Hacker News new | comments | ask | show | jobs | submit login
Google IP Vandalizing OpenStreetMap [Not a comprehensive post] (opengeodata.org)
233 points by tecoholic on Jan 17, 2012 | hide | past | web | favorite | 39 comments



There’s an interesting comment from Tom Hughes:

“As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.

[ … ]

It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.”


For reference, here is the full comment by Hughes, including his follow up noting the blog post was personal, not representing the official position of OSMF.

Tom Hughes said...

As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate. The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.

It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.

Tom Hughes said...

I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded.


He then went on to say

"I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded."

Drama ahoy.


If the systems admin. of a for profit company left this kind of comment on a board members post would they expect to stay employed at that company?

It may be a non-profit but the board members are still the ultimate bosses above the CEO. Calling your bosses behavior "grossly irresponsible" in public forum seems like it would be career limiting.


He's not getting paid, so I doubt he worries too much about that:

http://www.osmfoundation.org/wiki/Finances/Balance_Sheet_201...


What were Tom's arguments? It would give better perspective than just his conclusion.


"The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

"The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

"That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users."


I think the boards concens and response is fair enough, google employees have an obvious potential conflict of interest if they are vandalizing maps, even if they are acting by their own volition it is still something I would expect Google to take action around and publicly not condone, assuming even the most innocent of circumstance.


This is the user, but I'm having a rough time trying to identify the offending edits: http://www.openstreetmap.org/user/kane123/edits

Has Google released any statement beyond the one that said "We were mortified to learn that a team of people..."?

I'm overly curious on the results from Google's investigation. I can see the connection with Mocality being mentioned, but vandalizing seems odd.

I would venture that this is coincidental.

Pick any branch office of a large enterprise or government and run a search for the IPs they use to access the internet. You'll find vandalism on Wikipedia, ancient guestbook messages, mailing list postings, etc.

I'm certainly not a Google apologist, but this just seems fishy.



If these are the same as the Mocality people, I wonder how long before Google audits and fires them? I also wonder if we'll find out about any more wrongdoing.

Hopefully Google shuts them down soon.


I'm really suspicious of any claim that the top brass at Google honestly knew nothing about it... (What would these employees even have to gain? It's not like they have much to gain if Google's stock goes up, and if they're hiding this from management, they're not getting paid for it.)


Define "top brass". If you're saying some upper-middle management at Google India, possibly. If you're saying that this is being done at the VP level, I think that's a bit tin-hatty for what we've seen so far.

Regardless of whether or not you think Google is strategically sabotaging other projects, I think we can all agree that if it were under the direction of Google's top brass, they would have been smart enough not to use their own IPs. It's not an organization to which one would attribute less technological accumen than your average Wikipedia vandal.


>I'm really suspicious of any claim that the top brass at

>Google honestly knew nothing about it...

If Google Management knew of this, wonder why they would let this happen from Google IP addresses...


Because Google employees generally have latitude to do whatever they want with their Internet connection at work. Even bad OSM edits.

If we start blaming whoever an IP resolves to for vandalism, you're going to find that pretty much every major corporation has vandalized Wikipedia. (When I worked at BAC, our proxy was perma-banned for vandalism.) Not to mention the ISPs; Comcast is a notorious Wikipedia vandal (by this logic).


In a past life, I've vandalized Wikipedia. I did it because it was funny to me and the people around me at the time.

(To be fair, it was John C Dvorak's page. But the point is, I didn't do it for money.)


What would these employees even have to gain?

Should we apply this logic to all open source contributions, and view with suspicion everything that doesn't have a price tag attached?


It could also just be a broken bot. You'd think Google would be smart enough to know not to POST 100k times to an outside service, but it's possible there's someone in the ranks who just doesn't know what they are doing.


The 100,000 hits by 17 accounts took place over a year could be 99.9% valid contributions. They mentioned that number because they have recently noted 2 accounts vandalising and so it's probably wise to check the other interactions in case they are subtle vandalism by the same person/people that went unnoticed at the time but that it'll take time to confirm either way.


According to ReadWriteWeb [1] Google PR responded

We're aware of OpenStreetMap's claims that vandalism of OSM is occurring from accounts originating at a Google IP address. We are investigating the matter and will have more information as soon as possible

[1] http://www.readwriteweb.com/archives/google_osm_vandalism.ph...


The founder of OSM and author of this blog post runs Bing Maps.

I hesitate to bring this up and add to the melodrama -- but people should be aware of the interests of the parties involved.


To be completely fair, the post is signed by three people. The other two are an OSM Sysadmin and an OSMF board member.

I'm not saying that there may not be a conflict of interest, but this post has some support from the board of the foundation.


I can understand Mocality posting on a blog their findings, but this is an awful and not very credible way of make public your accusations.

Look forward to an explaination?... then contact them directly instead of "sand bagging" them (borrowing a colloquialism from Family Guy).


Just curious. How do you know the relevant person to contact in Google (or for that matter any big company) ?

EDIT - I'm genuinely curious. Other than the sales people etc. I could'nt find any relevant details.


In a case like this, that is a bit tricky. This could be Joe (or Jabul) Random Googler in India on a lark. Or it could be something organized, probably at a small level.

Contacting someone in Google Maps might help -- this would at least be a business unit that has some interest in not generating ill will. Google IO is a conference with lot of Googlers. There's a presentation about Google Maps, and if they aren't the right people to talk to, you could probably ask them who a good contact would be: http://www.google.com/events/io/2011/sessions/designing-maps...

That'd be my approach.


PR people are usually a very good contact. News can break 24 hours a day, so they're usually very available. If you're about to spill the beans on something that can be very embarrassing, they will connect you with the right person. If they don't, they're on the hook for cleaning up the mess.

http://www.google.com/press/


I would email abuse@google.com. This is typically how all Internet abuse is handled.

If you want to be particularly thorough, look up the name in abuse.net:

http://abuse.net/lookup.phtml?domain=google.com


You don't need to. Just find someone at the company and ask them to get in touch with the right person.


You mean like google came out about bing copying their results? http://searchengineland.com/google-bing-is-cheating-copying-...


sigh I like how you conveniently left out what ACTUALLY happened. http://searchengineland.com/bing-why-googles-wrong-in-its-ac...


that says they didn't copy results by looking at google directly, but by watching users that use google. With the number of IE users, the difference is only in how they achieved it, not whether they did it.


Bing toolbar users, not IE users. Also, only the result that was clicked was tracked, not all results returned.


> awful and not very credible way of make public your accusations

what would be a more credible way?


Provide actual facts for a start. Currently they are just pointing the finger without any kind of explaination as to how they came to their conclusion.


They are talking about "users from Google IP address ranges". What do you mean by explanation? Do you want to see the actual log files?


I disagree: Actually the best way to get answers from a too-big-to-communicate company like Google is to make the whole process as transparent and out in the open as possible.

Google is notoriously difficult to contact for most people. One of the best ways to get them to respond is to let as many people as possible know about the issue at hand.

Public backlash -> answers.


I've managed to contact a few different organizations in a few different ways.

I'm no fan of Microsoft (check post history), but when I found that a large volume of 419 spam was coming through Hotmail some years back, I looked up their main switchboard number, called, spoke briefly to the receptionist asking for the VP of the related unit (I'd looked up his name). She transferred me to him. He picked up on the first ring. I explained the situation briefly, we spoke for a few minutes, at the end of which he said he'd put me in touch with the guy who could fix things. Fifteen minutes later I was talking with him, and we exchanged information over the next few months as I helped him plug his holes. I am still highly impressed by the professionalism demonstrated at all levels. I'd also worked with Microsoft to resolve a GPL compliance issue (again, directly contacting the appropriate VP) again with minimal fuss.

A southeastern US university IT contractor who's private business was spamming me (and he was denying it) ended up with a series of emails escalating up the academic food chain, ultimately to the university president (.edu websites are, or at least were, wonderfully information rich). I eventually got the response I had hoped I'd get on first contact.

Another issue involving AOL at which numerous attempts to contact them failed. I ended up somewhat crashing (well, I did wrangle a late invite for a brief presentation) at which I presented data, including some which indicated AOL's little problem. Their chief postmaster was present. We talked a bit.

More recently, Yahoo have had issues in severely restricting mail delivery rates to Yahoo's MXs, even for long-existing, SPF/DKIM compliant MTAs. I'd gone endless rounds with their helpdesk and had repeatedly emailed (with no response) their CTO. So I sent a group email to a roster of their top (C-level and senior VP) staff, again with some data indicating issues (pflogsumm delivery stats showing hours of delay) and an introductory text "Gentlemen, you have a problem". That finally got a response in the form of a "Yahoo concierge" who spoke with me a couple of times and sorted the problem (and also promised a review of policies in general, in case anyone else is having issues).

Just a few anecdotes of different ways to get a company's attention. There's no one-size-fits-all approach, so be flexible. I generally try a direct private contact first, but ... well, if that doesn't work, I've got a bag of tricks I can pull out. Public shaming can work, but I'm willing to give the benefit of doubt first.


From http://www.readwriteweb.com/archives/google_osm_vandalism.ph...

Update: Google sent the following statement to ReadWriteWeb on Tuesday morning. "The two people who made these changes were contractors acting on their own behalf while on the Google network. They are no longer working on Google projects."


This story is a little light on details, but the fix however is easy enough: Just rollback all edits by that user.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: