Privacy Implications for OpenStreetView

I’ve been playing with OpenStreetView in the last couple of days and judging by the responsiveness of their website the word is getting around. Now, having crowds of people recording and uploading their streets obviously presents some privacy issues. I watched the talk they gave at State of the Map US and it is clear that they have particular privacy goals in mind such as blurring faces and licence plates. Their answers to questions indicated that they would like to have a more detailed policy around privacy but they’re not sure what it should be yet. For a project just getting off the ground I think that’s pretty reasonable. However there is a risk of accidentally conducting surveillance and I suspect these issues could become relevant sooner than anyone would like.

Let’s start with something familiar, Google Street View. While they caused their share of anxiety and lawsuits I think it’s fair to say that most people are pretty comfortable with it now. Google has successfully built a product that is really useful while also managing privacy risks effectively.

Here are some reasons I think Google Street View doesn’t make people nervous:

  • Snapshots are a little bit outdated, i.e., internet users can’t see a photo of your house from yesterday.
  • Drivers don’t come past very often and they travel efficient routes. Out of sight, out of mind.
  • Even though Google would have significantly more data internally, the public-facing website only shows a single recent snapshot. (Edit: No longer true, with thanks to the commenter who pointed it out. The intervals appear to be years apart so I suggest it’s still a useful comparison with OSV.)

The end result is a product where you can effectively teleport yourself to any public road, look around and see what’s there. This is no different from what you could do if you travelled there yourself. That’s essentially why I think people are cool with it.

Now OpenStreetView doesn’t have spiffy 360˚ cameras (yet) or Google’s resources but already it has privacy risks that go far beyond what you can do with Google Street View.

Photographic surveying begins to feel more like surveillance when one of two things happens: either you observe the same location again and again, or you observe the same person (in different locations) again and again. The time interval between observations is the important thing. If you take photos of a building every day you’re inevitably going to learn things about the people who live there. This sort of thing makes me nervous about my privacy and I expect it would be the same for others.

The point of OpenStreetView is that there are lots of people doing it. If participants start recording every time they hop in the car it’s possible that there could be one of these cameras zooming down the main roads of San Francisco every hour. As the density of recordings increases it will become increasingly possible to track the activities of people, cars, businesses and homes. In its current form you can look at individual tracks on OSV and access every image if you wish so I expect this would be totally possible.

However, OpenStreetView is specifically dedicated to improving the quality of OSM data. While sometimes it would be useful to get multiple perspectives on a location it seems unnecessary to have an enormous range of pictures. For example they could filter out ones with poor lighting, poor focus, or those that are simply old. The point is they have some options for obscuring or limiting the presented data without compromising the project’s goals.

Then there is the fact that the uploaded images are available basically in realtime. Unless there is a humanitarian need I think it would make sense to block access to tracks for a random time period, maybe up to a month. When the images do become available they could fudge the timestamps by ±1 week so that it’s not easily possible to organise them into a time series.

These are just a couple of examples to demonstrate that their dedication to openness could also be a privacy liability. When you combine the data from a large number of people acting altruistically and legally you can make things possible that were never intended. I look forward to seeing how they go about it, and also the creative alternative uses people come up with for the photographs.

Aside from these wider issues a couple of niggles mean that I’m not going to upload any more tracks for now. So far none of my uploads have had any blurring applied. They seem to be publicly available unblurred, which is a little annoying. This is possibly because they are still in “processing” state, which has persisted for more than a day now. The manual blur tool is also unavailable so I can’t fix them myself. I owe it to the people whose cars I’ve photographed to make sure they’re relatively anonymised before I add more to the data set.

Archived comments

Daniel Smith says

“Even though Google would have significantly more data internally, the public-facing website only shows a single recent snapshot.”

This isn’t true anymore – you can look into the history on Google Street View, on a quick test I can see 7 different time frames in my local area.

Tom says

Cheers! I missed that change. You must get visits from Google more often – I only have 2007, 2009 and 2015 so I think the point is still sound. I’ve edited the post.

Florin Badita says

As i explained, there are a lot at advantages for this kind of freedom

See slide 30-34

Peter Bremer says

I would suggest you take a look at Same premise, but a lot more content, 70 million photos. (VicRoads, the Roads Corporation of Victoria, is a major contributor, maybe you’ve heard of them.)

And photos are blurred (in a somewhat decent automatic process) before they’re published, and there is a blur editor that is functional.

And support for and a growing number of 360-degree photos.

And their transitions from photo to photo blows Google Streetview out of the water :)