Page MenuHomeMiraheze
Create Task
Maniphest T6771

Request to allow archive.org embedding for tuscriaturas wiki
Closed, DeclinedPublic
Actions

Description

Hi, my wiki https://tuscriaturas.miraheze.org/ is focused on bestiaries, creatures, and fiction.
That said, I would like to ask if archive.org could be added as an allowed page (if not for Miraheze, at least for my wiki) because Archive holds a lot of pdfs and a online interactive viewer for the books.
https://dev.miraheze.org/wiki/Replacements_for_the_Widgets_extension
I think it would be a cool thing to add to tuscriaturas, to provide an embed iframe, so my wiki readers can read the archive books without having to leave the wiki.

Event Timeline

Avengium created this task.Jan 25 2021, 11:47
Herald added subscribers: Unknown Object (User), RhinosF1. ยท View Herald TranscriptJan 25 2021, 11:47
Reception123 triaged this task as Normal priority.Jan 25 2021, 12:07
Reception123 added a project: Site Reliability Engineering.
Reception123 subscribed.

I personally have no issues to add this to the CSP. Will need one other SRE member to agree :)

Dmehus subscribed.EditedJan 25 2021, 13:49

I'll give my ๐Ÿ‘ to this as a Steward. Without the Widgets extension, we need to be more liberal with whitelisting websites that play embeddable media content, especially non-controversial, non-problematic videos, images, and sound recordings. The Internet Archive hosts a plethora of such content, and is akin to Vimeo and YouTube, which are already whitelisted. So, this is just a natural extension of a whitelist authorization that's already occurred.

Looks like we should only need to whitelist archive.org actually.

RhinosF1 added a comment.Jan 25 2021, 13:53

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

Dmehus added a comment.Jan 25 2021, 13:54
In T6771#133207, @RhinosF1 wrote:

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

Huh? This makes no sense.

RhinosF1 added a comment.Jan 25 2021, 13:55

You wrote:

Without the Widgets extension, we need to be more liberal with whitelisting websites that play embeddable media content, especially non-controversial, non-problematic videos, images, and sound recordings.

My response is I'm not sure how you expect policy to be more liberal on adding things to the CSP.

Reception123 added a comment.Jan 25 2021, 14:03
In T6771#133207, @RhinosF1 wrote:

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

RhinosF1 added a comment.Jan 25 2021, 14:06
In T6771#133210, @Reception123 wrote:
In T6771#133207, @RhinosF1 wrote:

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

Dmehus added a comment.Jan 26 2021, 01:59
In T6771#133211, @RhinosF1 wrote:
In T6771#133210, @Reception123 wrote:
In T6771#133207, @RhinosF1 wrote:

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

@RhinosF1 Well of course we don't want to allow just any site, but I'm just saying that for well established, trusted websites like Internet Archive, we should be more relaxed. If the site is not as well known, then yeah, multiple SREs should review the site, and it should take a bit longer to either approve or decline.

Unknown Object (User) added a comment.Jan 26 2021, 09:13
In T6771#133224, @Dmehus wrote:
In T6771#133211, @RhinosF1 wrote:
In T6771#133210, @Reception123 wrote:
In T6771#133207, @RhinosF1 wrote:

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

@RhinosF1 Well of course we don't want to allow just any site, but I'm just saying that for well established, trusted websites like Internet Archive, we should be more relaxed. If the site is not as well known, then yeah, multiple SREs should review the site, and it should take a bit longer to either approve or decline.

We can't really be more relaxed. Already almost every site is approved as long as not dangerous, that's already as liberal as can-be in it.

RhinosF1 added a comment.Jan 26 2021, 09:15

Regarding the number of SRE needed to approve, it's 2 which I don't think is that hard to find. That shouldn't be causing any significant delay.

Redmin subscribed.Jan 26 2021, 11:38

Just noting (as this particular discussion has received comments from non-SRE) that pages on archive.org may have malware and potentially even copyright infringing content which is one of the reasons it is blocked in some countries. That may cause Miraheze to be blocked in such countries as well.

Reception123 added a comment.Jan 26 2021, 18:12

The issue with the CSP still remains that there isn't really a very clear criteria or rationale for what we approve and what we don't. So far it's mostly been "if it's not dangerous it's okay to approve" though as it has been pointed out the system has been quite liberal and few requests have been declined.

I'm not very sure how to proceed... On one hand the argument advanced by @Dmehus makes sense as we do want to give users alternatives after we disabled Widgets. On the other hand however, the CSP was created to prevent users from embedding things from all sort of shady sites and it is true that with a site such as Internet Archive many things can be posted there without necessarily being checked before by a moderation team, so they could potentially be dangerous. In the end, we must decide if it's worth taking the risk and being very lenient with the CSP (but then it has a limited purpose?) or being safe and approving less sites.

Dmehus added a comment.EditedJan 27 2021, 00:56
In T6771#133352, @Reception123 wrote:

The issue with the CSP still remains that there isn't really a very clear criteria or rationale for what we approve and what we don't. So far it's mostly been "if it's not dangerous it's okay to approve" though as it has been pointed out the system has been quite liberal and few requests have been declined.

I'm not very sure how to proceed... On one hand the argument advanced by @Dmehus makes sense as we do want to give users alternatives after we disabled Widgets. On the other hand however, the CSP was created to prevent users from embedding things from all sort of shady sites and it is true that with a site such as Internet Archive many things can be posted there without necessarily being checked before by a moderation team, so they could potentially be dangerous. In the end, we must decide if it's worth taking the risk and being very lenient with the CSP (but then it has a limited purpose?) or being safe and approving less sites.

I'm not aware of Internet Archive hosting any malware, somewhat narrowly construed, to be honest. It's chiefly a source of hosting free e-books (usually in PDF or EPUB format), video, and audio recordings.

It's definitely a safe site to whitelist, I would argue.

If there's concerns that the site may, occasionally or rarely, harbour content of which we'd not approve of, then that's an argument to creating a global abuse filter that produces a log/warning only (so we can track it in #cvt-feed on on IRC and review). We could basically trigger an abuse filter log/warning message when any link is added that is not either a PDF/EPUB file, a common video recording format, or a common sound recording format.

John edited projects, added Infrastructure (SRE); removed Site Reliability Engineering.Jan 30 2021, 11:45
John moved this task from Incoming to Short Term on the Infrastructure (SRE) board.Jan 30 2021, 12:16
Unknown Object (User) added a comment.Feb 25 2021, 22:36

Copying my reply on GitHub:
I don't personally think this is the best idea to allow this. Not every thing in archive.org is safe.

Dmehus added a comment.Feb 25 2021, 22:41
In T6771#136022, @Universal_Omega wrote:

Copying my reply on GitHub:
I don't personally think this is the best idea to allow this. Not every thing in archive.org is safe.

Well, it's not clear to me what we're aiming to prevent by rejecting this. Unsafe links can still be linked to whether the site is whitelisted or not.

Rejecting what is overwhelming a safe, free, and public video and sound recording service would do a great disservice to Miraheze users. If there's concerns about non-video/sound recording/e-book/e-document files, a global abuse filter could be created that disallows embedding of Internet Archive files not in a given extension.

Cheers,
Doug

Redmin awarded a token.Feb 26 2021, 15:48
Unknown Object (User) added a comment.Mar 7 2021, 05:42

if not for Miraheze, at least for my wiki

I would like to note that our CSP whitelist is global, and therefore not currently possible to do it on a per-wiki basis.

Paladox subscribed.Mar 7 2021, 15:50

We need to be a bit more conservative as the header is quite big now. And with the concerns regarding security, I'm going to put ๐Ÿ‘Ž on this.

John closed this task as Declined.Mar 7 2021, 15:54
John claimed this task.