Google IP Vandalizing OpenStreetMap

Last week Mocality, a Kenyan business data startup, caught Google scraping their data and the post made it to boing boing. Mocality tracked this down with some analysis of their logs and a sting operation, even recording phone calls that Google staff made which contained false information. Google have apologized and the incident looked closed, at least from the outside.
 
Unfortunately we have to report something similar is still happening to us from the same source.
 
Preliminary results show users from Google IP address ranges in India deleting, moving and abusing OSM data including subtle edits like reversing one-way streets.

Two OpenStreetMap accounts have been vandalizing OSM in London, New York and elsewhere from Google’s IP address, the same address in India reported by Mocality.

The most obvious vandalism started around last Thursday last week from these particular users however it may take us some time to do a full analysis. In fact over the last year we have had over 102 thousand hits on OSM using at least 17 accounts from this Google IP.

These actions are somewhat baffling given our past good relationship with Google which has included donations and Summer of Code work. As a community we take the quality of our data extremely seriously and look forward to an explanation from Google and an undertaking to not allow this kind of thing to happen in the future.

Mikel Maron, OSMF board member, mikel@osmfoundation.org
Grant Slater, OSM Sysadmin, grant@osmfoundation.org
Steve Coast, OSM Founder, chairman@osmfoundation.org

—————–

Update 17th Jan 2012 5:30pm GMT
We’ve had many questions since this was posted and wanted to fill in some blanks.
 
Why was the post made? As an open community we respect the privacy of our members. We have to draw a line somewhere between open and closed communications not being available to community members. It was felt on balance that making the minimum facts public was the right thing to do.
 
What more details can we share? The source IP range: 74.125.63.* and two of the investigated accounts are: http://www.openstreetmap.org/user/kane123 (This user was blocked for a day on Friday… and they continued vandalising on Monday after being made aware of their bad edits Source: http://www.openstreetmap.org/user_blocks/79 ) and http://www.openstreetmap.org/user/sanganabongina 
 
Do you have an example of malicious data? Yes, here: http://www.openstreetmap.org/browse/changeset/10375538 (London), http://www.openstreetmap.org/browse/changeset/10375581 (New York City) where a user from that IP address modified one way streets [reversed and deleted]. Here: http://www.openstreetmap.org/browse/way/145893931/history where a user added a fake Olympic stadium.

Have we spoken to Google? We are talking to Google and sharing all the information we have.

Do we know if this was a coordinated activity? No. We simply know the IP address and the accounts and edit information, we’re not implying a grand conspiracy. The edits were made over many hours over multiple days – nothing that would happen as an accident by a new user.

When and how is vandalism escalated? – Our vandalism policy is here: http://wiki.openstreetmap.org/wiki/Vandalism

Was this all overblown? As a very diverse and large community of over 500,000 user accounts we have a wide set of opinions even amongst the key people running OSM. This is welcomed and every member of our community is free to speak about how they see things.

36 thoughts on “Google IP Vandalizing OpenStreetMap

  1. Diomas

    Hope, you did revert vandalism changesets first, before waiting any explanations from google. Otherwize, please, tell changeset IDs

  2. F2

    There are close to 30,000 employees at Google, and you tracked down this to a single IP address. Perhaps, rather than seeking publicity, you should contact Google with the information so they can track down this rascal. Apparently, you instead prefer to write official statements and imply conspiracy — as if a real conspiracy would be carried out from Google’s own IP netblock! Please.Vandalism is unacceptable, but your response to it is quickly losing you the moral high ground.-F2

  3. Stephen

    @F2 It’s more likely that a specific Google office somewhere has a specific Google owned IP address, and all workstations are behind a Router doing NAT.

  4. Joe

    @F2 What a joke. If Google can’t keep its employees from vandalizing stuff, they /deserve/ the bad PR. It’s the same for any business. If a business employs a few scumbags, everyone knows that it’s just a few scumbags, sure, but it’s still the business’s job to fire them, publicly apologize, and thereby correct matters. To expect otherwise is absurd. Why do people assume that whenever anyone complains about a large company they’re talking about a conspiracy, and not recognize that the complaint is actually about incompetent or meaningless oversight? Well, as they say, if it’s a question of stupidity or malice, go with stupidity, just like in the above comment.

  5. Tom Hughes

    As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident’ let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.

  6. Tom Hughes

    I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded.

  7. Dbkbali

    Certainly doesn’t look like a post made in a personal capacity, personal posters don’t usually use a title or company name, or use the corporate email!

  8. Tom Hughes

    @!i!Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.Trying to read that as meaning that there have been 100,000 instances of vandalism is completely misleading.

  9. G8

    I see nothing wrong with mentioning Mocality. Seems that it’s all the beginning of Google’s downhill slide in to evilness. I suspect in a year or so, this will be viewed as one of their lesser infractions ;-)

  10. Joseph

    Thanks, do share the details of what you found with the Google Vandalism effort with the broader OSM community

  11. Thomas

    Hopefully you don’t shoot in your foot with that. What if Google returns with the number of accesses to their API that have "JOSM" in the header. Will they blame the whole OSM project as you are doing here with them or would this case only be some misleaded individuals

  12. Darren

    4 links to popular linked Mocality story in first paragraph. One link for evidence for yours claims. Why spend more working linking to the other story than providing evidence for your own problem? Maybe it’s all about SEO link farming, sad use of press to get noticed? If it turns out Google are not involved how will you gain credibility back for this site? Good luck, or good bye.

  13. Are

    Look at all the Google fanboys defending Goog here. They should be shamed for rogue employee behavior, that’s standard practice. That’s why companies have IT policies. Go back to rocking back and forth clutching your Android phones saying ‘Do no evil~ Do no evil~’, this will blow over.I will never understand why kids line up to defend giant corporations they don’t even work for…

  14. efegegesgesgs

    @Are It’s not defending Google, it’s critiquing the authors of this post for this shallow piece of linkbait. It’s entirely implausible that Google would be stupid enough to do this deliberately, and even if they did, more implausible so that they’d do it in such a way that it could be so easily traced back to them.Some low-level employees at Google are being jackasses. Trying to tie it into some grand trend of abuse is stupid.

  15. Zverik

    @efegegesgesgs Exactle the same could be said about Stefan’s post. It seems improbable that Google ordered that attack on a small startup. This will clearly undermine Mocality’s local reputation and could destroy a company, but is just a slight annoyance for OpenStreetMap. That’s the only difference. Google is responsible for actions of its employees. It is public company, and has to deal with consequenses.

  16. Simon Hibbs

    There’s no way this can be claimed to be a private post. For a start it has three bylines – all OSF members. Check out the language:"…we have to report something similar is still happening to us …"Not "to OSM", but "to us".

  17. David

    To be fair, could you provide an analysis of similar acts of vandalism/seemingly intentional errors from IP addresses owned by other major corporations? Microsoft comes to mind, but a healthy sample of several Internet-savvy companies would be useful in deciding whether this is a truly unique event where the fact that it came from Google is significant, or simply a fairly typical vandalism event that happens to originate from an IP address owned by Google (in a sea of vandalism events that happen to originate from many other major corporations). If you find that there are similar events coming from other corporations, are you prepared to amend your statement (and its implications) accordingly?

  18. Ben

    Yeah it just some random Google employees, it has nothing to do with Google.I know Google personally, we just had tea the other day we talked about "don’t be evil" all afternoon.

  19. Zverik

    @stshank, of course "company wasn’t to blame". How can Google admit they authorized an attack on OSM? :) They didn’t of course. It’s just strange that the vandalism continued after Google was informed about kenyan case, and those employees were still accessing Google network and were able to do more harm. It’s like Google wants everyone to just forget about that.

  20. Marian

    I cannot believe Google would be responsible directly for something like this as they are an open supporter of the open source and free web. If a rouge employee did something or a group of them just for fun. That is totally possible and for sure Google will act on it once the culprits have been identified. If it was a 3rd party trying to strike a fight between OSM and Google that is also possible. I think the best thing would be to seas any official statements toward Google until you find undeniable evidence it was them. Not only to protect Google, but to protect yourselves, as if it is proven that it was all a big setup and Google is innocent you will be the ones to suffer for making unsubstantiated statements against them. There are people who can spoof their IP address and make it appear it is coming from what ever IP they like. Have you considered that? I had my servers under attack for a month last year and had suffered severely of down-time and huge bandwidth bills and have yet to find the culprit as the attacks came from a bunch of servers that apparently have been controlled directly even thought nobody had access to them because most likely the culprit spoofed his IP when logging into the attack servers. Now I know the culprit was one of about 300 people who subscribed to one of the sites as one of the servers attacked was only used to send out newsletters so the nobody else could have know the IP except for them. Besides this we have had one person make threats and his info was fake, but we did manage to track him down. We have not made any accusations towards him yet as we cannot prove it was him beyond a shadow of a doubt. My advice: Dig as much as needed to find real incontestable evidence before making a statement.Cheers

  21. Cleberson Pertile

    Guys, I don’t know if this happens already, but how about warning the mappers when some other mapper changes their work?Like "hey, user -abc123 changed your work, want to take a look at it? [Yes] [Later] [No]"

  22. rweait

    Hi Cleberson Pertile,Very often, one contributor will further improve the work of another contributor. This is normal, expected and welcomed; we are all collaborating to make a better geographic data base. So just the fact that an object has been touched again, is insufficient to be worthy of an alert. There are some systems that allow contributors to watch specific areas. Making those systems better, and more selective, is interesting.

Comments are closed.