openstreetmap
tools.usps.com
Is it maybe reported already?
- [X] I have searched the existing issues, it is not reported already
Before you submit this form, please ensure the following criteria are met:
- [X] The website/app in question uses map tiles hosted by the OpenStreetMap foundation (https://tile.openstreetmap.org).
- [X] The website/app does not have proper attribution. (https://osmfoundation.org/wiki/Licence/Attribution_Guidelines)
- [X] The usage of the tiles is non-trivial. (Not a development site, not test code, not a personal project with negligible traffic, etc.)
- [X] You have contacted the website/app owner or representative using the Love Letter model/template (https://osmfoundation.org/wiki/Licence/Attribution_Reminder_Templates) more than a week ago and no proper attribution has been added.
- [ ] Or you have made a good faith effort to find working contact information for the website/app owner or representative but were unable to find a means to contact them.
Date and time of the message (has it happened more than a week ago?):
10th of May 16:24 CEST
Where did you send it?
To their support https://www.usps.com/help/contact-us.htm
Please paste the content of the Love Letter you sent to the map user here.
The infringement is a:
- [X] website
- [ ] app or other
Please drag and drop or attach the screenshot showing the map without proper attribution here.
Where it is happening?
https://tools.usps.com/locations/home.htm
You need to enter a ZIP code (e.g. 10001).
Previous Reports:
No response
Thanks for reporting!
I am trying to reach out to them as serious government organization seems more likely to be persuaded than some fly-by-night company, and there may be some proper official way of contacting them more likely to result in some fix.
(from my experience with government in another country - they typically have some contact channels where contact will result in prompt response while "contact us" forms at their websites often go straight into trash.
So I will not apply block right now, but I will do this if new efforts will fail.
Maybe we can abuse their vulnerability disclosure programme: https://hackerone.com/usps
Seems like a very effective way to get in touch with an actual developer, and 'bugs' can be reported too.
Edit: I have made a bug report via Hacker One. Their bug bountry programme is managed by Hacker One, so it may not make it past triage.
HackerOne (representing USPS) got back to me:
After review, there doesn’t seem to be any significant security risk and/or security impact as a result of the behavior you are describing. There is no impact to this.
I attempted to contact them via their website (refuses to work without US address) and through https://www.facebook.com/USPS (refused to work outside US working hours, will retry)
After review, there doesn’t seem to be any significant security risk and/or security impact as a result of the behavior you are describing.
Well, it was longshot. I guess that degradation of features (blocking map tiles) is not exactly a security risk.
I will give a call to their technical support today during US business hours.
If that doesn't work out, we should probably give up, block them, and hope someone finally gets notified.
I may try writing on US forum whether anyone has idea how to contact them (or maybe we will be lucky and get USPS employee).
Hello,
I asked a friend of mine at USPS about that. The website is its own entity different from the day to day operation of USPS. Even him had no clear idea on how to reach the website people.
On Mon, May 20, 2024 at 9:20 AM Mateusz Konieczny @.***> wrote:
Found their email and posted it there.
— Reply to this email directly, view it on GitHub https://github.com/openstreetmap/tile-attribution/issues/49#issuecomment-2120779381, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMRCE777463QJJTUZBSJ5DZDIPGTAVCNFSM6AAAAABH3CL57KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRQG43TSMZYGE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I reported it yesterday via mail, got automatic mail back with promise of response within 48 hours.
Tracking number: ref:!00Dj00GyYH.!500BY02LFVT:ref
Perhaps you could reach out to the folks at Medallia that build this application?
Edit: Scratch, that--it's just the USPS's vendor for filing service tickets.
It's been 14 days since I sent my message, and 7 days since I sent a reminder. No replies.
@watmildon and I would like to take a pass at making the right connections with USPS. You know how generic tech support e-mail can be. We'll try to get in touch with them starting on Tuesday because of the US holiday on Monday.
If you can afford more time before cutting them off from the tile server, that would be great. However, I understand if their usage is too much of a burden to allow it to continue. If we need to cut them off, I'd just like to know so we can include that in our communication.
Reasonable attempts have been made at contacting the USPS. Marking this one as accepted.
I closed the issue, so it shouldn't be picked up.
Thanks everyone! 👍
issues = client.issues(repo, state: 'open', labels: 'accepted')
Yes, only issues that are open create an active block. You did the right thing!
Good thing the accepted label is removed though, otherwise I would have too much power.
Ah, the 'accepted' label can stay, this was a valid issue, although the point is moot now.
The code filters for issues that are both open and 'accepted'.