Attribution: Is it time to name and shame?

OpenStreetMap is the global, open and free map dataset that anyone can use. It is created by a huge community of volunteers who pour their time and energy in to the project. It’s also fun, beautiful and cool.

So it’s sad that people don’t want to respect the license. It asks two very simple things:

  1. Please say you’re using OSM. This is very simple.
  2. If you change the map, please give the changes back. This is called “share-alike”.

Compared to paying a lot of money for incredibly license-restricted data, you’d think people would be ok with these requirements.

Sadly, this isn’t the case.

There are those who are now willfully disregarding our tiny little requirements. It’s being framed as some gigantic and unreasonable proposition, asking to say where the data came from or giving data back when you fix things. As if it’s completely bananas to ask such a thing. As if Linux or Wikipedia should be disaster ghost towns while asking for exactly the same thing of their users.

This is just baloney. The real comparison should be; if you don’t like the license you’re free to use expensive and complicatedly-license data. That’s your option. Those guys are just a phone call away, and will be happy to sell you data. You’d probably find that they have very strong attribution requirements, just like OSM does.

It is the ultimate disrespect to the volunteers who built the data to not even attribute their contributions. It’s even worse that there are some who’re trying to also own OSM for themselves by taking away the share-alike requirement.

Is the license perfect? I’m afraid not. Specifically we need more clarification around the technical implementation and use of geocodes, especially in relation to other datasets. It’s hard today to technically comply with some of those edge cases.

But that’s not what we’re talking about. We’re speaking here about the simple ask, that if you use OSM you please say clearly on the map that it is OSM. You’re getting a great dataset, for free, under an open license, that millions of people are contributing to. We’re not asking for $100,000 license fees, we’re just asking that you say who we are.

It’s the ultimate human need; I was here. I did this.

How could you deny people that?

Apparently, easily and willfully. People within the OSM community have been frustrated and trying to fix it for some time. If we were a proprietary map supplier we’d revoke a license or jump to legal options.

We are much nicer than that. I propose a four stage plan, organized on OSM’s legal mailing list and tracked on the wiki:

  1. A polite email, linking to our requirements
  2. A week later: Another polite email, warning of what’s to come.
  3. A week later: Another polite email, same as above
  4. A week later: Very public naming and shaming on OSMs various social media channels and blogs

Most people who miss our requirements are making a simple error. This is a process that gives three opportunities and an entire month to correct the mistake. This is not a brand new idea or process. The FSF and others have named & shamed (and have even went further) for GPL violations in the past.

In a narrow way, this all a good thing. It shows the growth and maturity of the project, that there are those out there that want to own it or take all the advantages without even saying where the data came from. But in the end, we have to defend ourselves for what little, tiny things we ask.

10 Responses to Attribution: Is it time to name and shame?

  1. AndiG88 April 28, 2014 at 1:22 pm #

    While I agree I also think we should make it easier… does not make it very clear what the difference between a printout, a screenshot and embedding is.

    When do you have to link? When do you have to use (CC BY-SA)? When ODbL? Does everybody know what MapTiles or Data Form exactly is?

    What the page needs is a embedding template like here

    As well as a credit preset like “© OpenStreetMap contributors (CC BY-SA)” and explain when you have to use which one. Maybe even have a (CC BY-SA) code template.

    Of course this does not excuse anybody, especially not companies, but I would say the lack of (CC BY-SA) usage is mostly due the the wording on that page.
    >>> How to credit OpenStreetMap: We require that you use the credit “© OpenStreetMap contributors”. <<<

    I would also like to see some kind of tool on that makes it easier to take screenshots with the right attribution or at least a "screenshot" mode. Right now I always have to open it with image software to add the credit, especially as (CC BY-SA) is never going to be there.

  2. BrendanH April 28, 2014 at 2:55 pm #

    I’m almost inadvertently a user of OSM, in a small site at, e.g.,

    If it weren’t for the fact that leaflet.js goes out of its way to build in the acknowledgement, I could well have overlooked it.

  3. detlevN April 29, 2014 at 1:17 am #

    I think in many cases the reason for this behavior is to increase profit. While today many, many customers are not willing to pay sufficient fees (this seems to be true all around the world), small contractors and GIS freelancers are underbidding each other.

    To work with hacked software and to use data in an unfrankly way can help to save a small amount of investment and to place the lowest bid. Since most service providers must claim that their work is free of legal rights others, they cannot attribute to OSM. It is easier and safer to violate OSMs “share-alike” than to hack e.g. NavTec or to buy data from state authorities and to use this as you like.

    I like OSM very much, the idea and the outcome. But from a professional point of view I think, the availability of world wide very detailed geodata for free is one more reason for the decreasing willingness to pay for services.

  4. Simon Avery April 29, 2014 at 1:18 am #

    Yes, absolutely you should. They’re abusing this because there’s no reason not to. One of the reasons you should is to remove perceived stigma about free software and open licences, and that stigma is often at board level sadly.

    However – your three-email-and-act route is not sensible.

    Firstly, you need more than a week to respond to a contact of this severity. If you don’t give sufficient time, you are not being reasonable and will make them instantly defensive.

    Secondly, emails are unreliable for legal process, or more likely will go to the wrong person. Recorded delivery letters sent as well as an email are better.

    I would suggest,

    0. Talk to a lawyer to ensure that stage 3 isn’t likely to involve you in expensive legal issues. I haven’t tried to look at OSM’s finances but if these are big companies, it’s not impossibly they will respond with an attempt to cripple you.

    1. Private contact by email and recorded letter pointing out their breach of T&C’s, outlining their responsibilities and ask for a response within no less than 2 and no more than 4 weeks of that date. Don’t set a timescale for negotiation – this sort of thing is Board Level and some only meet monthly or even longer apart. Keep communication open for as long as neccessary, only progressing to #2 if it stops for more than 30 days.

    2. If no response to the above. Second email and letter repeating the details of #1 and the same timescales, but with stronger language and only now mentioning details of what your intentions are should they not respond within 30 calendar days. If this is not your first shaming, link to an example of negative publicity you’ve done so far. For this reason it may be best not to start with your biggest guy. Once this has momentum, some companies will probably fall into line without your asking.

    3. Notify them by email and letter that you are acting, and give them some way of stopping the negative publicity by telling you they intend to comply and that you’ll publish an announcement of their good intent if you do (Always give an out). Then act and make it very public. Acknowledge some of the user comments who tell you they’ll boycott this company’s products but not in a spiteful way. Feed them to your press outlets and milk the first few for all they’re worth.

    Good luck!

  5. Dragnucs April 29, 2014 at 8:15 am #

    Just give them two weeks. One month is too long.

    Also start writing the related blog posts, so they are ready for us to publish on the day after.

  6. NeuroG April 29, 2014 at 9:26 am #

    You probably also want to have an official policy for the case where the user responds to one of your emails with a request for some time in order to implement the changes. Some will do so in bad faith, while others will actually need time (overworked developers and such). Having an official policy (say, an additional month or two), before such a request occurs, may allow things run smoother. Good luck.

  7. grin April 30, 2014 at 2:12 am #

    In my experience there are two kinds.

    One is where they simply forgot to provide credit, or they never heard or thought about “licenses” (for you it may sound funny but majority of the population doesn’t quite know what’s the difference between Creative Commons, Google Maps TOS and a peeled banana). These usually respond well to the polite requests, if not always immediately.

    The other is doing it deliberately, either because they believe that volunteers would never be able to pay a lawyer to sue their asses off, because they genuinely want to lie that it’s their work, because they’re afraid what might happen if people would know they’re using free sources, because they don’t give a shit about ethics, because it’s their business model or all of the above. In this case they usually either don’t react on the requests. In these escalated cases (where they don’t even react on other-than-email requests) I’d really think about looking for a pro-bono lawyer specialising in software licenses and let him/her convince them otherwise and keep whatever money he wins by the case.

  8. Shane Curcuru May 1, 2014 at 4:14 pm #

    Indeed, you absolutely should do this. But caution and care with how you do it is critical. Some lessons from managing the Apache brand (yes, over at the ASF, with 149 projects) include:

    – Have clear documentation. Sounds like you already have a clear license with the data, etc., but ensuring your human-readable About pages or the like clearly point at the license and talk about why it’s important is a good thing.

    – Have clear governance. Make sure that whoever’s doing this is doing it in their role for your organization, not just a bunch of contributors doing it vigilante (as satisfying as that is, it’s not as effective as official letters with a VP / Director / Whatever title from the organization is).

    – Start privately, with clear and polite demands. Starting privately allows everyone to save face, and also gets much better results from the people you contact.

    – Email them again privately. A reasonable amount of discussion really helps get any third party with a bone of decency to see the error and make changes.

    – Allow plenty of time. Patience – several weeks at least – is helpful. Again, some of these people are decent at heart, and that gives them a chance to shape up.

    – If that fails, then yes: absolutely name them publicly. Talk it up, get people to really point out how they’re stealing your stuff, and all you’re asking for is recognition.

    – Have a plan – presumably a private one from your governance board – about when and how you’d consider legal action in case of refusal. Note: finding a pro bono counsel to simply send a legal-sounding Cease & Desist letter, on legal letterhead, is a big stick to many corporations. Where your email may not get their attention, C&D letters almost always get sent to the legal department, and their lawyers usually make them pay attention.

    Good luck. Some tips I have for brand enforcement – which is a little bit similar – are here:


  1. 57 :: Keeping out of the way and More Open – Why It’s Time To Drop Share-Alike - April 28, 2014

    […] It may just be coincidence, but today Steve Coast published a post reaffirming the need for OSM to retain it’s sharealike license and to furthermore, name and shame offenders who use the data and not give back. […]

  2. Attribuzione: È arrivata l’ora di fare i nomi di chi sgarra? | OpenStreetMap - April 29, 2014

    […] da Steve Coast, tradotto da Simone Cortesi, Leonardo Frassetto, Fabrizio Tambussa e Andrea […]

Powered by WordPress. Designed by WooThemes