Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, John Smith wrote: I just thought of another situation, when sites don't protect users' privacy someone usually comes up with a firefox extension to protect their own privacy, in this case you'd generate noise by making a lot of fake requests for tiles in 2, 3, or even 10 other locations so that it's hard to determine real requests. Do you now suggest that OSM should encrypt tile access, or do you suggest OSM should ignore those people who are willing to go to such lengths to protect their privacy? I'm finding it increasingly hard to follow your logic. My guess is that these people are unlikely to use OSM in the way you describe because they would want to hide the fact that they even know OSM. They'd much rather use anonymizing procies. Bye Frederik ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Frederik Ramm frede...@remote.org: Do you now suggest that OSM should encrypt tile access, or do you suggest OSM should ignore those people who are willing to go to such lengths to protect their privacy? I'm just pointing out what people have done in the past and what they could do in future, although OSM is a special case in terms of data since you can download the entire dataset and run your own tile server, but it's also feasible that some people on the extreme end of things have come up with firefox plugins that request the real information in noise to protect themselves. I'm finding it increasingly hard to follow your logic. I'm just pointing out different things, this isn't a follow on from other emails, this is something different. My guess is that these people are unlikely to use OSM in the way you describe because they would want to hide the fact that they even know OSM. They'd much rather use anonymizing procies. Even with anonymising proxies it doesn't hide what you requested, just who requested it, so people came up with plugins for google etc that request false searches to hide what they are searching for, not just who is searching for it. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, Matt Amos wrote: as with any security measure, to minimise your risk you need to be aware of the security horizon (which will depend on what your attack profile is) and change your authentication details regularly. I think any security discussion should start with a threat assessment: 1. What do we want to protect? 2. Whom do we need to protect us against? 3. What resources (and what other means to get to 1.) does that guy have? Sometimes, for a balanced reaction, you might also want to add: 4. How realistic is the threat *currently*, and if the threat is not *currently* realistic, then how much damage would be done if one just waits until the threat becomes real? The existing demands for encryption seem more politically/ideologically motivated (we should long since have done X), with the answers to the above being something like our privacy for 1, and world governments for 2. - I don't believe in the notion that general paranoia heightens your personal security and privacy. As for OSM, I'd say we can afford to wait until governments start large-scale spying on their citizens (or subjects, for those of us who live in monarchies), and then we can still encrypt everything. Bye Frederik ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, John Smith wrote: 2009/12/26 Frederik Ramm frede...@remote.org: Do you now suggest that OSM should encrypt tile access, or do you suggest OSM should ignore those people who are willing to go to such lengths to protect their privacy? I'm just pointing out what people have done in the past and what they could do in future, although OSM is a special case in terms of data since you can download the entire dataset and run your own tile server, but it's also feasible that some people on the extreme end of things have come up with firefox plugins that request the real information in noise to protect themselves. Right. So you're not saying that encrypted tile access would do anything to fix this situation. Good, because that's my opinion also. So you brought this up only to show *how* paranoid some people are. Good, but I knew that already ;-) Bye Frederik ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Frederik Ramm frede...@remote.org: 1. What do we want to protect? This depends who you ask. 2. Whom do we need to protect us against? At this stage mostly spammers, accidental incidents and malcious incidents, but with current growth rates is the level of current issues going down or up? Will new problems stay new problems? 3. What resources (and what other means to get to 1.) does that guy have? Well someone was antagonising the Chinese government the other day about not caring about their mapping requirements, they have large amounts of resources to counter the antagonism. Sometimes, for a balanced reaction, you might also want to add: 4. How realistic is the threat *currently*, and if the threat is not *currently* realistic, then how much damage would be done if one just waits until the threat becomes real? 5. If you are reactionary do you want to end up looking silly as a result? The existing demands for encryption seem more politically/ideologically motivated (we should long since have done X), with the answers to the Erm, isn't that the same reasons OSM exists? above being something like our privacy for 1, and world governments for 2. - I don't believe in the notion that general paranoia heightens your personal security and privacy. For #2, the US has already been shown to be doing large scale snooping that proves 2 is occurring, and the UK government wants it to occur. As for #1, China just jailed a dissident for 11 years: http://news.yahoo.com/s/ap/20091225/ap_on_re_as/as_china_dissident_sentence And so #2 and #1 are the same thing in some cases. As for OSM, I'd say we can afford to wait until governments start large-scale spying on their citizens (or subjects, for those of us who live in monarchies), and then we can still encrypt everything. Well the US/China already are, and many others lining up to follow suit. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Frederik Ramm frede...@remote.org: Right. So you're not saying that encrypted tile access would do anything to fix this situation. Good, because that's my opinion also. I wasn't asking for encrypted access to tiles (although it would be nice), I only ever mentioned things like APIs and GPX uploads and anything else where information, especially personally identifiable, is sent to OSM, you generally don't authenticate to request tiles. So you brought this up only to show *how* paranoid some people are. Good, but I knew that already ;-) This is an example of a potential threat to OSM and it's resources if people do this. At this point in time is there any automated methods in place to rate limit tile queuing/sending to users? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/23 Kenneth Gonsalves law...@au-kbc.org: On Tuesday 22 Dec 2009 8:46:39 pm John Smith wrote: I don't value privacy above all else. Name a jurisdiction you think respects privacy, and then let us evaluate Even if I were to do all this you would simply rebuff me with more time wasting endeavours, as you pointed out you care about everything else above privacy. you are distorting his words - read them again. Just like he was distorting mine... In any case he already pointed out he wasn't interested in any answers I came up with so I saved us both time and effort. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
I don't mean to troll, but why is security important for OSM exactly? My bank details, yes. My email, yes. But OSM? What am I afraid of, that someone will ruin my reputation by making edits under my account? Edits that can subsequently be reverted...? Steve ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Steve Bennett stevag...@gmail.com: I don't mean to troll, but why is security important for OSM exactly? My bank details, yes. My email, yes. But OSM? What am I afraid of, that someone will ruin my reputation by making edits under my account? Edits that can subsequently be reverted...? Your account may be able to do relatively little damage, but what about someone who has more access? Then you also have the possibility of collecting large amounts of account details, since almost everything is still sent in the clear, what if they have a lot of accounts, how easy would that be to revert? Which is the entire point of it, most of the time no one cares enough until something bad happens... If you want to talk about lax bank security I can give you a few pointers there too, where banks in the UK and even in Australia aren't doing to prevent common bot attacks already occurring, again, most people don't care until it negatively impacts them. If encrypted connections are so over rated, why don't people still use telnet to manage servers? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Sat, Dec 26, 2009 at 1:36 AM, John Smith deltafoxtrot...@gmail.comwrote: Your account may be able to do relatively little damage, but what about someone who has more access? Fair point. Then you also have the possibility of collecting large amounts of account details, since almost everything is still sent in the clear, what if they have a lot of accounts, how easy would that be to revert? That situation exists already. Nothing is stopping someone from signing up for thousands of accounts then using them all simultaneously. If you want to talk about lax bank security I can give you a few snip No, I don't want to talk about lax bank security. If encrypted connections are so over rated, snip Keep it relevant to OSM, thanks. I asked the specific question: is OSM security important? Steve ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Steve Bennett stevag...@gmail.com: That situation exists already. Nothing is stopping someone from signing up for thousands of accounts then using them all simultaneously. And that would be easy to deal with, since the only edits would be malicious if this is the intent, what about dealing with a mix of malicious and non-malicious edits? No, I don't want to talk about lax bank security. You brought it up. Keep it relevant to OSM, thanks. I asked the specific question: is OSM security important? But it is relevent, if encryption is so over rated why do other methods of doing things on the internet are, and have been for a long time been encrypted? Those who forget the past are doomed to repeat their mistakes. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Steve Bennett stevag...@gmail.com: That situation exists already. Nothing is stopping someone from signing up for thousands of accounts then using them all simultaneously. I just thought of another situation, when sites don't protect users' privacy someone usually comes up with a firefox extension to protect their own privacy, in this case you'd generate noise by making a lot of fake requests for tiles in 2, 3, or even 10 other locations so that it's hard to determine real requests. It'd be reasonably straight forward to do too, when ever you request tiles you just add a known offset to x/y/zoom and keep track of that information so that repeat requests wouldn't be exposed. I'm not suggesting anyone do this, nor am I planning to do this myself, just pointing out the lengths some people can and will go to, to protect their privacy. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Fri, Dec 25, 2009 at 9:38 AM, John Smith deltafoxtrot...@gmail.com wrote: I don't think OAuth is a valid security method. why not? cheers, matt ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 John Smith deltafoxtrot...@gmail.com: 2009/12/26 Matt Amos zerebub...@gmail.com: On Fri, Dec 25, 2009 at 9:38 AM, John Smith deltafoxtrot...@gmail.com wrote: I don't think OAuth is a valid security method. why not? Unless cryptography is involved how do you know your packets aren't being intercepted and proxied and altered in transit? Sure OSM isn't much of a target at present, however the more popular that something becomes the more likely it is to be attacked as well. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Sat, Dec 26, 2009 at 12:30 AM, John Smith deltafoxtrot...@gmail.com wrote: 2009/12/26 John Smith deltafoxtrot...@gmail.com: 2009/12/26 Matt Amos zerebub...@gmail.com: On Fri, Dec 25, 2009 at 9:38 AM, John Smith deltafoxtrot...@gmail.com wrote: I don't think OAuth is a valid security method. why not? If you hadn't snipped my email you would have read the answer. i didn't see anything in the rest of your email(s) germane to OAuth, which is why i snipped that bit. Unless cryptography is involved how do you know your packets aren't being intercepted and proxied and altered in transit? because OAuth does cryptographic signing of the requests. Sure OSM isn't much of a target at present, however the more popular that something becomes the more likely it is to be attacked as well. OSM is already being attacked by some vandals and some spam bots. but none of these attacks have been against the authentication parts of OSM. cheers, matt ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Matt Amos zerebub...@gmail.com: because OAuth does cryptographic signing of the requests. Via a clear channel, which can be proxied and mangled and so on. OSM is already being attacked by some vandals and some spam bots. but none of these attacks have been against the authentication parts of OSM. Cost v benefit, there is little benefit in vandalism at this point in time beyond ego trips, but as things grow more popular that doesn't mean things won't become more interesting when it becomes a potential financial benefit to create damage, say if a Government decides that it doesn't like that OSM is publishing accurate maps of their country and in turn are loosing out on revenues, so they spend a little money to disrupt things. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Sat, Dec 26, 2009 at 1:46 AM, John Smith deltafoxtrot...@gmail.com wrote: 2009/12/26 Matt Amos zerebub...@gmail.com: because OAuth does cryptographic signing of the requests. Via a clear channel, which can be proxied and mangled and so on. proxied yes, mangled no. the cryptographic signature which OAuth performs allows the server to detect if the request was modified en-route and it will reject it if so. OAuth isn't a substitute for SSL, but it is a substitute for passwords which means that requests are secure and your password doesn't go in the clear. to securely create an OAuth token we need SSL, but Tom has already said that's on his todo list. cheers, matt ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Lars Francke lars.fran...@gmail.com: Hmmm one of us doesn't understand OAuth or we have a different understanding of what _mutual cryptographic authentication_ is. As others have said, without SSL it can still be brute forced so that's not exactly what I was thinking. SSL can use client and server certificates and they can authenticate against each other. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Sat, Dec 26, 2009 at 2:25 AM, John Smith deltafoxtrot...@gmail.com wrote: 2009/12/26 Matt Amos zerebub...@gmail.com: On Sat, Dec 26, 2009 at 1:46 AM, John Smith deltafoxtrot...@gmail.com wrote: 2009/12/26 Matt Amos zerebub...@gmail.com: because OAuth does cryptographic signing of the requests. Via a clear channel, which can be proxied and mangled and so on. proxied yes, mangled no. the cryptographic signature which OAuth performs allows the server to detect if the request was modified en-route and it will reject it if so. I should have been clear, I didn't mean it would be accepted I meant it might get mangled and be unusable: http://www.theregister.co.uk/2009/12/23/vodafone_christmas/ while that's really sad, and a complete FAIL for vodafone, this site claims that: Secure HTTPS sites are transcoded, except for banking sites. Users are warned that their security may be compromised when visiting a non-banking secure site through the transcoder. http://wapreview.com/blog/?p=1837 which means there's no argument here for using SSL on vodafone. OAuth isn't a substitute for SSL, but it is a substitute for passwords Nuff said. indeed. OSM doesn't need SSL for API traffic, it just needs a system for secure authentication. and it has one in OAuth. cheers, matt ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Matt Amos zerebub...@gmail.com: which means there's no argument here for using SSL on vodafone. I have no idea what Voda is up to, because they would throw up all sorts of warning messages from browsers, even on phones, and users would complain endlessly. SSL is usually left alone if for no other reason to prevent custom complaints, but no such browser errors/warnings occur if html has been messed with. indeed. OSM doesn't need SSL for API traffic, it just needs a system for secure authentication. and it has one in OAuth. So people can brute force OAuth credentials? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Sat, Dec 26, 2009 at 3:05 AM, John Smith deltafoxtrot...@gmail.com wrote: 2009/12/26 Matt Amos zerebub...@gmail.com: which means there's no argument here for using SSL on vodafone. I have no idea what Voda is up to, because they would throw up all sorts of warning messages from browsers, even on phones, and users would complain endlessly. SSL is usually left alone if for no other reason to prevent custom complaints, but no such browser errors/warnings occur if html has been messed with. it seems that SSL isn't being left alone. indeed. OSM doesn't need SSL for API traffic, it just needs a system for secure authentication. and it has one in OAuth. So people can brute force OAuth credentials? given sufficiently many signatures, it's possible to brute force a single token with a very large amount of effort. however, this token doesn't give sufficient access to either create further tokens or change users credentials and can be easily revoked. it's also worth noting that it's possible to brute force SSL certificates, but again, with a very large amount of effort. in general, it's possible to brute force everything except one-time pads. as with any security measure, to minimise your risk you need to be aware of the security horizon (which will depend on what your attack profile is) and change your authentication details regularly. cheers, matt ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/26 Matt Amos zerebub...@gmail.com: it seems that SSL isn't being left alone. I'm not in the UK so I can't test it, can anyone confirm this is actually happening? given sufficiently many signatures, it's possible to brute force a single token with a very large amount of effort. however, this token doesn't give sufficient access to either create further tokens or Lets put things into perspective here, what bit size do most OAuth keys use? (or the tokens) unless it's up around 2048 bit it potentially could be done on some of the GPU number crunching systems that are about in a smallish amount of time. Depends on the reward actually as to how much effort someone will put into breaking something. change users credentials and can be easily revoked. it's also worth noting that it's possible to brute force SSL certificates, but again, Yes, but to date only 56bit RSA has been broken, although that doesn't mean something much larger can't be broken, but if it was feasible there is still a couple of 1024bit RSA certs in older browsers, and 2048 in most current browser that haven't been broken. I'm actually surprised some of the older RSA keys haven't been cracked to issue valid SSL certs for scammers, but they generally don't need SSL to commit fraud against people that hand out their personal information willy nilly. with a very large amount of effort. in general, it's possible to brute force everything except one-time pads. I like these for giving to remote hands... as with any security measure, to minimise your risk you need to be aware of the security horizon (which will depend on what your attack profile is) and change your authentication details regularly. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
When does anyone plan to use SSL to protect passwords and users on OSM? I noticed the other day about how JOSM puts this in it's MOTD: Your username and password are sent to the server unencrypted. If you do not like this, do not upload. While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. There has even been a bug on this issue for 3 years! http://trac.openstreetmap.org/ticket/275 This is even more concerning when you add into the mix the UK government is trying to record globs and globs of additional information on data travelling across internet links in the UK, among other things. http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/ As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I realise there is some APIs floating about that use alternative authentication schemes, but the majority of users will be sending their passwords (and everything else for that matter) clear text over the internet for all and sundry to snoop on. Is it really reasonable to not offer SSL encryption? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On 22/12/09 14:11, John Smith wrote: When does anyone plan to use SSL to protect passwords and users on OSM? It's on my to do list to create a CSR and give to it to Grant. There are some issues to work out with regard to what we protect though as we don't really want to be using SSL for all the API requests though so we would prefer to encourage clients to move to using OAuth so we can then just protect the initial exchange when the application is authorised. I noticed the other day about how JOSM puts this in it's MOTD: Your username and password are sent to the server unencrypted. If you do not like this, do not upload. While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. Well if the JOSM authors want to help then they should switch to OAuth ;-) As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I don't think I'm cced on that ticket so I hadn't seen that, but we were planning to get a wildcard certificate anyway. Tom -- Tom Hughes (t...@compton.nu) http://www.compton.nu/ ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/23 Tom Hughes t...@compton.nu: It's on my to do list to create a CSR and give to it to Grant. openssl req -nodes -new -keyout private.key -out server.csr There are some issues to work out with regard to what we protect though as we don't really want to be using SSL for all the API requests though so we would prefer to encourage clients to move to using OAuth so we can then just protect the initial exchange when the application is authorised. Why can't you protect everything if people want that? Encryption used to be expensive in terms of hardware now it's relatively cheap, especially with some of the kit you guys are running for much more CPU intensive things. I'm not suggesting to make SSL compulsary for everything or even enabled by default, but at least give us the option to have it protect everything we submit to OSM especially if we aren't in the UK and able to do anything about what the UK government is planning. Well if the JOSM authors want to help then they should switch to OAuth ;-) Protecting passwords is only part of the problem, why would I want to submit GPS traces privately if you don't wish to properly safe guard my privacy? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, John Smith wrote: I gave several good reasons, but you chose to rebuff my question with a silly question. No, you didn't give any reasons, you just basically claimed that SSL protects users and passwords, and I said that I think neither is the case. It is a common fallacy to think so. It's not just passwords, that's just the most obvious case, why would I even consider uploading private traces in future if the UK govt goes ahead and you fail to protect my privacy properly, The UK government can, at any time, force access to our servers which are located within its jurisdiction, and download your every private traces from these servers. At least if they request it from OSM they're be required to get a warrent and potentially face legal challenges, when they pull data over the wire en mass what legal recourse is there? I don't think spying on people without a warrant becomes more legal if done secretly. Then ask for donations for hardware or to buy hardware that can handle the requests, SSL really isn't a resource issue like it used to be, hardware has continued to improve greatly and demands from encryption is now a minor concern. Why should we? The issue is kind of moot now since TomH has already said they're planning to do something but I really dislike your attitude. If you think that SSL is required then do something to get SSL implemented - raise funds, work on the API, work on the editors - just don't sit there and say: Why doesn't OSM do this and that. Bye Frederik ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/23 Frederik Ramm frede...@remote.org: No, you didn't give any reasons, you just basically claimed that SSL protects users and passwords, and I said that I think neither is the case. It is a common fallacy to think so. In the sense that it protects bits going over the internet that is a factual statement, at present no such protection exists. If unencrypted connections are so good why is SSH almost universally utilised for *nix based administration and other forms of encryption for other OS's? The UK government can, at any time, force access to our servers which are located within its jurisdiction, and download your every private traces from these servers. Correct, so when are the servers shipping out of the UK into a jurisdiction that actually respects privacy? I don't think spying on people without a warrant becomes more legal if done secretly. No, it's to do with recourse if done illegally or for reasons that had no real justification in the first place, there is no such thing if the government can collect anything it wants at any time as it cross over the wire. Why should we? The issue is kind of moot now since TomH has already said Because you seemed overly concerned with how much of an impact encryption would have, which isn't based in reality for the most part. they're planning to do something but I really dislike your attitude. If you think that SSL is required then do something to get SSL implemented - raise funds, work on the API, work on the editors - just don't sit there and say: Why doesn't OSM do this and that. So adding comments to trac and sending emails on this topic is doing nothing? If I had access to servers I could have had it implemented server side 5 minutes ago, there is no point doing anything in editors until the server supports it, since based on Tom's comment we don't even know what to expect in terms of crypto to even know where to start. So what exactly is it in your opinion that I could be doing that I'm not already? ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, John Smith wrote: The UK government can, at any time, force access to our servers which are located within its jurisdiction, and download your every private traces from these servers. Correct, so when are the servers shipping out of the UK into a jurisdiction that actually respects privacy? I don't value privacy above all else. Name a jurisdiction you think respects privacy, and then let us evaluate * how would OSM servers be funded there * how would we get expert admins nearby like we have now * how would we make sure we have similar network performance and reliability * what downtime and other unwanted consequences would a move imply and then we can discuss whether anyone wants to afford the extra privacy. I'm unlikely to be in favour. So adding comments to trac and sending emails on this topic is doing nothing? Nothing of value anyway. So what exactly is it in your opinion that I could be doing that I'm not already? Raise funds for better hardware that seamlessly handles encryption; or start modifying editors to support OAuth so that they can use SSL for the login part only - that would be a start. Write How-Tos etc. that explain OAuth to users. Bye Frederik ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/23 Frederik Ramm frede...@remote.org: I don't value privacy above all else. Name a jurisdiction you think respects privacy, and then let us evaluate Even if I were to do all this you would simply rebuff me with more time wasting endeavours, as you pointed out you care about everything else above privacy. I'm unlikely to be in favour. So you're wasting both our time as a result. Raise funds for better hardware that seamlessly handles encryption; or start And here I was thinking raising the issue was the first step to this, of course you are just giving me time wasting exercises in the hope that this issue will go away. modifying editors to support OAuth so that they can use SSL for the login part only - that would be a start. Write How-Tos etc. that explain OAuth to users. How does OAuth make things any more secure than encryption? Perhaps you are confusing mutual authentication via cryptography (ie ssl client certificates) which removes the need completely for passwords. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Raise funds for better hardware that seamlessly handles encryption; or start modifying editors to support OAuth so that they can use SSL for the login part only - that would be a start. Write How-Tos etc. that explain OAuth to users. Just as a side note: OSM currently implements OAuth 1.0 which is a very nice step forward. Unfortunately in the time between development (on OSM) and release a security flaw was identified and OAuth 1.0a was released. So before encouraging a large scale usage of OAuth (it requires changes in clients and servers) it would be nice if OSM were updated to this newer version. I'm normally always happy to provide patches but I am not familiar enough with Ruby/RoR to do this kind of stuff. Cheers, Lars ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
John Smith wrote: So what exactly is it in your opinion that I could be doing that I'm not already? Cut down the number of trolling posts you make to the mailing lists. Cheers, Chris ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
2009/12/23 Chris Hill o...@raggedred.net: John Smith wrote: So what exactly is it in your opinion that I could be doing that I'm not already? Cut down the number of trolling posts you make to the mailing lists. What did you add to this discussion exactly, at least I'm following up on a bug/feature request others are interested in that TomH wasn't aware of. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 02:30:38PM +, Tom Hughes wrote: On 22/12/09 14:11, John Smith wrote: When does anyone plan to use SSL to protect passwords and users on OSM? It's on my to do list to create a CSR and give to it to Grant. There are some issues to work out with regard to what we protect though as we don't really want to be using SSL for all the API requests though so we would prefer to encourage clients to move to using OAuth so we can then just protect the initial exchange when the application is authorised. My guess is that the API server is fully I/O bound and has massive spare CPU. So encrypting all API calls shouldnt be much of a problem - There is not that much data transferred anyway, just a lot of connected with little data in them. I'd like to see SSL encrypted connections for everything, there are a lot of employees spying on their staff, governments on their population and people each other. I am not afraid in loosing my password to someone as its a unique for OSM but the world is full of privacy black holes and we want to support our users/mappers against any breach of confidentiality. Flo -- Florian Lohoff f...@rfc822.org Es ist ein grobes Missverständnis und eine Fehlwahrnehmung, dem Staat im Internet Zensur- und Überwachungsabsichten zu unterstellen. - - Bundesminister Dr. Wolfgang Schäuble -- 10. Juli in Berlin signature.asc Description: Digital signature ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, Florian Lohoff wrote: So encrypting all API calls shouldnt be much of a problem - There is not that much data transferred anyway, just a lot of connected with little data in them. I thought the expensive bit was setting up the connection, not transmitting data? I'd like to see SSL encrypted connections for everything, there are a lot of employees spying on their staff, governments on their population and people each other. I am not afraid in loosing my password to someone as its a unique for OSM but the world is full of privacy black holes and we want to support our users/mappers against any breach of confidentiality. I might support that elsewhere but with regard to OSM, my honest plea to everyone is: If you have something that should remain secret, DO NOT UPLOAD IT TO OSM. Because I (as a member of the project) do not want to share responsibility for keeping the secret. Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09 E008°23'33 ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 6:14 PM, Florian Lohoff f...@rfc822.org wrote: On Tue, Dec 22, 2009 at 02:30:38PM +, Tom Hughes wrote: On 22/12/09 14:11, John Smith wrote: When does anyone plan to use SSL to protect passwords and users on OSM? It's on my to do list to create a CSR and give to it to Grant. There are some issues to work out with regard to what we protect though as we don't really want to be using SSL for all the API requests though so we would prefer to encourage clients to move to using OAuth so we can then just protect the initial exchange when the application is authorised. My guess is that the API server is fully I/O bound and has massive spare CPU. So encrypting all API calls shouldnt be much of a problem - There is not that much data transferred anyway, just a lot of connected with little data in them. Can we please stop guessing / explaining how easy it is, and believe that the sysadmin team aren't mindless idiots and actually know what they're doing? Please? It would make this list a heck of a lot easier to read if every other e-mail wasn't utter rubbish. Thanks, Dave ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 07:31:10PM +0100, Frederik Ramm wrote: I'd like to see SSL encrypted connections for everything, there are a lot of employees spying on their staff, governments on their population and people each other. I am not afraid in loosing my password to someone as its a unique for OSM but the world is full of privacy black holes and we want to support our users/mappers against any breach of confidentiality. I might support that elsewhere but with regard to OSM, my honest plea to everyone is: If you have something that should remain secret, DO NOT UPLOAD IT TO OSM. Because I (as a member of the project) do not want to share responsibility for keeping the secret. Its not about the data you are uploading - but probably the fact that you participate in an open project at all. Otherwise - why do we have nicknames? We definitly have people who would not like their employee to know they are participating in open geodata. Yes - i know - you'll see the endpoints anyway but nevertheless. Noone should easily be able to read what i do. Flo -- Florian Lohoff f...@rfc822.org Es ist ein grobes Missverständnis und eine Fehlwahrnehmung, dem Staat im Internet Zensur- und Überwachungsabsichten zu unterstellen. - - Bundesminister Dr. Wolfgang Schäuble -- 10. Juli in Berlin signature.asc Description: Digital signature ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 12:41 PM, Florian Lohoff f...@rfc822.org wrote: Its not about the data you are uploading - but probably the fact that you participate in an open project at all. Um, if you are nervous about others knowing that you participate in this project, then why do you do it? Is there an establishment out there that has an interest in preventing you from doing this? Otherwise - why do we have nicknames? We have nicknames because it's easier to type in and is the social norm on the internet. I could just as easy type my full name in to the nickname field on OSM as Foobar Stevenson. We definitly have people who would not like their employee to know they are participating in open geodata. If it's important to them that their employers don't know they participate in OSM, then they should go to whatever means they feel necessary to get around their employers watchful eye. Nevermind my point made above... Yes - i know - you'll see the endpoints anyway but nevertheless. Noone should easily be able to read what i do. That's the whole point of this operation! If you don't want want people to easily read what you do, then you should probably not participate in something called *OPEN*StreetMap. ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 12:50:59PM -0600, Ian Dees wrote: On Tue, Dec 22, 2009 at 12:41 PM, Florian Lohoff f...@rfc822.org wrote: Its not about the data you are uploading - but probably the fact that you participate in an open project at all. Um, if you are nervous about others knowing that you participate in this project, then why do you do it? Is there an establishment out there that has an interest in preventing you from doing this? Would Teleatlas, Navteq, Google, AND, Ordnance Survey like their employees participate in Open Mapping projects? We definitly have people who would not like their employee to know they are participating in open geodata. If it's important to them that their employers don't know they participate in OSM, then they should go to whatever means they feel necessary to get around their employers watchful eye. Nevermind my point made above... Ahhh - Getting aound means using nicknames and might mean encrypting your network traffic, wouldnt it? Flo -- Florian Lohoff f...@rfc822.org Es ist ein grobes Missverständnis und eine Fehlwahrnehmung, dem Staat im Internet Zensur- und Überwachungsabsichten zu unterstellen. - - Bundesminister Dr. Wolfgang Schäuble -- 10. Juli in Berlin signature.asc Description: Digital signature ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Hi, Florian Lohoff wrote: Um, if you are nervous about others knowing that you participate in this project, then why do you do it? Is there an establishment out there that has an interest in preventing you from doing this? Would Teleatlas, Navteq, Google, AND, Ordnance Survey like their employees participate in Open Mapping projects? I would not want these employees to participate in OpenStreetMap during their working hours and from their office computers because more likely than not this would make the respective company a copyright/license holder in the data they produce, and thus render any license granted to OSM by the individual worthless. Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09 E008°23'33 ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On 01/-10/-28163 08:59 PM, John Smith wrote: ... So adding comments to trac and sending emails on this topic is doing nothing? I think pretty much everything has already been said on this topic, but writing emails and trac tickets is so much easier than writing patches... ;-) And John, you are a java programmer, right? So you would presumably actually have the technical skills to write patches, which admittedly not everyone has. If I had access to servers I could have had it implemented server side 5 minutes ago, there is no point doing anything in editors until the server supports it, since based on Tom's comment we don't even know what to expect in terms of crypto to even know where to start. So what exactly is it in your opinion that I could be doing that I'm not already? As Frederik already said, I think the most useful thing would be to get JOSM and merkartor to support OAuth. That would significantly reduce the risk of exposing the username and password in cleartext, as it would then limited it to the login page and also send it much less frequently, as OAuth tokens are valid indefinitely. It would also allow to implement alternative authentication methods such as e.g. OpenID, which would then no longer require to reveal any password to OSM at all anymore. So OpenID would be another thing you could work on. I had already started with a proof of concept implementation ( http://trac.openstreetmap.org/ticket/2500 ) but never got around to incorporating the suggestions or integrating it correctly with the other authentication mechanisms. So there are many things you could productively do to help improve protection of user name and password if you have the necessary skills. Suggesting to move the entire infrastructure into a different country without concrete suggestions is not one of them though! And to all those who are worried about their employer sniffing their OSM activity, I would seriously suggest not (miss)using your employers IT infrastructure for your hobby or use a proper anonymising proxy instead. Adding SSL encryption just adds a false sens of privacy on data that is published openly immediately after wards through the API and planet dumps anyway. A more useful exercise would imho be to educate users that e.g. GPX traces marked private aren't actually private, but can be downloaded as a dot cloud through the api, just not as a full GPX file. Kai ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tue, Dec 22, 2009 at 8:27 PM, Frederik Ramm frede...@remote.org wrote: Hi, Florian Lohoff wrote: Um, if you are nervous about others knowing that you participate in this project, then why do you do it? Is there an establishment out there that has an interest in preventing you from doing this? Would Teleatlas, Navteq, Google, AND, Ordnance Survey like their employees participate in Open Mapping projects? I would not want these employees to participate in OpenStreetMap during their working hours and from their office computers because more likely than not this would make the respective company a copyright/license holder in the data they produce, and thus render any license granted to OSM by the individual worthless. in the UK, its not such a great idea for TA/NT employees to contribute outside of work either... Even if the work is created by the employee in their own time and using their own resources, the employee will not necessarily be able to claim any rights in that work, if the employer shows that the nature of the work created was that which could be reasonably contemplated as part of the employee’s duties. This is demonstrated by the case of Missing Link Software v Magee [1989]. [1,2] cheers, matt [1] http://www.unitetheunion.com/member_services/legal_help/employment_issues/intellectual_property_works.aspx [2] http://www.lawdit.co.uk/reading_room/room/view_article.asp?name=../articles/13-APR-%283%29-CR-EMPS-.htm ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
On Tuesday 22 Dec 2009 8:46:39 pm John Smith wrote: I don't value privacy above all else. Name a jurisdiction you think respects privacy, and then let us evaluate Even if I were to do all this you would simply rebuff me with more time wasting endeavours, as you pointed out you care about everything else above privacy. you are distorting his words - read them again. -- regards Kenneth Gonsalves Senior Project Officer NRC-FOSS http://nrcfosshelpline.in/web/ ___ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk