ArsTechnica reports: Late yesterday, users of Snapchat and a number of other applications began to report that the label on in-application maps for New York City had been changed to “Jewtropolis.” That change in data from the mapping developer kit company MapBox had been pulled in from OpenStreetMap—a community-driven mapping project also used by Wikimedia.
The same map data made its way to the real estate application Zillow:
OpenStreetMap has frequently had to deal with data vandalism, rolling back malicious changes to map data by trolls. In one case in 2010, someone created a fictional town of “West Harrisburg” and imported GPS traces for nonexistent streets over what was actually forest and farmland. One vandal with the username MedwedianPresident was recently blocked after committing a series of changes to roadway names and other map details in New York, including changing the name of the Manhattan Bridge to “Ku Klux Klan Highway,” changing the name of Franklin Delano Roosevelt Drive to “Zionist Cannibal Drive,” and renaming the Hugh Carey Tunnel (formerly the Brooklyn Battery Tunnel) to “Adolph Hitler Memorial Tunnel,” among other things.
According to Nelson A. de Oliveira of the OpenStreetMap data working group, the data being displayed by Mapbox-powered applications was very old data. “The problem that you are seeing was caused by a vandalism that happened 20 days ago,” de Oliveira said in an email to Ars. “It was promptly reverted and fixed, but data consumers which, for some reason, are still using an old copy of OSM data, may still display the wrong result.”
A Wikimedia user spotted the same changes on August 11. Wikipedia and other sites based on the Wikimedia platform pull in OpenStreetMap data through Kartographer—an extension based partially on code from Mapbox. An additional change that was caught re-labeled lower Manhattan as ““INSIDE JOB.” Because the map data was cached for a day, the change remained visible on Wikimedia Maps long after OpenStreetMap data administrators had killed the change.
It’s not clear why old vandalized map data was pushed out via Mapbox up until this morning.
Update, 12:20 pm: In a prepared statement sent to press, a Mapbox spokesperson said that Mapbox has “a zero tolerance policy against hate speech and any malicious edits to our maps.” The label change was deleted within an hour. “The malicious edit was made by a source that attempted several other hateful edits,” the spokesperson said. “Our security team has confirmed no additional attempts were successful.”
Mapbox data comes from more than 130 sources, and the Mapbox spokesperson said that the company has “a strong double validation monitoring system.” A machine learning system flagged the change for review; this change was one of more than 70,000 that are flagged on a daily basis, according to the company. “While our AI immediately flagged this,” the spokesperson said, “in the manual part of the review process a human error led to this incident. Security experts are working to determine the exact origin of this malicious hate speech. We apologize to customers and users who were exposed to this disgusting attack.”
This sort of vandalism is a common issue in crowdsourced services—Google, for example, has had to deal with aberrant data submitted by users for Google Translate through its user feedback feature, causing some interesting translation results. One instance changed the translation of the Korean text for “Supreme Leader” to “Mr. Squidward” in one case; another translated multiple instances of the word “dog” into apocalyptic Bible verse.