OpenStreetMap Reports Data Vandalism From Google-Owned IPs 178
An anonymous reader writes "Following reports of misconduct by Google employees in Kenya and India, It has been found that Google IP addresses have been responsible for deliberate vandalism of OpenStreetMap data. While it is unlikely that this was a deliberate or coordinated attack by Google HQ on the competition, multiple such reports does raise the question of whether or not Google has become too big to effectively enforce its 'Don't be evil' philosophy across its massive organization."
this, and then that other thing... (Score:5, Insightful)
Re:this, and then that other thing... (Score:5, Informative)
From a comment on the first linked page:
Tom Hughes said...
As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.
The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.
The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.
That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.
It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour. ...
Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.
Trying to read that as meaning that there have been 100,000 instances of vandalism is completely misleading.
Re:this, and then that other thing... (Score:5, Interesting)
One of the blog post authors is Steve Coast from Microsoft Bing Maps. Plus, the OSMF is claiming this post is a personal communication and does not represent the position of their board. So, the whole thing is starting to sound very suspicious.
Re:this, and then that other thing... (Score:5, Insightful)
Note –Steve Coast founded OpenStreetMap.
Re: (Score:2)
Note –Steve Coast now works for a competitor of Google (Maps).
Re: (Score:2, Informative)
Re: (Score:2)
... Don't-Be-Evil Google tries to pretend that OSM doesn't exist and pushes Android handset makers to include Google Maps instead of an OSM app (in spite of the fact OSM has more detailed maps everywhere I've tested them) and does not share any of their mapping data - including user-provided data - with the community.
1. Is there evidence that any handset makers wanted to use an OSM app, but Google prevented them from loading the OSM map? I noticed that my handset came preloaded with Google Maps and a third-party GPS app.
2. Users are free to provide their own map data to OSM. Is the problem that Google doesn't accept user data under a license that would allow Google to freely redistribute the data?
Re: (Score:2)
Ahh, of course, Google pretends OSM doesn't exist... right...
http://wiki.openstreetmap.org/wiki/Google_Summer_of_Code [openstreetmap.org]
Re:this, and then that other thing... (Score:5, Insightful)
In other words it could have been.
An honest mistake.
Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.
IP addresses can be spoofed as can mac addresses.
Re:this, and then that other thing... (Score:5, Insightful)
Thank you. The hypocrisy around here is large, but not surprising.
Does Google offer guest Wi-Fi access at any of their locations? Does anyone in Google run a Tor exit node? Are there any live jacks in Google meeting rooms? Do they NAT multiple internal addresses?
It's one thing to confirm suspicions by setting up a honeypot phone number like Mocality did, and then receive calls from people identifying themselves as being from Google. It's quite another to only point to an IP addresses and place blame with no further evidence.
Re: (Score:3)
Does Google offer guest Wi-Fi access at any of their locations?
Yes, but they require you to sign in. They also log and monitor all traffic on their networks, so it should be relatively easy for them to identify who is responsible.
Re: (Score:2)
They also log and monitor all traffic on their networks, so it should be relatively easy for them to identify who is responsible.
But since they don't do evil, they won't be able to do anything about it.
Re: (Score:2)
No, they don't be evil, which is less restrictive, merely requiring that good - evil > 0
Bollocks, morality doesn't work like that. An act is either good, bad or neutral on its own merits and for every particular case. If Gandhi had once tortured a puppy to death for the lulz you wouldn't excuse it because he did a lot of good elsewhere.
Re: (Score:2)
In other words it could have been.
An honest mistake.
It could have been, but rather doubtful that someone (or someones) with true good intentions would change street info in cities thousands of km away and repeatedly be wrong in their changes. Particularly since this "honest" mistake comes from the same IPs as the Mocality "hackers" within a week or so of those incidents being exposed.
Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.
IP addresses can be spoofed as can mac addresses.
Corporate IPs are far more likely to be static than residential IPs. Corporate IPs are far more likely to have IT staff ensuring the hardware isn't part of some botnet, etc.
Re: (Score:2)
As opposed to doing the same as they do for all the identical incidents that do not involve Google, which I assume is "nothing at all beyond repairing any damage".
Re: (Score:2)
Re: (Score:3)
Alternatively, it could simply be that google aren't as pro-open as they like to put across. Just like all big companies, they're pro-open when they're falling behind in the development race (e.g. android when it was first out), and pro-closed when they're way ahead of the competition (maps, search, android's increasing restrictions now).
Re: (Score:2)
Why would you think they are pro-open? Google Maps implemented its own user-submitted-content system and doesn't share this with the wider community. In contrast, MapQuest and Bing Maps both cooperate with OSM and provide them with data.
They're also not ahead of their competitors. I was looking for a place near the station in my home town a while ago. On OSM, the building is numbered. On Google Maps, the road that the building is on was completely missing. If you look at the Google Map of Paris, yo
Re: (Score:2)
Re: (Score:2)
Sounds like a monkey sphere problem to me.
Being somewhat behind in my hip memeological studies, I had to look this up, and it is clearly a total load of bollocks concept intended to bolster right wing ideologies of selfishness with a pseudo-scientific rationale.
I was going to link to Wikipedia but it is on strike for a day, however no doubt as it is a right wing concept most people on slashdot are familiar with it already, and indeed probably use it as a bumper sticker.
Shocking (Score:5, Funny)
Re:Shocking (Score:5, Funny)
Re: (Score:2)
Norton became self-replicating during that time? It may be a shit program, but it's no virus.
yes (Score:2)
i installed it once in 1996 or something. the shock was so great that i have never, ever used anything that was remotely affiliated with norton. what's more appalling is that, they have not changed their behavior since the passing 14 years.
Re: (Score:2)
Re: (Score:2)
At least one AV maker used to brag about this semi-publicly in the 80s when (at least here) it wasn't a crime. I fail to believe no one does this today too -- especially that authorship of a virus is damn hard to prove and an AV maker will legitimately have samples of hundreds or thousands of viruses, including commented assembly.
Re: (Score:2)
I hope not (Score:2, Informative)
OpenStreetMap is a very good project, it is basically the Wikipedia of Maps. Wikipedia even links to OpenStreetMap when you look up co-oridnates for articles such as cities. It can also be more up-to date in areas that are having heavy construction. For example a major new bypass road was built in my city and it was added to OpenStreetMap the day it opened. Google maps still doesn't have it even a year later.
Support OpenStreetmap, I hope they do a SOPA blackout to show how useful they are in places where Go
Cheap publicity stunt--admin who found evidence (Score:5, Informative)
On the same blogpost,
Tom Hughes said...
As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.
The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.
The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.
That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.
It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.
Re: (Score:3, Informative)
Also says
Tom Hughes said...
I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded.
Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.
Trying to read that as meaning that there have been 100,000 instan
Re:Cheap publicity stunt--admin who found evidence (Score:5, Insightful)
...without approaching Google at all...
Good point. Fairness would be to first ask google for a position, maybe it was indeed just a rogue individual, or a mistake or whatever.
but then comes the first question: how would one actually accomplish this feat, i.e. to "approach" google. Complaint addresses are exceedingly difficult to find, and those that are there don't seem to be manned. So it seems to me, the only solution does indeed be to skip the "let's discuss this first" step, and go directly to the press. Google, if you don't like this, then please become more "approachable", and people will approach you before badmouthing you in public.
Re: (Score:2)
but then comes the first question: how would one actually accomplish this feat, i.e. to "approach" google.<sic>
Well, you could start with the whois data for the domain. Alternately you used to be able to email abuse@example.domain.com and get a reasonable reply or at least a contact point.
Re: (Score:2)
email abuse@example.domain.com
Well, except that abuse@google.com is not manned, and you merely get back of form letter without any followup whatsoever.
Re: (Score:2)
Is that a form letter with the correct contact addresses and url's in it by any chance?
Just askin...
Re: (Score:2)
Re: (Score:2)
MeaCulpa.. I just saw an example of it too; it's not great.. Kind of assumes you are reporting a gmail user; doesn't seem to afford anything for the google.com domain at all. And a whois on it does not reveal any addresses apart from their DNS admin account.
Searching 'Report google.com abuse' also just turns up pages of info on how to report gmail users or malicious apps; nothing to do with the network side of things.
Apart from anything else this is a foot-shoot for Google; it means that if you have a Goog
Re: (Score:2)
How about this? [google.com] I see a phone, fax and mailing address for each of their locations. I find it hard to believe that if you send a FedEx with ATTN: Legal Department you won't get a response.
It seems completely understandable how they wouldn't offer an easily-findable email address, since doing so would immediately result in a thousand emails a minute containing profanity and death threats because the personal website of John Smith #2945 is not on the first page of search results for "John Smith" etc., which w
Re: (Score:2)
Well, you could start with the whois data for the domain.
yeah right. Has that ever worked for you?
On occasion it has. Even with some Indian and Chinese domains. But not for google.
Re: (Score:2)
Google is a company trying to make money.
Yes, but please not on the back of society at large.
I promise you there are multiple published phone numbers that will get you to a live person working or affiliated with Google who can escalate the issue internally to the right person.
Great! Can you post some of these numbers? Most numbers unfortunately connect to some helpless receptionist who doesn't understand any technical question, much less knows whom to escalate it to internally.
Call the Google Apps Premiere sales line idiot.
Can you give me the phone number of this "sales line idiot"? Will he be able to help me, or will he just pretend that my request is not worth following up because "You're the first customer having a problem of this kind" or other such excuse?
I'd hate to
Re: (Score:2)
Good point (Score:2)
But it begs the question: Why? (Score:2)
Ok, so some disgruntled employees of Google have been caught munging and corrupting data intentionally.
That's a serious issue that needs to be addressed.
But it misses the most important question to me: WHY would someone do this?
To discredit Google, revenge on a "cruel" and "vicious" employer or manager?
To cause mayhem and accidents in India and elsewhere?
To make sure their favourite curry shop can't be found by others so they don't have to wait in line with the "stinking masses"?
What would POSS
Re: (Score:3)
man this post has been up for 10 minutes already without some /.er correcting you on the correct use of the "question begs to be asked" .... you guys are slipping.
Re: (Score:2)
you guys are slipping.
But that begs the question, why are we slipping?
Re: (Score:2)
Hey, I said I learned "The Queen's English" in elementary and high school here in Canada, I never said I was perfect at wielding the language. :)
Re: (Score:2)
What would POSSIBLY be the purpose of messing up street map data?
4 teh lulz?
Douchebaggery is usually its own reward.
Re: (Score:2)
Easy - to discredit OpenStreetMap.
OSM produces a product that compets with Google Maps. Except, well, it's got several advantages.
First, it's free to download and use, while Google Maps requires an internet connec
Re: (Score:2)
Easy - to discredit OpenStreetMap.
Changing a few entries in map data is unlikely to make anyone choose it or not (since no one is likely to notice). By contrast, accusing a competitor of doing so is far more likely to make it into the media and cause damage to the company's reputation, which provides a substantial disincentive for that company to have actually intentionally tried to damage the competing product and risk the accusation.
Of course, it also provides a substantial incentive for the competitor (whether Microsoft or OSM itself) to
Re: (Score:2)
Well, they might notice when an oncoming flood of traffic wakes them to the realization they're headed the wrong way on a one-way street. :)
Re: (Score:2)
It may be for the best: Any driver capable of ignoring the street signs indicating a one way street is in need of having their license revoked, and that is the sort of thing that police take notice of (unlike various other, equally dangerous things that bad drivers do on a regular basis).
Does an IP identify or not? (Score:5, Interesting)
So... just for clarification, does an IP identify somebody? or not?
I'm fairly certain that when I visited the GooglePlex they had a publically accessible WIFI connection. Do those count as Google owned IPs?
Re: (Score:2)
So... just for clarification, does an IP identify somebody? or not?
Depends. Let's say someone in my office, connected through our wired network, had done this. Then the IP address would most likely lead to my office and therefore to my company, and OpenStreetMap would be quite justified to say "someone at XXX did this". Since I work for a company that has a reputation to lose, I'd say it is quite possible that my company would shortly afterwards say that an ex-employee was responsible.
Re: (Score:2)
Hmmm... do most network configurations restrict IPs to a certain computer/ethernet port? I'm rather unaware as to how most corporations setup their networks. Would there be something that would stop me from powering off somebody's computer and using their IP?
Re: (Score:2)
It's possible for managed switches to lock a port to a particular MAC (or a list of them). That's done at the Ethernet layer.
Layer 3 switches can look at the IP address ('cause they're layer 3) and make sure that Approved IP Addresses are associated with Approved MAC Addresses only.
Which is still useless for all but the casual wrong-plug fault, because anyone actually breaking your network security can emit any MAC address they want. So they just need to intercept a couple of frames before switching to th
Re: (Score:2)
So... just for clarification, does an IP identify somebody? or not?
You really ought to know the answer to this by now. But if not, I'll remind you ... it depends.
If something bad has been done to you, and you have an IP address, and that IP address has been said to be owned by a person (be it the person who pays the cable modem bill, the company that owns the free WiFi, etc.) ... then yes, an IP address clearly and uniquely identifies the responsible party. The letter your lawyer wrote up to send to the person to demand compensation *clearly* states that, after all.
If y
Re: (Score:2)
Ah yes.
Crystal clear.
Re: (Score:2)
No, it does not identify you.
However, when notified of malevolent behavior from an IP address you own, you should have some explanation for who/what may have been responsible. Which may be as simple as open WiFi or as complex as Russian and Chinese hackers. Or bad corporate policy.
Do no evil? (Score:4, Insightful)
raise the question of whether or not Google has become too big to effectively enforce it's 'Do no evil' philosophy across its massive organization.
Do not confuse a marketing slogan for a philosophy.
Re: (Score:2)
Storm in a teacup (Score:5, Interesting)
As others have pointed out, this seems to be a storm in a teacup. If it leads to more participation in OSM, however, it'll be a good thing. I recently installed the Navfree android app (free onboard maps GPS, there's an IOS version too), and noticed a number of small inaccuracies in my neighborhood. Correcting them was really pretty easy; the maps around me already seem pretty usable, and with a bit more tweaking will be as good as any of the commercial alternatives. When I had first looked at it a couple of years ago the maps around me were pretty dire, so they've come a long way. House numbering seems to be the big remaining issue for navigation system use.
Re: (Score:2)
Re: (Score:2)
That's kinda why I posted; I only discovered it myself a couple of days ago and I like it - I have a wifi only Android phone so I am happy to have something free which has the maps stored locally. If you have 3g data the Google maps are good, but Navfree works for me. The last map update seems to have been in December so I hope they'll grab the updated OSM data sometime soon & I can see my changes reflected there.
Re: (Score:2)
Re: (Score:2)
I'm told that IP addresses are not identity. (Score:2)
I'm told that IP addresses are not identity.
IP addresses can be spoofed as can mac addresses.
Is this true?
Or maybe there are different rules when the Big Bad Google is involved?
Re: (Score:2)
IP addressed do give out their identity, just not, usually, enough to narrow down to a person that actually performed the action. If it is part of a static block owned by someone, you know it is was used somewhere within their network (unless you suspect the IP was faked at the BGP level, and the attacker is skilled enough to perform it, and what was gained is significant enough). To narrow it down to the person that actually performed it, you would need the logs of all network activity, which associates ne
Public WiFi (Score:4, Informative)
Google has open public WiFi available on many of its offices that you can pick up from across the street. You can't easily tell machines on those networks from internal machines.
Just pointing that out.
Why? (Score:2)
Seriously, why is it "unlikely that this was a deliberate or coordinated attack by Google HQ on the competition"
Just because Google's motto is "do no evil" they sure don't live up to it...
Summary has the motto all wrong (Score:2, Funny)
Google's motto isn't "Do no evil", it's "Don't be evil". You can do as much evil actions as you want as long as you're doing them for a good cause (Google's success), then you aren't being evil.
You, too, can have a Google IP address (Score:2, Interesting)
Sadly, I'm an anon, so nobody will read this, BUT:
Google used to have a product called "Google Web Accelerator" which was, essentially, a Google proxy that operated similar to the idea behind Kindle Fire: Make the proxy crunch images and the like to make the browser work faster.
While using it, I noticed that IP reporting sites would all show that I was coming from Google in Mountain View, CA. ... who's to say that a savvy vandal simply isn't using GWA?
"Starting to"? (Score:2, Interesting)
Why is ANY of this a surprise? Companies that have a great product, a great service, that los
Does trust work for mapping? (Score:2)
Mottos (Score:2)
Re: (Score:2)
(spontaneous association on my part, completely OT)
Reminds me of how the people foaming about how bad X is, are the ones who cannot abstain from X.
Why does slashdot accpt every TechGuy troll, but (Score:2)
Slashdot not publish stories like: Apple sued for extortion, Microsoft licenses patents to LG for Android, Microsoft confirms UEFi fears and locks down ARM devices?
Why does every unconfirmed Google smear story by this "TechGuy" shill seems to be immediately published?
Google and map data? (Score:2)
Google has little, if any, financial interest in map data. They buy all of it from sources like NavTeq and GDI. I suspect Google could replace these sources with their own collection efforts - if they wanted to. It is a huge task and to do quality work takes a lot of effort. It would appear that Google would rather buy than build.
Now, if someone found NavTeq screwing with someone's map data I could understand. They have a huge financial interest (as in the whole company) in map data and being the prima
Re: (Score:3, Interesting)
Re: (Score:2)
There's really no money in defacing OpenStreetMaps
I have adblock plus so I don't know, but can someone verify if maps.google.com has ads?
Damage to a competitor results in more ad impressions amongst people not smart enough to use an ad blocker, leads to real money...
Re:Evil (Score:5, Informative)
Disable adblock for a minute, and check it yourself. :)
They don't have the regular adword ads. They do have business listings in the map. Most of the business listings show up if you search for something like "pizza near 10011".
Re: (Score:2)
Sure there's money in defacing OSM –it lowers the quality of the competition, and increases the chance that people will pay to use google maps.
Re: (Score:2)
Incredibly there is lots of money in the Mapping, lots of income. Someone in Google probably saw OSM as a potential competitor and decided to do mischief. If you change the directions of one way streets that is dangerous. Especially if say Google was starting to use their map database to do not only directions but automobile autonomous control. Those kind of changes would sabotage anyone else's attempt at doing the same kind of project because the liability would be too high.
Bravo to whoever went in and
Re: (Score:2)
Is OpenStreetMaps a credible competitor to Google Maps? I've only used their data for maps in the Caribbean where it is okay, but leaves a lot to be desire (which is reasonable since there is likely less of a crowd to source from). Is it better in the US?
Re: (Score:2)
I agree, I like the idea of OpenStreetMaps, but I'm not really sure that it's at the point where it can compete with Google Maps. Which is why if this article were true it would be so stupid. Or perhaps brilliant, sabotage the competition before anybody thinks they're competitive.
Re: (Score:3)
It's great in Europe. Major cities have fantastic detail, far better than Google maps -- footpaths, cycle paths, phone boxes, every bus stop, name/number of every building, etc. Last time I looked (2 years ago?) the place my parents live (small village in England) was just a couple of main roads, but since then someone has filled in the rest of the roads, and the public footpaths, electricity pylons, etc. Google still have "Xxx Road" instead of "Xxx Street" for the road my parents live on, which sometimes
Re: (Score:2)
OSM and GMaps will only ever compete in certain areas of use. What makes OSM great is (for the time being) not its renderer(s) and certainly not its search but the free availability of the underlying data that allows uses way beyond a mere street map. What makes GMaps greats is certainly not the timeliness, accuracy and level of detail of their spatial data but the interconnection with any other information you can google. Which is exactly why I doubt that Google deliberately attacked OSM: People go to Goog
Re: (Score:2)
Re: (Score:2)
It's not the level of detail, it's other things like the lack of a satellite view and how Google Maps has translations of place names in China whereas OSM doesn't. Satellite view doesn't seem to be important until you find yourself trying to figure out where you're going and you realize that knowing what things look like roughly is a huge help.
Re: (Score:2)
In a lot of areas, their data is way more accurate and detailed than google's, unfortunately, in a lot of areas, their data is significantly less complete.
Re: (Score:2)
Shouldn't think of them as competitors. My neighborhood exists in Google Maps because I added it to OSM using the JOSM tool, tracing Yahoo satellite images (which was allowed at the time, no idea if it still is).
Google apparently consults the OSM data. The rule with OSM is you have to do it yourself, or use an open data set. So pretty much anyone can use it. Google used several of the major commercial data providers for a while, not sure if they own everything in-house at this point.
Re: (Score:2)
Re: (Score:2)
The psychosis of Slashdot (Score:2, Insightful)
Just to be clear, you're criticizing the fact that you believe someone will post something well thought-out and sourced with links. The horror!
Notice how the very first post to this negative story on Google is a defensive, accusatory post intended to distract people from the story by turning everyone against anyone who will be critical of Google. You don't like the position someone will take on Google, and so that automati
Re: (Score:2, Informative)
Re: (Score:2)
I, too, have posted things critical of Google in the past and had this same anonymous person track all my posts.
This is a real problem. Slashdot should be limiting the number of downvotes someone can give another user's posts within a time period. There's clearly assholes who just go through someone's history downvoting everything because of some perceived affront to their delicate sensibilities.
Re: (Score:2, Insightful)
They stalk you because you are loved.
But let's be honest, looking at your post history, one would expect you to insert a Google bash here.
Re: (Score:3)
Sorry but isn't some Google bashing due here? And for that matter MS and FB don't figure here so why would you expect them to get mentioned? Predicting reasonable reactions doesn't make them trollish, just predictable.
Anyway if we wanted to know if this TechGuys is a MS/FB shill wouldn't it be enough to ask him: "Hey TechGuys, do you think MS/FB behave ethically?". Anything other than a negative would indicate such.
Re: (Score:2)
"Hey TechGuys, do you think MS/FB behave ethically?". Anything other than a negative would indicate such.
LOL! OK, you ask him, see if he answers.
Re:Warning (Score:4, Insightful)
Re: (Score:2)
How is this kind of shilling not illegal?
Yeah, any criticism of Google can only be by a paid shill. Just fuck off. I am getting fed up with the shrill chorus of "shill! shill!" on slashdot everytime anyone criticises Google or Apple, or makes a comment about Microsoft that doesn't equate them with Satan
Also, I love how on slashdot everyone defends the absolute freedom of speech for neo-Nazis to dress themselves up in SS uniforms and call for racist genocide or whatever, but as soon as someone criticises poor little Google, that speech should
Re: (Score:2)