fact that someone is using JOSM at this IP number to wikidata.org or sophox.org. As Vincent already said this is a temporary situation and will be changed. I can understand that if I load Ilya's geochat plugin it will phone home to Ilya's server, or if I enable certain imagery layers they will load data from the imagery server. Also it is clear that JOSM will access the OSM and JOSM servers. But I think that we should not add random third party web sites that are under control of neither OSMF nor the JOSM team to the mix without explaining this to the user and asking for their consent. JOSM allows to access really a lot of different web resources * tag specific web sites * OSM wiki * JOSM server * OSM SVN * plugin/presets/style/rules files and embedded elements (icons) * maps and map icons. I try to keep it in a way, so that any connects not going to the JOSM or OSM API server somehow must be initially user-initiated (which is not 100% true ATM, as e.g. maps icons are fetched (and cached) even if you not actively add a maps). And probably I also overlook something. Would it perhaps make sense to build a generic "consent to access server X" feature into the JOSM core, and anyone - whether core or plugin - would then have to acquire user consent once before accessing a remote resource? I fear that would only be annoying like these famous cookie requests nowadays. And for plugins it would not be possible to enforce. JOSM is designed to be an online software and it's not so easy to prevent that without loosing much of what JOSM is. Anyway I created ticket https://josm.openstreetmap.de/ticket/18712 for a bit more control. Ciao -- http://www.dstoecker.eu/ (PGP key available)
Re: Accessing third-party repositories
On Fri, 14 Feb 2020, Simon Poole wrote: ELI has a privacy url field, though I believe Vespucci is currently the only editor that a) points this out, and b) makes the link accessible to end users. See https://josm.openstreetmap.de/ticket/17285 for this. Ciao -- http://www.dstoecker.eu/ (PGP key available)
Re: Accessing third-party repositories
ELI has a privacy url field, though I believe Vespucci is currently the only editor that a) points this out, and b) makes the link accessible to end users. Simon Am 14.02.2020 um 18:46 schrieb Greg Troxel: > Frederik Ramm writes: > >> I can understand that if I load Ilya's geochat plugin it will phone home >> to Ilya's server, or if I enable certain imagery layers they will load >> data from the imagery server. Also it is clear that JOSM will access the >> OSM and JOSM servers. But I think that we should not add random third >> party web sites that are under control of neither OSMF nor the JOSM team >> to the mix without explaining this to the user and asking for their consent. > Agreed that this is the right expectations. > > There's an interesting issue with third-party imagery and map layers, > which is how users know their privacy policies, such as what records > they keep of which IP addresses looked at which areas, and if this is > diclosed, etc. It would be good to have a standardized access point for > these (that one can discover from a tile URL), and to have these links > assocatied with the tile layer definition. > > The next step would be some standard semantics or simply human > evaluation of whether the tile provider commits to nondisclosure, > non-use and/or non-retention. > signature.asc Description: OpenPGP digital signature
Re: Accessing third-party repositories
Frederik Ramm writes: > I can understand that if I load Ilya's geochat plugin it will phone home > to Ilya's server, or if I enable certain imagery layers they will load > data from the imagery server. Also it is clear that JOSM will access the > OSM and JOSM servers. But I think that we should not add random third > party web sites that are under control of neither OSMF nor the JOSM team > to the mix without explaining this to the user and asking for their consent. Agreed that this is the right expectations. There's an interesting issue with third-party imagery and map layers, which is how users know their privacy policies, such as what records they keep of which IP addresses looked at which areas, and if this is diclosed, etc. It would be good to have a standardized access point for these (that one can discover from a tile URL), and to have these links assocatied with the tile layer definition. The next step would be some standard semantics or simply human evaluation of whether the tile provider commits to nondisclosure, non-use and/or non-retention.
Re: Accessing third-party repositories
Hi Frederik, I agree with you. We plan to switch back to solely JOSM server through https://josm.openstreetmap.de/ticket/18599 Cheers, Vincent Le ven. 14 févr. 2020 à 13:51, Frederik Ramm a écrit : > Hi, > > upon starting JOSM I was greeted by, among other things, messages that > loaded content from "wikidata.org" and "sophox.org". > > I have not actively enabled something that would make these queries, nor > have I been asked for my consent to transmit the fact that someone is > using JOSM at this IP number to wikidata.org or sophox.org. > > I can understand that if I load Ilya's geochat plugin it will phone home > to Ilya's server, or if I enable certain imagery layers they will load > data from the imagery server. Also it is clear that JOSM will access the > OSM and JOSM servers. But I think that we should not add random third > party web sites that are under control of neither OSMF nor the JOSM team > to the mix without explaining this to the user and asking for their > consent. > > Would it perhaps make sense to build a generic "consent to access server > X" feature into the JOSM core, and anyone - whether core or plugin - > would then have to acquire user consent once before accessing a remote > resource? > > Bye > Frederik > > -- > Frederik Ramm ## eMail frede...@remote.org ## N49°00'09" E008°23'33" > >
Accessing third-party repositories
Hi, upon starting JOSM I was greeted by, among other things, messages that loaded content from "wikidata.org" and "sophox.org". I have not actively enabled something that would make these queries, nor have I been asked for my consent to transmit the fact that someone is using JOSM at this IP number to wikidata.org or sophox.org. I can understand that if I load Ilya's geochat plugin it will phone home to Ilya's server, or if I enable certain imagery layers they will load data from the imagery server. Also it is clear that JOSM will access the OSM and JOSM servers. But I think that we should not add random third party web sites that are under control of neither OSMF nor the JOSM team to the mix without explaining this to the user and asking for their consent. Would it perhaps make sense to build a generic "consent to access server X" feature into the JOSM core, and anyone - whether core or plugin - would then have to acquire user consent once before accessing a remote resource? Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09" E008°23'33"