Hello Frederik,
upon starting JOSM I was greeted by, among other things, messages that
loaded content from "wikidata.org" and "sophox.org".
I have not actively enabled something that would make these queries, nor
have I been asked for my consent to transmit the fact that someone is
using JOSM at this IP number to wikidata.org or sophox.org.
As Vincent already said this is a temporary situation and will be changed.
I can understand that if I load Ilya's geochat plugin it will phone home
to Ilya's server, or if I enable certain imagery layers they will load
data from the imagery server. Also it is clear that JOSM will access the
OSM and JOSM servers. But I think that we should not add random third
party web sites that are under control of neither OSMF nor the JOSM team
to the mix without explaining this to the user and asking for their consent.
JOSM allows to access really a lot of different web resources
* tag specific web sites
* OSM wiki
* JOSM server
* OSM SVN
* plugin/presets/style/rules files and embedded elements (icons)
* maps and map icons.
I try to keep it in a way, so that any connects not going to the JOSM
or OSM API server somehow must be initially user-initiated (which is not
100% true ATM, as e.g. maps icons are fetched (and cached) even if you not
actively add a maps). And probably I also overlook something.
Would it perhaps make sense to build a generic "consent to access server
X" feature into the JOSM core, and anyone - whether core or plugin -
would then have to acquire user consent once before accessing a remote
resource?
I fear that would only be annoying like these famous cookie requests
nowadays. And for plugins it would not be possible to enforce. JOSM is
designed to be an online software and it's not so easy to prevent that
without loosing much of what JOSM is.
Anyway I created ticket https://josm.openstreetmap.de/ticket/18712 for a
bit more control.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
