openstreetmap / openstreetmap-website

The Rails application that powers OpenStreetMap
https://www.openstreetmap.org/
GNU General Public License v2.0
2.2k stars 911 forks source link

Forbid anonymous comments for notes #1543

Closed Zverik closed 5 years ago

Zverik commented 7 years ago

We in Russia have encountered a person that is leaving anonymous one-letter comments to all of the notes. That got me thinking, why do we do that, allowing anonymous comments? I understand anonymous reports: people can help improving the map without registering. But comments cannot add anything helpful: reporters who commit, register.

smaprs commented 5 years ago

Hi, there's a flood of anonymous notes in Brazil too right now, most probably by one single user. I was thinking, a suggestion: it's not nice just forbiding, so what about limiting anonymous notes to 3, or 1, by day (detecting by IP)? If it's a spammer, it would be forced to halt; if it's really interested, will either register or resume next day. I dont know how, know very little about programming.

matkoniecz commented 5 years ago

One user may use many IPs and many users may use one IP. School or in some cases entire country may use a single IP.

smaprs commented 5 years ago

Ok, there will be always some pros and cons. The problem keeps standing. Any pro-active suggestion to effectively solve this problem?

naoliv commented 5 years ago

While there's no consensus on that, could we at least forbid anonymous users to close notes?

A note created or commented by an anonymous, while inconvenient/annoying, can be verified later (having only the disadvantage of spending time and energy on it; but does not generate damage to the information or OSM).

A note closed, however, can potentially lead to loss of information (for example, someone reported that there is a shop in a certain location and an anonymous user simply closes that note).

This applies mainly to anonymous users who end up closing each and every open note they find on the map.

matkoniecz commented 5 years ago

could we at least forbid anonymous users to close notes

Can you link to any note closed by anonymous user? AFAIK it is impossible to do as not logged in user.

naoliv commented 5 years ago

Can you link to any note closed by anonymous user? AFAIK it is impossible to do as not logged in user.

Why didn't I test it...

I am sorry.

SomeoneElseOSM commented 5 years ago

Ok, there will be always some pros and cons. The problem keeps standing. Any pro-active suggestion to effectively solve this problem?

As has been suggested many times previously, prevent anonymous users from commenting on existing notes. I would go further than that and also suggest that we prevent anonymous users from creating notes in the first place.

Any value that anonymous note comments and notes have is far outweighed by the problems that they cause - see the long thread above for evidence of this. The DWG also gets numerous reports of problem notes (often large numbers of notes in the same area at the same time). As @woodpeck mentions above there are a few things we can do on a note-by-note basis, but without a user account to hang the notes off there's no action that we can take against a note spammer that would prevent them from adding more.

woodpeck commented 5 years ago

https://www.openstreetmap.org/note/808072 recent example of the kind of garbage we have to deal with from anonymous note commenters.

Zverik commented 5 years ago

I see a kind of double standards regarding this website. When I suggested we give maps.me users a simpler access to the website by implementing the same oauth access as for google and microsoft, it was almost unanimously blocked, 'cause it might hurt the map (I guess — isn't that the only argument we can have?). When dozens of active members ask for closing anonymous comments that visibly hurt the mappers' experience, it is still blocked, because even a slightest contribution matters.

It can be either the first or the second. If a slightest contribution matters, then we should open to all, including the dreaded maps.me (although the moment is obviously lost). If mappers matter, then at least anonymous comments should be closed.

simonpoole commented 5 years ago

Just so that everybody can read what the problem with @Zverik PR was at the time I offer https://github.com/openstreetmap/openstreetmap-website/pull/1433 (note no mention of 'cause it might hurt the map).

Zverik commented 5 years ago

Yeah, there were very vague reasons which boiled down to "This issue is blocked because it requires a policy decision". Then I made the policy (https://github.com/openstreetmap/operations/issues/162), and everyone basically ignored it, because accepting or rejecting the policy would mean people would need to do something.

But you're derailing the discussion. I know you're triggered with maps.me, but this is not about maps.me. This is about removing spam and not bothering mappers with info they cannot use.

Why #1926 which closes this issue has not been merged yet? Could people in power please give an answer people could act on? Do we need another policy?

richlv commented 5 years ago

All anonymous comments I recall are spam or people forgetting to log in. As a community, we waste tons of time on these that is not offset by one-off useful anonymous comment.

gravitystorm commented 5 years ago

Why #1926 which closes this issue has not been merged yet? Could people in power please give an answer people could act on?

I don't think you'll like my answer, but here goes. I can't speak for anyone else and I don't know what the other maintainer thinks on this topic. But for me, it simply hasn't got to the top of my own priority list. There's only so many days in a week that I can spend on this project. I've even stepped down from OWG in order to spend more time here. But with so many open pull requests, so many open issues, my own priorities for the project (in particular, support for multiple API versions, and making it easier for new developers to get started) and all the other stuff, not everything gets done as fast as I would like, nor as fast as everyone else would like.

It doesn't help that, behind the scenes, notes are implemented in a decidedly sub-optimal fashion, so any time I go near them I want to ignore the topic and work on other things!

Do we need another policy?

Policies can help with certain things, but not e.g. making me work harder :-)

Zverik commented 5 years ago

Andy, I appreciate you working on the website, and I'm happy to see quite a lot of progress in its internal implementation. I don't require you or anybody to do anything with the matter. All I want is a clear decision that this — restricting anonymous notes — needs to be done and will be done in near future. Maybe not by coding, but by commenting on the ready-made pull request. I'd prefer not to see more discussion topics like how do we identify anonymous users or should we improve moderation.

This issue is as of yesterday the most commented and the one with the most reactions on this issue tracker. If that doesn't mark it as the most important from a user side, I don't know what does.

matkoniecz commented 5 years ago

I don't require you or anybody to do anything with the matter. All I want is a clear decision that this — restricting anonymous notes

Reviewing PR and making decision is something that needs to be done. And especially with such policy decision - dealing with following complaints that are likely no matter what the decision will be made.

richlv commented 5 years ago

Here's a valid anonymous comment... no wait, another user who got logged out :) https://www.openstreetmap.org/note/1729759

As for complaints, a few options: a) Send them all to me. I'll try to reply to all with a polite, canned response. b) Auto-suggest people complaining that they should survey and fix all anonymous notes first.

Anonymous notes seem to have been of low value from the very beginning - https://help.openstreetmap.org/questions/23106/removing-anonymous-notes-from-map .

matkoniecz commented 5 years ago

Anonymous notes seem to have been of low value from the very beginning

Poland has many useful anonymous notes (with strong evidence that majority is really from people without accounts)

tomhughes commented 5 years ago

We're not talking about anonymous notes here, only about additional anonymous comments on existing notes. So the first comment can still be anonymous, just not later ones.

Adamant36 commented 5 years ago

I've gotten some useful anonymous responses before when asking what the name of some place is or if a road goes through. That said, I'm not sure it balances out the bad. Maybe a way to do it would be to limit anonymous responses to two messages or something. Then the person could leave the initial message, respond if need be, but not spam the note system.

Igmu commented 5 years ago

First, the irony of having to login and discuss whether the need to log in to make a comment.

Imagining for anonymous participation: Political restriction to access current information. "Open" should be open to all and errors should be reduced by population of contributors. Save on storage? More contributors vs user info?

Against anonymous without a Turing Test nor logging with credentials: Trolls.

verdy-p commented 5 years ago

classic bahesian spam detection can help: if the bahesian score is too low, discard it directly from anonymous users. If it's in a middle range (possibly frequent, but also in comments sent by logged in users), consider using a captcha to confirm it (and inform the user that he could avoid the captcha by creating an account and logging in). If the comment is long enough (giving details, or a non intrusive link e.g. to a photo site where users must be logged in, or to wellknown peer-reviewed data sources, consider adding it reasonnably so that these details can be reevaluated, or explaining a situation like local changes not currently visible in the aerial, or recent works/damages, or a press article) it can be kept (as long as the link itself is not in a banned spamming domain) Bahesian score filters work quite well for emails, why couldn't they be used for comments ? There are already good datasources for evaluating mail contents if we don't want to host out own local database for Bahesian evaluation (e.g. Wikimedia uses several parsers to autodetect and evaluate edits in articles, plus some whitelists and blacklists, and other sources like DNSBL providers)

verdy-p commented 5 years ago

Another way would also be to limit the frequency of comments by "anon" IP (e.g. 1 per hour, then a captcha will be presented). If the IP is known to be in an open proxy, the threshold could be adjusted to 1 per 4 hours before the captcha is presented). Open proxies are not always bad, they are sometimes the only way to connect (from shared internet accesses in developing countries) and to help preserving users's privacy (or avoid local political/social/religious troubles for some mapped topics), or when people are traveling abroad and cannot use their regular ISP without excessive costs.

There are also open wifi hotspots in hotels, restaurants, cafés, transportations, whose IP is always changing and reused by many unrelated users, sometimes from very different locations, and some mobile ISPs that never provide any stable IPv4 address but connect them with non routable temporary IPv4 that changes at each request, they are proxies by the ISP (not every mobile ISP provide IPv6 connectivity to allow unique and stable IPv6 instead of an unstable proxied IPv4). Let's not cut the route for the exploding number of mobile users.

verdy-p commented 5 years ago

Can you explain your "down votes" just above? What is wrong against mobile users, when mobile are in some countries the only way to connect in most areas and all rural areas? Isn't this change highly biased in favor users located in well developed countries that will only map from their chair based on aerial photography ? How can most local users then easily comment these remotely made mappings? The best tool they have if their smartphone or tablet, or shared PCs in cafes, with unstable connections and very short sessions. Well if we block them here, they will contribute to Facebook or Twitter, not to OSM...