At least "against their wishes" or "without their permission" is missing, right now posting "I live in Poland" would be violation of that rule.

All of the behaviors listed are "against their wishes", but I'd be happy to explicitly state this if it's felt necessary for this specific bullet item.

All of the behaviors listed are "against their wishes",

"Bullying or systematic harassment" is inherently problematic, while

Revealing private, identifying, or locating information about a user.

is more problematic as various form of that would be perfectly fine. For example in many cases it would be fine to mention that someone died (say, when removing maintainer from list), or mentioning someones region for context.

In different situation revealing the same info (even the same sentence!) could be a wretched unacceptable attack.

Maybe "threatening remarks" could actually cover this?

Thanks for the feedback, I'd propose as alternate language:

Disclosing private, identifying, or locating information about a user without their consent.

Note that in some cases implicit consent or consent of someone else may be good enough, see

For example in many cases it would be fine to mention that someone died (say, when removing maintainer from list)

example

And sorry, I have no better idea that would not have terrible problems or would be better

Remember that the maintainers are the ones to adjudicate complaints, so the solution to obviously absurd interpretations is to not interpret the CoC in an absurd way.

While i don't see any additional problems with the suggested change that do not already exist in the current content of the document (problems which i have discussed countless times so no need to reiterate once again here) i would like to point out clearly something that some people here seem to be unaware of.

Attempting to use rule lawyering on the vague negative formulations in that document to try to impose your cultural behavior standards on people active on this project is not a good idea. This project is governed by consensus of the maintainers. And all the maintainers here are experienced people. My impression is that most of us subscribe to the principle that was coined here to appeal to morality rather than trying to instill it. We will make decisions here under this principle rather that bowing to people loudly shouting "Bob did foo and foo is forbidden by your rules so Bob needs go stand in corner for an hour and write a hundred times I shall not do foo".

Like any other document in this repository CODE_OF_CONDUCT.md should reflect the de facto reality of the project rather than someone's wishful thinking. For this purpose it would IMO be a good idea to focus more on the positive, supporting parts of the document and provide better guidance to the diverse potential and actual contributors how to ensure a productive and pleasant interaction (which is what most people here attempt to do every day). As @matkoniecz has pointed out on several occasions the amount of insults and disrespect and the demanding attitude the maintainers have to endure from people not even interested in substantially contributing to the project is quite significant - yet we do not react to that by constantly waving with a rules document but try to be kind and understanding, even to such people, and explain, often again and again on multiple occasions, why things are the way they are and how we come to our decisions.

And we want to keep it that way, we want people from all cultural backgrounds, who bring in a minimum amount of good will, tolerance, kindness and understanding, to be able to contribute here without constantly living in fear and preemptively censoring their comments to ensure they don't run into conflict with a rule document with vague rules that are likely interpreted to their disadvantage in the end.

Remember that the maintainers are the ones to adjudicate complaints, so the solution to obviously absurd interpretations is to not interpret the CoC in an absurd way.

Having specific rules that directly forbid something not problematic is clearly worse than general rules subject to interpretation or lack of CoC.

"this rule bans normal acceptable activity but usually we do not enforce it" is not a good method, so in the current form I am unhappy about this phrasing.

How other projects dealt with banning such things? Are there cases of phrasing that bans doxxing without banning legitimate activity?

Below the header is a list of mentions of doxxing that I found in other projects/platforms, in the order that I found them on Google. The most common text appears to be something close to:

• posting (or threatening to post) other people’s personally identifying information (“doxxing”)

References

Source: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx

posting (or threatening to post) other people’s personally identifying information (“doxxing”)

Source: https://meta.wikimedia.org/wiki/Universal_Code_of_Conduct

Disclosure of personal data (Doxing): sharing other contributors' private information, such as name, place of employment, physical or email address without their explicit consent either on the Wikimedia projects or elsewhere, or sharing information concerning their Wikimedia activity outside the projects.

Source: https://puppet.com/community/community-guidelines/

doxxing

Source: https://inclusivenaming.org/code-of-conduct/

Doxxing, or publication of private communication or private information without consent of the and with the intent to embarrass or harass.

Source: https://etsy.github.io/codeofconduct.html

Engaging in inflammatory debates, doxxing or trolling, regardless of subject.

Source: https://www.elastic.co/community/codeofconduct

posting or threatening to post other people's personally identifying information ("doxxing") online.

Source: https://www.mozilla.org/en-US/about/governance/policies/participation/

posting or threatening to post other people’s personally identifying information (“doxxing”) online.

Source: https://www.islandora.ca/code-of-conduct

Posting (or threatening to post) other people’s personally identifying information (“doxxing”)

Source: https://escapeartists.net/code-of-conduct/

Stalking, doxxing, or publishing private information

Source: https://deep.idrc.ocadu.ca/code-of-conduct/

posting or threatening to post other people’s personally identifying information (“doxxing”) online.

Source: http://seattlecomposers.org/sca-code-of-conduct/

Posting or threatening to post other people’s personally identifying information ("doxxing").

Source: https://playvalorant.com/en-us/news/announcements/valorant-community-code/

Don’t share personal information with strangers. Also, don’t share anyone else’s information. We have a zero tolerance policy for doxxing on our platform.

Source: https://www.freebsd.org/internal/code-of-conduct/

Posting (or threatening to post) other people’s personally identifying information ("doxing").

Source: https://www.mautic.org/code-of-conduct

posting or threatening to post other people’s personally identifying information (“doxxing”) online.

Attempting to use rule lawyering on the vague negative formulations in that document to try to impose your cultural behavior standards on people active on this project is not a good idea.

I find it hard to believe there's cultural differences in what constants sharing of private information without someone's consent. Even if there was though, the particulars of things like that should and are bound to follow a "Western" definition of doxing since that's how this website and OpenStreetMap's etiquette guidelines define it. I image it would be extremely untenable in the long-term to have etiquette guidelines that aren't at least in some way in line with the rules of both projects. Otherwise, your just asking for potential problems down the line.

In the meantime I'm sure people from other cultures will be given a chance to understand the rules and have any unclear parts explained to them before they are put in the corner or whatever. Just don't be an authoritarian about it, but that should be the case regardless of what culture someone who violates the guidelines comes from.

In 40c2ed8, I changed the text to

Posting or threatening to post other people’s personally identifying information ("doxxing")

...which appears to be the most common description from other codes of conduct.

I suggest adding “except as necessary to protect other OSMer or other vulnerable people from intentional abuse” to cover the case where someone knows that someone else is a threat and warning others would “dox” the person. This is in: Geek Feminism CoC, lgbtq in technology slack group

I suggest adding “except as necessary to protect other OSMer or other vulnerable people from intentional abuse” to cover the case where someone knows that someone else is a threat and warning others would “dox” the person.

Not to be pedantic or discredit LGBTQ+ issues, but such wording seems like a slippery slope that would just encourage doxing as long as it's being done for the "right" reasons, and there really shouldn't be any "right" reasons to "dox" someone.

If someone is a serious threat, they should be reported to authorities or at least it should be reported to a "safe" person in the OSM organization. Both of those options are really out of the scope of someone just "doxing" someone in a PR or issue though. In the meantime allowing for special exceptions to the rules just seems like a recipe for retaliation and needless drama. It shouldn't be on the maintainers to assess what constitutes "honest" doxing/threat versus one that isn't anyway.

That said, I'd be interested to know how Geek Feminism CoC and lgbtq in technology slack group has dealt with such situations and how their maintainers determine what's a "legitimate" doxing in such cases and what isn't.

In the past our Code of Conduct closely followed that at https://go.dev/conduct which itself is based on https://www.contributor-covenant.org/version/1/4/code-of-conduct.html [EDIT: actually it was not originally based on this, according to comments below)

See #2289 which originally added it to this repository, and the update in #2503

The linked CoC examples above now include:

"Examples of unacceptable behavior by participants include:

The use of sexualized language or imagery and unwelcome sexual attention or advances
Trolling, insulting/derogatory comments, and personal or political attacks
Public or private harassment
Publishing others’ private information, such as a physical or electronic address, without explicit permission
Other conduct which could reasonably be considered inappropriate in a professional setting”

@ZeLonewolf are there any other changes to https://www.contributor-covenant.org/version/1/4/code-of-conduct/ which should be adopted here?

[EDIT: based on following comment, it appears that it was intentional that our document did not include these examples]

let's fix the other side of the problem,
ie could we put a note ( ~ polite warning) on the .github/issue_template.md ?

Now:

• "Links and screenshots illustrating the problem"

Proposal:

• "Links and screenshots illustrating the problem"
  • "Reminder: Please don't give your own living environment as an example, as it is very easy to see from the geometry where the example is ... please protect your private data. "

or just:

• "Links and screenshots illustrating the problem and not related to your private data"

let's fix the other side of the problem,
ie could we put a note ( ~ polite warning) on the .github/issue_template.md ?

Thanks @ImreSamu, I've added this hint in dde058f

@ZeLonewolf are there any other changes to https://www.contributor-covenant.org/version/1/4/code-of-conduct/ which should be adopted here?

Thanks @jeisenbe for the history and links. The Contributor Covenant uses different language, but on review, points from that CoC that don't seem to be called out, but which we might consider including in some form are:

Examples of unwanted behavior:

• Conduct which could reasonably be considered inappropriate in a professional setting
• Trolling

Examples of wanted behavior:

• Gracefully accepting constructive criticism

On Wed, 01 Jun 2022 10:43 +02:00, Adamant36 @.***> wrote: If someone is a serious threat … it should be reported to a "safe" person in the OSM organization.

That's doxxing. You're talking about doxxing. Imagine you're aware a contributor has a track record of stealing money from other organisations, but is operating under a pseudonym in OSM. With my suggestion, you're allowed give the personal info of the person to a “safe person in OSM” (i.e. you can doxx them). Without, your task is much harder.
-- Amanda

No, it isn't. A private/confidential report is not doxxing. Doxxing is a public disclosure of someone's private information. Please don't mix these up.

@pnorman any chance of this being included in v5.5.0? I know it's not critical to the style, but I'd hate to see it get put on the back burner until whenever the next release happens regardless of it is or not.

@pnorman any chance of this being included in v5.5.0? I know it's not critical to the style, but I'd hate to see it get put on the back burner until whenever the next release happens regardless of it is or not.

This requires thought and reviews. Because this would go in effect when it gets merged, not needing to wait for a release, I'm not considering release schedules when looking at if it's ready to merge.