Forgot your password?
typodupeerror
Google Technology

OpenStreetMap Reports Data Vandalism From Google-Owned IPs 178

Posted by timothy
from the yes-but-where-are-the-perps dept.
An anonymous reader writes "Following reports of misconduct by Google employees in Kenya and India, It has been found that Google IP addresses have been responsible for deliberate vandalism of OpenStreetMap data. While it is unlikely that this was a deliberate or coordinated attack by Google HQ on the competition, multiple such reports does raise the question of whether or not Google has become too big to effectively enforce its 'Don't be evil' philosophy across its massive organization."
This discussion has been archived. No new comments can be posted.

OpenStreetMap Reports Data Vandalism From Google-Owned IPs

Comments Filter:
  • by Thud457 (234763) on Tuesday January 17, 2012 @10:45AM (#38724344) Homepage Journal
    It's starting to sound like Google needs to reign in their over-eager foreign subsidiaries.
    • by jkflying (2190798) on Tuesday January 17, 2012 @10:55AM (#38724498)

      From a comment on the first linked page:

      Tom Hughes said...

      As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.

      The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

      The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

      That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.

      It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour. ...

      Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.

      Trying to read that as meaning that there have been 100,000 instances of vandalism is completely misleading.

      • by Anonymous Coward on Tuesday January 17, 2012 @11:07AM (#38724684)

        One of the blog post authors is Steve Coast from Microsoft Bing Maps. Plus, the OSMF is claiming this post is a personal communication and does not represent the position of their board. So, the whole thing is starting to sound very suspicious.

        • by beelsebob (529313) on Tuesday January 17, 2012 @11:49AM (#38725298)

          Note –Steve Coast founded OpenStreetMap.

          • by AberBeta (851747)

            Note –Steve Coast now works for a competitor of Google (Maps).

            • Re: (Score:2, Informative)

              by TheRaven64 (641858)
              Note that Evil Microsoft permits OpenStreetMap to trace its aerial photography to generate maps, and uses OSM data, and cooperates in several other ways with OSM, while Don't-Be-Evil Google tries to pretend that OSM doesn't exist and pushes Android handset makers to include Google Maps instead of an OSM app (in spite of the fact OSM has more detailed maps everywhere I've tested them) and does not share any of their mapping data - including user-provided data - with the community.
              • by jdgeorge (18767)

                ... Don't-Be-Evil Google tries to pretend that OSM doesn't exist and pushes Android handset makers to include Google Maps instead of an OSM app (in spite of the fact OSM has more detailed maps everywhere I've tested them) and does not share any of their mapping data - including user-provided data - with the community.

                1. Is there evidence that any handset makers wanted to use an OSM app, but Google prevented them from loading the OSM map? I noticed that my handset came preloaded with Google Maps and a third-party GPS app.
                2. Users are free to provide their own map data to OSM. Is the problem that Google doesn't accept user data under a license that would allow Google to freely redistribute the data?

              • Ahh, of course, Google pretends OSM doesn't exist... right...

                http://wiki.openstreetmap.org/wiki/Google_Summer_of_Code [openstreetmap.org]

      • by LWATCDR (28044) on Tuesday January 17, 2012 @11:14AM (#38724754) Homepage Journal

        In other words it could have been.
        An honest mistake.
        Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.
        IP addresses can be spoofed as can mac addresses.

        • by msauve (701917) on Tuesday January 17, 2012 @11:58AM (#38725442)
          "IP addresses are not identity."

          Thank you. The hypocrisy around here is large, but not surprising.

          Does Google offer guest Wi-Fi access at any of their locations? Does anyone in Google run a Tor exit node? Are there any live jacks in Google meeting rooms? Do they NAT multiple internal addresses?

          It's one thing to confirm suspicions by setting up a honeypot phone number like Mocality did, and then receive calls from people identifying themselves as being from Google. It's quite another to only point to an IP addresses and place blame with no further evidence.
          • Does Google offer guest Wi-Fi access at any of their locations?

            Yes, but they require you to sign in. They also log and monitor all traffic on their networks, so it should be relatively easy for them to identify who is responsible.

            • by Smallpond (221300)

              They also log and monitor all traffic on their networks, so it should be relatively easy for them to identify who is responsible.

              But since they don't do evil, they won't be able to do anything about it.

        • by Maow (620678)

          In other words it could have been.
          An honest mistake.

          It could have been, but rather doubtful that someone (or someones) with true good intentions would change street info in cities thousands of km away and repeatedly be wrong in their changes. Particularly since this "honest" mistake comes from the same IPs as the Mocality "hackers" within a week or so of those incidents being exposed.

          Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.
          IP addresses can be spoofed as can mac addresses.

          Corporate IPs are far more likely to be static than residential IPs. Corporate IPs are far more likely to have IT staff ensuring the hardware isn't part of some botnet, etc.

    • by fatphil (181876)
      You "rein in", not "reign in". As in what you horses.
    • by beelsebob (529313)

      Alternatively, it could simply be that google aren't as pro-open as they like to put across. Just like all big companies, they're pro-open when they're falling behind in the development race (e.g. android when it was first out), and pro-closed when they're way ahead of the competition (maps, search, android's increasing restrictions now).

      • Why would you think they are pro-open? Google Maps implemented its own user-submitted-content system and doesn't share this with the wider community. In contrast, MapQuest and Bing Maps both cooperate with OSM and provide them with data.

        They're also not ahead of their competitors. I was looking for a place near the station in my home town a while ago. On OSM, the building is numbered. On Google Maps, the road that the building is on was completely missing. If you look at the Google Map of Paris, yo

        • I do appreciate that you think the OSM maps are of better quality. I am involved with it but at times I find them lacking but have been working to improve them in my city as well as in areas where I hunt. It seems that the coverage of Europe is by far better than in the US.
  • Shocking (Score:5, Funny)

    by fph il quozientatore (971015) on Tuesday January 17, 2012 @10:49AM (#38724406) Homepage
    Disconcerting. What next now, Norton producing viruses?
    • Re:Shocking (Score:5, Funny)

      by unity100 (970058) on Tuesday January 17, 2012 @10:53AM (#38724468) Homepage Journal
      norton is itself a virus since 1995-96.
      • by poity (465672)

        Norton became self-replicating during that time? It may be a shit program, but it's no virus.

        • by unity100 (970058)
          it replicates itself through advertising and marketing and stupid hosts. once it installs on some computer, it doesnt go away unless wipe the thing clean with a format.

          i installed it once in 1996 or something. the shock was so great that i have never, ever used anything that was remotely affiliated with norton. what's more appalling is that, they have not changed their behavior since the passing 14 years.
    • by KiloByte (825081)

      At least one AV maker used to brag about this semi-publicly in the 80s when (at least here) it wasn't a crime. I fail to believe no one does this today too -- especially that authorship of a virus is damn hard to prove and an AV maker will legitimately have samples of hundreds or thousands of viruses, including commented assembly.

      • by ppanon (16583)
        While I deplore the act of writing viruses, I can't say I wholly condemn anti-virus companies for doing so if they do/did so. For a long time, companies would sweep vulnerabilities under the carpet and avoid fixing them. Having exploits in the wild was the one way to grab their attention (and, if you go back far enough, even with a sample exploit you were more likely told to shut up than be lauded). So as a result, we overall probably have better systems security now than we would have otherwise, because th
  • I hope not (Score:2, Informative)

    by Anonymous Coward

    OpenStreetMap is a very good project, it is basically the Wikipedia of Maps. Wikipedia even links to OpenStreetMap when you look up co-oridnates for articles such as cities. It can also be more up-to date in areas that are having heavy construction. For example a major new bypass road was built in my city and it was added to OpenStreetMap the day it opened. Google maps still doesn't have it even a year later.

    Support OpenStreetmap, I hope they do a SOPA blackout to show how useful they are in places where Go

  • by Anonymous Coward on Tuesday January 17, 2012 @10:54AM (#38724478)

    On the same blogpost,
    Tom Hughes said...
    As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.
    The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

    The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

    That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.

    It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Also says
      Tom Hughes said...
      I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded.

      Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.

      Trying to read that as meaning that there have been 100,000 instan

    • by ArsenneLupin (766289) on Tuesday January 17, 2012 @11:25AM (#38724908)

      ...without approaching Google at all...

      Good point. Fairness would be to first ask google for a position, maybe it was indeed just a rogue individual, or a mistake or whatever.

      but then comes the first question: how would one actually accomplish this feat, i.e. to "approach" google. Complaint addresses are exceedingly difficult to find, and those that are there don't seem to be manned. So it seems to me, the only solution does indeed be to skip the "let's discuss this first" step, and go directly to the press. Google, if you don't like this, then please become more "approachable", and people will approach you before badmouthing you in public.

      • by Fnord666 (889225)

        but then comes the first question: how would one actually accomplish this feat, i.e. to "approach" google.<sic>

        Well, you could start with the whois data for the domain. Alternately you used to be able to email abuse@example.domain.com and get a reasonable reply or at least a contact point.

        • email abuse@example.domain.com

          Well, except that abuse@google.com is not manned, and you merely get back of form letter without any followup whatsoever.

          • by EasyTarget (43516)

            Is that a form letter with the correct contact addresses and url's in it by any chance?

            Just askin...

            • Nope, no contact addresses in there. Just a pointer to the FAQ covering 3 frequently encountered issues (which unfortunately didn't address the question that I had), and without any further addresses.
              • by EasyTarget (43516)

                MeaCulpa.. I just saw an example of it too; it's not great.. Kind of assumes you are reporting a gmail user; doesn't seem to afford anything for the google.com domain at all. And a whois on it does not reveal any addresses apart from their DNS admin account.

                Searching 'Report google.com abuse' also just turns up pages of info on how to report gmail users or malicious apps; nothing to do with the network side of things.

                Apart from anything else this is a foot-shoot for Google; it means that if you have a Goog

          • How about this? [google.com] I see a phone, fax and mailing address for each of their locations. I find it hard to believe that if you send a FedEx with ATTN: Legal Department you won't get a response.

            It seems completely understandable how they wouldn't offer an easily-findable email address, since doing so would immediately result in a thousand emails a minute containing profanity and death threats because the personal website of John Smith #2945 is not on the first page of search results for "John Smith" etc., which w

  • The larger organizations get, the harder it becomes to enforce whatsoever organization-wide. They acquire their own dynamics; one of the most important of that self-perpetuating dynamical processes & characteristics is mediocrity. Doing bad things, or at least a readiness in some individuals to do them, is part of that mediocrity. It is similar to what made many IBM products almost too complex to use, and an ungovernable mastodont out of, say, Bell and IBM, as corporations. I personally noticed the same
  • Ok, so some disgruntled employees of Google have been caught munging and corrupting data intentionally.

    That's a serious issue that needs to be addressed.

    But it misses the most important question to me: WHY would someone do this?

    To discredit Google, revenge on a "cruel" and "vicious" employer or manager?

    To cause mayhem and accidents in India and elsewhere?

    To make sure their favourite curry shop can't be found by others so they don't have to wait in line with the "stinking masses"?

    What would POSS

    • by nadaou (535365)

      man this post has been up for 10 minutes already without some /.er correcting you on the correct use of the "question begs to be asked" .... you guys are slipping.

      • you guys are slipping.

        But that begs the question, why are we slipping?

        • by msobkow (48369)

          Hey, I said I learned "The Queen's English" in elementary and high school here in Canada, I never said I was perfect at wielding the language. :)

    • by idontgno (624372)

      What would POSSIBLY be the purpose of messing up street map data?

      4 teh lulz?

      Douchebaggery is usually its own reward.

    • by tlhIngan (30335)

      Ok, so some disgruntled employees of Google have been caught munging and corrupting data intentionally.

      That's a serious issue that needs to be addressed.

      But it misses the most important question to me: WHY would someone do this?
      [snip]

      What would POSSIBLY be the purpose of messing up street map data?

      Easy - to discredit OpenStreetMap.

      OSM produces a product that compets with Google Maps. Except, well, it's got several advantages.

      First, it's free to download and use, while Google Maps requires an internet connec

      • Easy - to discredit OpenStreetMap.

        Changing a few entries in map data is unlikely to make anyone choose it or not (since no one is likely to notice). By contrast, accusing a competitor of doing so is far more likely to make it into the media and cause damage to the company's reputation, which provides a substantial disincentive for that company to have actually intentionally tried to damage the competing product and risk the accusation.

        Of course, it also provides a substantial incentive for the competitor (whether Microsoft or OSM itself) to

        • by msobkow (48369)

          Well, they might notice when an oncoming flood of traffic wakes them to the realization they're headed the wrong way on a one-way street. :)

          • It may be for the best: Any driver capable of ignoring the street signs indicating a one way street is in need of having their license revoked, and that is the sort of thing that police take notice of (unlike various other, equally dangerous things that bad drivers do on a regular basis).

  • by Stewie241 (1035724) on Tuesday January 17, 2012 @11:05AM (#38724652)

    So... just for clarification, does an IP identify somebody? or not?

    I'm fairly certain that when I visited the GooglePlex they had a publically accessible WIFI connection. Do those count as Google owned IPs?

    • So... just for clarification, does an IP identify somebody? or not?

      Depends. Let's say someone in my office, connected through our wired network, had done this. Then the IP address would most likely lead to my office and therefore to my company, and OpenStreetMap would be quite justified to say "someone at XXX did this". Since I work for a company that has a reputation to lose, I'd say it is quite possible that my company would shortly afterwards say that an ex-employee was responsible.

      • Hmmm... do most network configurations restrict IPs to a certain computer/ethernet port? I'm rather unaware as to how most corporations setup their networks. Would there be something that would stop me from powering off somebody's computer and using their IP?

        • by greed (112493)

          It's possible for managed switches to lock a port to a particular MAC (or a list of them). That's done at the Ethernet layer.

          Layer 3 switches can look at the IP address ('cause they're layer 3) and make sure that Approved IP Addresses are associated with Approved MAC Addresses only.

          Which is still useless for all but the casual wrong-plug fault, because anyone actually breaking your network security can emit any MAC address they want. So they just need to intercept a couple of frames before switching to th

    • by dougmc (70836)

      So... just for clarification, does an IP identify somebody? or not?

      You really ought to know the answer to this by now. But if not, I'll remind you ... it depends.

      If something bad has been done to you, and you have an IP address, and that IP address has been said to be owned by a person (be it the person who pays the cable modem bill, the company that owns the free WiFi, etc.) ... then yes, an IP address clearly and uniquely identifies the responsible party. The letter your lawyer wrote up to send to the person to demand compensation *clearly* states that, after all.

      If y

    • by Baloroth (2370816)

      No, it does not identify you.

      However, when notified of malevolent behavior from an IP address you own, you should have some explanation for who/what may have been responsible. Which may be as simple as open WiFi or as complex as Russian and Chinese hackers. Or bad corporate policy.

  • Do no evil? (Score:4, Insightful)

    by alexo (9335) on Tuesday January 17, 2012 @11:10AM (#38724716) Journal

    raise the question of whether or not Google has become too big to effectively enforce it's 'Do no evil' philosophy across its massive organization.

    Do not confuse a marketing slogan for a philosophy.

    • by fatphil (181876)
      Indeed, and it's certainly one that they've made almost no attempt to live up to for well over half a decade. I seem to remember the first time I called google evil was back in the early noughties, when it became clear they had no intention to deliver on their promises regarding the buyout of dejanews and acquisition of other usenet archives, and provided a thoroughly inferior service. (So much so, that I take almost every opportunity possible to say googlegroups sucks now.)
  • Storm in a teacup (Score:5, Interesting)

    by b0bby (201198) on Tuesday January 17, 2012 @11:13AM (#38724746) Homepage

    As others have pointed out, this seems to be a storm in a teacup. If it leads to more participation in OSM, however, it'll be a good thing. I recently installed the Navfree android app (free onboard maps GPS, there's an IOS version too), and noticed a number of small inaccuracies in my neighborhood. Correcting them was really pretty easy; the maps around me already seem pretty usable, and with a bit more tweaking will be as good as any of the commercial alternatives. When I had first looked at it a couple of years ago the maps around me were pretty dire, so they've come a long way. House numbering seems to be the big remaining issue for navigation system use.

    • by Shompol (1690084)
      This is a free advertisement, no less! I did not know about Navfree before, thank you for the pointer.
      • by b0bby (201198)

        That's kinda why I posted; I only discovered it myself a couple of days ago and I like it - I have a wifi only Android phone so I am happy to have something free which has the maps stored locally. If you have 3g data the Google maps are good, but Navfree works for me. The last map update seems to have been in December so I hope they'll grab the updated OSM data sometime soon & I can see my changes reflected there.

      • by Shompol (1690084)
        ...looks like it is ad-supported or $9 a year -- pretty steep for an OpenStreetMap user. There is plenty of other projects out there [openstreetmap.org] The question is -- are any of the open source ones usable?
  • I'm told that IP addresses are not identity.

    IP addresses can be spoofed as can mac addresses.

    Is this true?

    Or maybe there are different rules when the Big Bad Google is involved?

    • IP addressed do give out their identity, just not, usually, enough to narrow down to a person that actually performed the action. If it is part of a static block owned by someone, you know it is was used somewhere within their network (unless you suspect the IP was faked at the BGP level, and the attacker is skilled enough to perform it, and what was gained is significant enough). To narrow it down to the person that actually performed it, you would need the logs of all network activity, which associates ne

  • Public WiFi (Score:4, Informative)

    by Anonymous Coward on Tuesday January 17, 2012 @11:20AM (#38724846)

    Google has open public WiFi available on many of its offices that you can pick up from across the street. You can't easily tell machines on those networks from internal machines.

    Just pointing that out.

  • Seriously, why is it "unlikely that this was a deliberate or coordinated attack by Google HQ on the competition"

    Just because Google's motto is "do no evil" they sure don't live up to it...

  • Google's motto isn't "Do no evil", it's "Don't be evil". You can do as much evil actions as you want as long as you're doing them for a good cause (Google's success), then you aren't being evil.

  • by Anonymous Coward

    Sadly, I'm an anon, so nobody will read this, BUT:

    Google used to have a product called "Google Web Accelerator" which was, essentially, a Google proxy that operated similar to the idea behind Kindle Fire: Make the proxy crunch images and the like to make the browser work faster.

    While using it, I noticed that IP reporting sites would all show that I was coming from Google in Mountain View, CA. ... who's to say that a savvy vandal simply isn't using GWA?

  • "Starting to"? (Score:2, Interesting)

    by UncHellMatt (790153)
    Sorry, but "starting to" suggests Google's recent actions are somehow different or new. Google has been deliberately and willfully evil for years now. If memory serves, Google has revealed the names of Chinese dissidents in the past [wordpress.com] (single citation being used, though going back you do find more), and gleefully gave in to the Chinese government too many times to cite all of them, all in the name of a bit of dosh.

    Why is ANY of this a surprise? Companies that have a great product, a great service, that los
  • If Google is doing this, it's not good. However, when you think about it... If a map CAN be defaced, can it be reliable? Perhaps they need some sort of moderated change system. This system need not be heavily reliant on human oversight. But for something that need be authoritative, changes should be controlled.
  • Do No Evil? Every company does the opposite of their motto. Think Different? This Changes Everything? Your World Delivered? Think? Yeah, not really.
    • (spontaneous association on my part, completely OT)

      Reminds me of how the people foaming about how bad X is, are the ones who cannot abstain from X.

  • Slashdot not publish stories like: Apple sued for extortion, Microsoft licenses patents to LG for Android, Microsoft confirms UEFi fears and locks down ARM devices?

    Why does every unconfirmed Google smear story by this "TechGuy" shill seems to be immediately published?
     

  • Google has little, if any, financial interest in map data. They buy all of it from sources like NavTeq and GDI. I suspect Google could replace these sources with their own collection efforts - if they wanted to. It is a huge task and to do quality work takes a lot of effort. It would appear that Google would rather buy than build.

    Now, if someone found NavTeq screwing with someone's map data I could understand. They have a huge financial interest (as in the whole company) in map data and being the prima

Machines that have broken down will work perfectly when the repairman arrives.

Working...