Re: [OSM-talk] Draft updated privacy policy
Way way back I sent the mail below to the list. Now that the big road block is gone (thanks to TomH for merging https://github.com/openstreetmap/openstreetmap-website/pull/1036 ), I intend to move the updated document forward. http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy Forward in this case implies that we (the LWG) are going to ask the OSMF to elevate the document to a formal policy document (for the various caveats that apply to the document see below). If there are any last minute comments, suggestions, that are in the scope of this update, please either make them here or on the documents talk page. Simon Am 16.06.2015 um 13:17 schrieb Simon Poole: > And now for something completely different. > > I've produced an updated version of the OSM privacy policy: > http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy (the original > resides here: http://wiki.openstreetmap.org/wiki/Privacy_Policy). > > This is largely a private undertaking, it however has been available to > stakeholders in the original document and the relevant OSMF working > groups for comments and suggestions which have been worked in to the text. > > The LWG has somewhere on its to-do list an item on a complete review and > rewrite of the privacy policy, this is not a replacement for that. It is > however likely that whoever does that rewrite would refer to this > document or the original privacy policy for the OSM related specifics. > > Neither the original policy nor this document are published and/or > approved OSMF documents, but they should likely be considered for that, > at least until a full rewrite is completed. > > My motivation was mainly that there are some things that should be in > the document that are not, and the complications that a complete rewrite > as in for example https://wikimediafoundation.org/wiki/Privacy_policy > will entail. > > All that said, the changes are, with one exception, likely > uncontroversial and simply document what is current practice. Obvious > and clear for old hands, probably not so for newcomers. > > The exception is the addition of a clause that allows us (the OSM > community) to use information submitted to an OSMF run services to be > used to support improving the OSM data. Right now the only use of this > that I could think of is to mine nominatim queries for missing > addresses, postcodes and the like. The is currently NOT done, because it > is a potential touchy issue, but it would have some obvious benefits. > > Comments on the draft are likely best added to the discussion page. > Please keep the scope of any comments limited to the changes and not to > untouched original text, one day there will be a complete rewrite and > that will be the time to address any other issues. > > Simon > > > > ___ > talk mailing list > talk@openstreetmap.org > https://lists.openstreetmap.org/listinfo/talk signature.asc Description: OpenPGP digital signature ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Draft updated privacy policy
I've updated the document https://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy#Log_files_and_Information_submitted_to_OSMF_Services with some additional text to address the handful of things people felt were missing. If there are no further comments I would suggest using this as a replacement till such a time that we have a completely redone policy. Simon Am 16.06.2015 um 13:17 schrieb Simon Poole: > > And now for something completely different. > > I've produced an updated version of the OSM privacy policy: > http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy (the original > resides here: http://wiki.openstreetmap.org/wiki/Privacy_Policy). > > This is largely a private undertaking, it however has been available to > stakeholders in the original document and the relevant OSMF working > groups for comments and suggestions which have been worked in to the text. > > The LWG has somewhere on its to-do list an item on a complete review and > rewrite of the privacy policy, this is not a replacement for that. It is > however likely that whoever does that rewrite would refer to this > document or the original privacy policy for the OSM related specifics. > > Neither the original policy nor this document are published and/or > approved OSMF documents, but they should likely be considered for that, > at least until a full rewrite is completed. > > My motivation was mainly that there are some things that should be in > the document that are not, and the complications that a complete rewrite > as in for example https://wikimediafoundation.org/wiki/Privacy_policy > will entail. > > All that said, the changes are, with one exception, likely > uncontroversial and simply document what is current practice. Obvious > and clear for old hands, probably not so for newcomers. > > The exception is the addition of a clause that allows us (the OSM > community) to use information submitted to an OSMF run services to be > used to support improving the OSM data. Right now the only use of this > that I could think of is to mine nominatim queries for missing > addresses, postcodes and the like. The is currently NOT done, because it > is a potential touchy issue, but it would have some obvious benefits. > > Comments on the draft are likely best added to the discussion page. > Please keep the scope of any comments limited to the changes and not to > untouched original text, one day there will be a complete rewrite and > that will be the time to address any other issues. > > Simon > > > > ___ > talk mailing list > talk@openstreetmap.org > https://lists.openstreetmap.org/listinfo/talk > signature.asc Description: OpenPGP digital signature ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Draft updated privacy policy
Am 18.06.2015 um 18:16 schrieb Greg Troxel: > > Simon Poole writes: > >> I've produced an updated version of the OSM privacy policy: >> http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy (the original >> resides here: http://wiki.openstreetmap.org/wiki/Privacy_Policy). > > I have a few big-picture comments so I'm sending them to talk@. > > With respect to data obtained from the site, I think that's nominatim > queries and also the particular areas that are looked at, posssibly > associated with IP address, and associated with a user if logged in. > The policy doesn't address if logs are kept by IP address or by > username, and for how long. At first glance, I would be in favor of > limiting log lifetime to 30 days or so, and not backing them up. > > I would for example find a (beyond-admins) heatmap of which locations > were loaded to be overly invasive if it were more granular than 1km or > so. > See below. > in support of the operation of the services from a technical, > security and planning point of view. > > That's fine in theory, but the question is to whom are they > accessible/disclosed, and under what terms. It's pretty clear you mean > by a small subset people working within OSM who agree not to disclose > anything beyond counts/trends. That's fine, but it's not what the text > says - as long as there is a nexus to support of operations, any > disclosure is within policy. I'll be adding a clarification on that. > > as anonymised, summarised data for research and other > purposes. Such data may be offered publicly via > http://planet.openstreetmap.org or other channels and used by 3rd > parties. > > Anonymized and summarized are different and it is very tricky to prevent > "reidentification" of anonymized data. So summarized, where the > individual items no longer appear (queries/month, etc.), I have no issue > with. The intention is that any published data is both summarised and anonymised (there is no "or" in the sentence). While you are correct that "anonymised" is a bit of a no-op in that scenario, it is there to avoid concerns. > If individual addresses appear, then there's no summarization, > and the geo nature of things means that there can be a single address in > a region, even if there are 10K in the dataset. What that means, I > don't know, but it doesn't seem good to publish the list of addresses > that people looked up. > > to improve the OpenStreetMap dataset. For example by analysing > nominatim queries for missing addresses and postcodes and providing > such data to the OSM community. > > It may be reasonable to have on the nomination failure page a "add this > query to a public list of queries without an answer". That will both > avoid people's queries getting published when they didn't want them to, > and also filter out some typos. Sort of like a map note by address we > can't geocode, rather than by coordinates. Given that it hasn't actually been implemented I can't say for sure, but I suspect (just as with the tile statistics) we would only publish addresses for areas with a certain minimum density of requests per higher level admin entity. Aka we wouldn't be publishing an individual address for a city or similar. In practical terms I don't think this is an issue in any case since individual requests via the UI will be completely drowned out by bulk geocoding via the API (which is the main reason we want to do this in the first place). See http://munin.openstreetmap.org/openstreetmap/poldi.openstreetmap/index.html and http://munin.openstreetmap.org/openstreetmap/pummelzacken.openstreetmap/index.html. We are currently peaking at roughly 350 requests per second. > With real routing, addresses that are frequent from values are likely > those of OSM users; publishing that seems uncool. > > No personal information or information that could be linked to an > individual will be released to third parties, except as required by law. > > That's pretty strong, given reidentifciation concerns. So perhaps > that's "other than as specififed above". > It may need some tweaking wrt addresses. > Third party services providing content linked to via or third party > JavaScript files utilised by OSMF provided sites are not covered by this > policy and you will need to refer to the respective service providers > for more information. Examples of such services and content are the HOT > and CycleMap map layers on openstreetmap.org and the JavaSctipt > frameworks used by help.openstreetmap.org. > > This is an interesting question. It would be reasonable for OSMF to > require that other entities whose content is integrated into > openstreetmap.org have privacy policies that are consistent with OSMF's > privacy policy. Arguably this should be the case, as it requires some > sophistication to know what's separate. > Outside of the scope of this document. > The javascr
Re: [OSM-talk] Draft updated privacy policy
Simon Poole writes: > I've produced an updated version of the OSM privacy policy: > http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy (the original > resides here: http://wiki.openstreetmap.org/wiki/Privacy_Policy). I have a few big-picture comments so I'm sending them to talk@. With respect to data obtained from the site, I think that's nominatim queries and also the particular areas that are looked at, posssibly associated with IP address, and associated with a user if logged in. The policy doesn't address if logs are kept by IP address or by username, and for how long. At first glance, I would be in favor of limiting log lifetime to 30 days or so, and not backing them up. I would for example find a (beyond-admins) heatmap of which locations were loaded to be overly invasive if it were more granular than 1km or so. in support of the operation of the services from a technical, security and planning point of view. That's fine in theory, but the question is to whom are they accessible/disclosed, and under what terms. It's pretty clear you mean by a small subset people working within OSM who agree not to disclose anything beyond counts/trends. That's fine, but it's not what the text says - as long as there is a nexus to support of operations, any disclosure is within policy. as anonymised, summarised data for research and other purposes. Such data may be offered publicly via http://planet.openstreetmap.org or other channels and used by 3rd parties. Anonymized and summarized are different and it is very tricky to prevent "reidentification" of anonymized data. So summarized, where the individual items no longer appear (queries/month, etc.), I have no issue with. If individual addresses appear, then there's no summarization, and the geo nature of things means that there can be a single address in a region, even if there are 10K in the dataset. What that means, I don't know, but it doesn't seem good to publish the list of addresses that people looked up. to improve the OpenStreetMap dataset. For example by analysing nominatim queries for missing addresses and postcodes and providing such data to the OSM community. It may be reasonable to have on the nomination failure page a "add this query to a public list of queries without an answer". That will both avoid people's queries getting published when they didn't want them to, and also filter out some typos. Sort of like a map note by address we can't geocode, rather than by coordinates. With real routing, addresses that are frequent from values are likely those of OSM users; publishing that seems uncool. No personal information or information that could be linked to an individual will be released to third parties, except as required by law. That's pretty strong, given reidentifciation concerns. So perhaps that's "other than as specififed above". Third party services providing content linked to via or third party JavaScript files utilised by OSMF provided sites are not covered by this policy and you will need to refer to the respective service providers for more information. Examples of such services and content are the HOT and CycleMap map layers on openstreetmap.org and the JavaSctipt frameworks used by help.openstreetmap.org. This is an interesting question. It would be reasonable for OSMF to require that other entities whose content is integrated into openstreetmap.org have privacy policies that are consistent with OSMF's privacy policy. Arguably this should be the case, as it requires some sophistication to know what's separate. The javascript frameworks are an interesting question, and I don't know if the question is about if the hosting provider of the js files keeps logs, or if the js does bad things. I see the js code as logically part of the site and just happened to be on a CDN to save bandwidth. But again from the user viewpoint this is part of the site. Greg pgpoqTWd35o2y.pgp Description: PGP signature ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
[OSM-talk] Draft updated privacy policy
And now for something completely different. I've produced an updated version of the OSM privacy policy: http://wiki.openstreetmap.org/wiki/Updated_Privacy_Policy (the original resides here: http://wiki.openstreetmap.org/wiki/Privacy_Policy). This is largely a private undertaking, it however has been available to stakeholders in the original document and the relevant OSMF working groups for comments and suggestions which have been worked in to the text. The LWG has somewhere on its to-do list an item on a complete review and rewrite of the privacy policy, this is not a replacement for that. It is however likely that whoever does that rewrite would refer to this document or the original privacy policy for the OSM related specifics. Neither the original policy nor this document are published and/or approved OSMF documents, but they should likely be considered for that, at least until a full rewrite is completed. My motivation was mainly that there are some things that should be in the document that are not, and the complications that a complete rewrite as in for example https://wikimediafoundation.org/wiki/Privacy_policy will entail. All that said, the changes are, with one exception, likely uncontroversial and simply document what is current practice. Obvious and clear for old hands, probably not so for newcomers. The exception is the addition of a clause that allows us (the OSM community) to use information submitted to an OSMF run services to be used to support improving the OSM data. Right now the only use of this that I could think of is to mine nominatim queries for missing addresses, postcodes and the like. The is currently NOT done, because it is a potential touchy issue, but it would have some obvious benefits. Comments on the draft are likely best added to the discussion page. Please keep the scope of any comments limited to the changes and not to untouched original text, one day there will be a complete rewrite and that will be the time to address any other issues. Simon signature.asc Description: OpenPGP digital signature ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
