Digital maps are a modern marvel – until they’re hijacked
For centuries, people have relied on maps to figure out where they are and where they’re going. But today’s digital maps — seemingly more precise than ever —aren’t always as dependable as they appear.
At the end of August, for instance, Snapchat users woke up early to find the app’s internal map had renamed New York City with the anti-Semitic label “Jewtropolis.” In Washington, D.C., Google Maps incorrectly renamed a Senate office building after the late Sen. John McCain a few days after his death on Aug. 25. Researchers have found numerous fake business listings in Google Maps for plumbers and hotels — apparent attempts to game search results and juice referral traffic.
Digital maps are a modern uber-convenience, capable of pinpointing nearby landmarks, shops and restaurants, highlighting traffic jams and navigating you to destinations across the country. Google, Apple and a variety of lesser-known companies constantly update these real world representations using a variety of sophisticated tools, from satellites in orbit to the phone in your hand.
But there’s another important input: crowdsourced data submitted by ordinary people, which can make today’s maps more like Wikipedia than Rand McNally. When the navigation app Waze flags a highway accident, for instance, it’s because drivers further down the road have reported it. Other unpaid volunteers submit information on new business locations, landmarks and even new roads.
All that is a bet that the wisdom of the crowd eventually ends up getting it right. But “eventually” can take a while, and in the meantime, pesky humans can still muck things up but good.
Take, for instance, the morning of Aug. 30, when users of Snapchat found New York City hatefully rebranded in the app’s map. In addition to the “Jewtropolis” label, prominent city landmarks bore ugly new names such as “Pedophile Bridge,” ”Zionist Cannibal Drive,” and “Adolph Hitler Memorial Tunnel.”
Snapchat and other apps such as The Weather Channel and Runkeeper rely on a company called Mapbox for their maps. Mapbox CEO Eric Gundersen said the company uses more than 130 sources of data. One of them is an open-source project similar to Wikipedia called OpenStreetMap.
There, a user made more than 80 anti-Semitic label changes in a “tirade” across New York and other places in early August; records of those changes show the anonymous user also abusively renamed London streets and dubbed Russia “Commieland.” The changes were reverted in OpenStreetMap less than two hours later by another contributor, other records show.
At Mapbox, however, the anti-Semitic changes remained in a pipeline of map edits where they languished for 20 days until human reviewers cleared a backlog. While Gunderson said that a Mapbox artificial-intelligence tool flagged the problem when it showed up and quarantined the abusive changes, a reviewer then mistakenly pushed through one of the edits anyway, overwriting correct data.
The OpenStreetMap Foundation, a not-for-profit group based in Cambridge, England, said in a blog post that the changes were reversed so quickly that no one noticed them until Mapbox served up the vandalized OpenStreetMap data to thousands of apps and websites.
“The vast majority of editors want to come together to build something great, and these massively outnumber the few bad apples,” the foundation said.
The king of digital cartography, Google Maps, doesn’t rely on far-flung contributors to the same extent as OpenStreetMaps. But it can still suffer fraudulent edits.
Much of Google Maps’ data gathering, such as satellite images or traffic information, is automated. But at the local level, some listings rely on labels suggested by users themselves. Those are vulnerable to attack, and Google has been fighting the problem for many years.
On Aug. 29, someone suggested the Russell Senate Office Building be renamed the “McCain Senate Office Building” on Google Maps, short-circuiting a change real senators had been contemplating at the time. The change got past Google’s automated and human screens, although it was reverted after it drew press attention. (Renaming talk has since died down in the real world as well.)
Google said in a statement to The Associated Press that over the years it has reduced fraud “to a very low incidence” and that “we’re always working on new and better ways to fight this type of behavior.”
Sam Hind, a researcher at the University of Siegen in Germany who studies navigation technology, said mapping developers have come to realize that their users collectively have better up-to-date local knowledge than their own teams can collect.
“Of course, this comes with a catch — that you can rely on the veracity of the knowledge, and that you can somehow verify this,” he said.
That’s an issue for business listings on Google Maps. The company makes it easy to add new business listings to its map, in part to entice small business owners into advertising with Google to attract nearby customers.
That opens the door to abuse. Just ask Greg Psitos, a 33-year-old florist in Queens, New York. In February, someone hijacked his Google Maps listing and changed his hours to “closed” on Valentine’s Day — what should have been one of his busiest days of the year.
“Someone had controlled that listing for four years and I didn’t know any better,” Psitos said, adding that it took months to reclaim it.
Since then, he’s been on a crusade to draw attention to the problem. In one stunt, he fooled Google Maps into believing his flower shop is home to both news network CNN and Trump Palace . Both of these listings were still present and searchable on Google Maps when this article was published.
“I’m a florist,” Psitos said. “Now I’m a Google Maps savant.”
In a Google study of the problem , Princeton postdoc researcher Danny Yuxing Huang used data on hundreds of thousands of business listings Google identified as fraudulent. A large number were for on-call contractors such as locksmiths and plumbers, who created listings in different neighborhoods to drum up business. In one technique, fraudsters would set up multiple listings from a single address, then move their map pins to new locations.
Detecting such problems is a challenge, Huang said, since it makes sense to let legitimate owners correct data issues from faulty mapping. “I personally think it’s quite difficult to balance this,” he said.