High-ranking members of the OpenStreetMap project — an open source mapping project that competes with Google Maps — have claimed that user accounts attached to a range of Google internet addresses in India have been maliciously tampering with its data.
Google said that two people behind the accounts were contractors using machines on Google’s network, but a spokesperson for the search giant added that these contractors were “acting on their own behalf.” The spokesperson also said that the contractors are “no longer working on Google projects.”
The accusation from OpenStreet Map follows a widely reported incident in which users behind a Google IP address in India were caught scraping data from a Kenyan online business directory called Mocality. Last week, Google apologized for the incident. Then, on Monday evening, Mikel Maron, an OpenStreetMap (OSM) board member, told Wired that users had been vandalizing OpenStreetMap from the same IP address range in India.
After Maron spoke with Wired, he, project founder Steve Coast, and OSM sysadmin Grant Slater published a blog post making the same accusation, saying that two accounts behind the IP address range had been deleting map data, reversing the direction of one-way streets, and maliciously altering other information since Thursday of last week. Mocality’s blog post appeared on Friday.
After Maron, Coast, and Slater made the accusation, another member of the OSM project, sysadmin Tom Hughes, downplayed the situation in a comment to their blog post. “The board of OSMF are making mountains out of tiny pimples here,” Hughes said. “It seems that they want this to be some sort of organized corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behavior.
“The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits.” In their blog post, Maron, Coast, and Slater said that the project is still examining the user accounts in question in order to locate all malicious edits and that the analysis will take some time.
Much like Wikipedia, OpenStreetMap is a crowd-sourced project, meaning that anyone can edit its data. The project is run by a UK-based non-profit, but it receives money, hardware, and data from Google Maps rivals Microsoft and the AOL-owned MapQuest. Steve Coast, the founder of OSM, is now on the payroll at Microsoft as a member of the team that builds the mobile version of Bing, Microsoft’s search engine.
Maron told Wired that the OSM braintrust noticed the vandalism last Thursday. In a standard procedure used when malicious alterations are suspected, OSM placed a stop on the account the next day, attempting to verify that the user is a real person and that he or she understands the open-source nature of OSM. Maron said that the stop was acknowledged early Monday — and that the user then continued to vandalize mapping data. Maron said that this was caught within a few hours, and that the system administrator then noticed that the user’s IP address was in the same range as the address Mocality had identified.
“That was what actually grabbed our attention,” Maron said.
Mocality, an outfit that relies on similar crowd-sourcing, accused Google of scraping its data and lying to customers about its relationship with Mocality. Mocality said that at least some of the scraping came from a Google IP address in India, and Google later apologized and said it was investigating.
According to Maron, OSM found that over the past year, the open source project was accessed at least 102 thousand times from at least 17 accounts attached to this same IP address range. In earlier years, like Microsoft and MapQuest, Google officially contributed data to the OSM project, and it has sponsored OSM’s annual conference. But it has not officially supplied data since June.