OpenStreetMap Enhances User Privacy | STAGING: OpenStreetMap Blog

Today, OpenStreetMap has enabled encryption (SSL) to all of the openstreetmap.org website, thereby enhancing the privacy of its users.

You can now browse the site at https://openstreetmap.org (note the ‘https’). This means your browsing activity is secure from snooping.

OpenStreetMap stands with the Open Rights Group and the Electronic Frontier Foundation in asserting greater Internet freedom, including the right to individual privacy. With this action providing the highest quality Free/Open Data Geographic resource to everyone.

We are proud to roll this out on the same day as the “Day We Fight Back” campaign.

Other aspects of privacy around OpenStreetMap are discussed on this wiki page.

This post is also available in: Japanese

32 thoughts on “OpenStreetMap Enhances User Privacy”

Eric G. February 11, 2014 at 20:13

I wonder how much it impacts tile servers performance. We’ll see with munin graphs.

Grant Slater Post authorFebruary 11, 2014 at 20:16

Eric we tested the tile traffic over the last few days first 5% then 20% and the impact was minimal. We also upgraded the web frontends.

Richard February 11, 2014 at 21:07

Nice addition to https://OpenStreetMap.org Thank you, sysadmins.

chtfn February 12, 2014 at 01:30

Good on you! Thank you for that!

Susan H February 12, 2014 at 10:42

Susan H

It’s great to see SSL/TLS on OSM

It’s a great pity you didn’t also enable Forward Secrecy at the same time.

Is there any reason why FS wasn’t enabled? Are there any plans to enabled it in the future?

https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.openstreetmap.org%2F

PFS February 12, 2014 at 22:31

Forward Secrecy is enabled.
Grant Slater Post authorFebruary 13, 2014 at 16:24

We have now enabled PFS for additional clients.
1. Susan H February 14, 2014 at 19:46
  
  Excellent. Thank you, thank you, thank you 🙂

Ivan February 12, 2014 at 11:26

Great news.

I’m using the HTTPS Everywhere extension for my browser. But when i log in to OSM it doesn’t automatically redirects me to https:// as it does with other websites, any body knows why?

Adam February 12, 2014 at 17:48

Apparently, a ruleset for a site needs to exist:

https://www.eff.org/https-everywhere/rulesets
1. Nick February 19, 2014 at 05:43
  
  Looks like the updated ruleset is already in progress here, and should be in HTTPS Everywhere once that pull request is merged (which is likely to be after the next major release):
  https://github.com/EFForg/https-everywhere/pull/158

Niemand February 12, 2014 at 15:12

Is anyone else able to see the map? I’m not. It puts up the frame, chugs awhile as though it’s populating the viewport with tiles, and then stops. I’ve tried http and https, re-scaled up and down, but just get the same non-response response. Google maps work as per usual, so it’s not a general problem.

Hannes February 12, 2014 at 16:35

Please try again with all browser add-on/extensions disabled.
1. Niemand February 12, 2014 at 17:24
  
  Now it loads. Someone must have done something to fix it, because it wasn’t loading either on this system or my laptop when I posted.

Pingback: LibraryThing Begins Using SSL Encryption on All Pages that Ask for Private Data | LJ INFOdocket

Marek Kleciak February 13, 2014 at 07:35

Please compare also Here maps…
http://here.com/43.4043133,39.958024,16,0,0,normal.day

:o))

Aury88 February 13, 2014 at 12:19

Hi! this is a good news, but i had a problem accessing https://blogs.openstreetmap.org.
firefox say:
blogs.openstreetmap.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for smcdonald.vm.bytemark.co.uk (Error code: sec_error_untrusted_issuer)
there is no problem with http://blogs.openstreetmap.org.

Regards,
aury

Grant Slater Post authorFebruary 13, 2014 at 16:26

This announcement in only for http://www.openstreetmap.org. We are gradually rolling out SSL support to additional sites. eg: taginfo.openstreetmap.org is next.
1. Aury88 February 14, 2014 at 07:34
  
  ah, ok!
  thx

ben February 13, 2014 at 13:34

Thx !!!!!!!!!!!

ButterflyOfFire February 19, 2014 at 22:28

Merci 🙂
It Works!

ron February 23, 2014 at 21:51

Err, why is THIS BLOG post software NOT accessible with HTTPS? 🙁

HarryWood February 24, 2014 at 10:02

Because it takes time to set these thing up. See Grant’s comment above. Presumably HTTPS enthusiasts will be pleased that they’ve started with the main things first (the main OpenStreetMap.org site and map tiles)
Grant Slater Post authorFebruary 25, 2014 at 07:41

This was already in the pipeline. Please be polite. SSL is now enabled on staging.blog.openstreetmap.org.

Spoony February 26, 2014 at 11:01

Hi! On the HTTPS page, the function “Edit > Edit with Remote
Control (JOSM or Merkaartor)” doesn’t work anymore with JOSM on my
Windows 7 system.
Can anybody confirm this?

Grant Slater Post authorFebruary 26, 2014 at 11:05

Yes it is broken and is a known issue. A poor workaround is to switch back to http:// after login.

derstefan February 28, 2014 at 10:41

Thank you very much for the encryption. Is there any way to redirect visitors (of the www web interface) to https? In my opinion the web interface should be encrypted by default. Due to the valid certificate this should not cause any trouble to normal users.

Grant Slater Post authorFebruary 28, 2014 at 14:49

Once logged in you will remain in HTTPS. There are no immediate plans to redirect all site visitors to HTTPS. Consider using the https-everywhere extension once this https://github.com/EFForg/https-everywhere/pull/158 pull request has been applied.