Page MenuHomeMiraheze

Request to allow archive.org embedding for tuscriaturas wiki
Open, NormalPublic

Description

Hi, my wiki https://tuscriaturas.miraheze.org/ is focused on bestiaries, creatures, and fiction.
That said, I would like to ask if archive.org could be added as an allowed page (if not for Miraheze, at least for my wiki) because Archive holds a lot of pdfs and a online interactive viewer for the books.
https://dev.miraheze.org/wiki/Replacements_for_the_Widgets_extension
I think it would be a cool thing to add to tuscriaturas, to provide an embed iframe, so my wiki readers can read the archive books without having to leave the wiki.

Event Timeline

Reception123 triaged this task as Normal priority.Jan 25 2021, 12:07
Reception123 added a subscriber: Reception123.

I personally have no issues to add this to the CSP. Will need one other SRE member to agree :)

I'll give my 👍 to this as a Steward. Without the Widgets extension, we need to be more liberal with whitelisting websites that play embeddable media content, especially non-controversial, non-problematic videos, images, and sound recordings. The Internet Archive hosts a plethora of such content, and is akin to Vimeo and YouTube, which are already whitelisted. So, this is just a natural extension of a whitelist authorization that's already occurred.

Looks like we should only need to whitelist archive.org actually.

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

Huh? This makes no sense.

You wrote:

Without the Widgets extension, we need to be more liberal with whitelisting websites that play embeddable media content, especially non-controversial, non-problematic videos, images, and sound recordings.

My response is I'm not sure how you expect policy to be more liberal on adding things to the CSP.

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

@RhinosF1 Well of course we don't want to allow just any site, but I'm just saying that for well established, trusted websites like Internet Archive, we should be more relaxed. If the site is not as well known, then yeah, multiple SREs should review the site, and it should take a bit longer to either approve or decline.

I'd question how we can be more liberal when the only thing I can imagine we wouldn't allow would be a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for.

E.g. Malware hosting, illegal content or something otherwise clearly inappropriate to be placed on a wiki under our content policy or something that would be only used to place advertisements or monetise a wiki.

The second point would be a request that was either pointless as it wouldn't solve the issue or one where it was requested because a random person at some point in the future might want it rather than a use case

What do you mean by "a site known for breaches of an applicable Miraheze global policy or a site that no one has a use for."?

The above should answer.

@RhinosF1 Well of course we don't want to allow just any site, but I'm just saying that for well established, trusted websites like Internet Archive, we should be more relaxed. If the site is not as well known, then yeah, multiple SREs should review the site, and it should take a bit longer to either approve or decline.

We can't really be more relaxed. Already almost every site is approved as long as not dangerous, that's already as liberal as can-be in it.

Regarding the number of SRE needed to approve, it's 2 which I don't think is that hard to find. That shouldn't be causing any significant delay.

Just noting (as this particular discussion has received comments from non-SRE) that pages on archive.org may have malware and potentially even copyright infringing content which is one of the reasons it is blocked in some countries. That may cause Miraheze to be blocked in such countries as well.

The issue with the CSP still remains that there isn't really a very clear criteria or rationale for what we approve and what we don't. So far it's mostly been "if it's not dangerous it's okay to approve" though as it has been pointed out the system has been quite liberal and few requests have been declined.

I'm not very sure how to proceed... On one hand the argument advanced by @Dmehus makes sense as we do want to give users alternatives after we disabled Widgets. On the other hand however, the CSP was created to prevent users from embedding things from all sort of shady sites and it is true that with a site such as Internet Archive many things can be posted there without necessarily being checked before by a moderation team, so they could potentially be dangerous. In the end, we must decide if it's worth taking the risk and being very lenient with the CSP (but then it has a limited purpose?) or being safe and approving less sites.

The issue with the CSP still remains that there isn't really a very clear criteria or rationale for what we approve and what we don't. So far it's mostly been "if it's not dangerous it's okay to approve" though as it has been pointed out the system has been quite liberal and few requests have been declined.

I'm not very sure how to proceed... On one hand the argument advanced by @Dmehus makes sense as we do want to give users alternatives after we disabled Widgets. On the other hand however, the CSP was created to prevent users from embedding things from all sort of shady sites and it is true that with a site such as Internet Archive many things can be posted there without necessarily being checked before by a moderation team, so they could potentially be dangerous. In the end, we must decide if it's worth taking the risk and being very lenient with the CSP (but then it has a limited purpose?) or being safe and approving less sites.

I'm not aware of Internet Archive hosting any malware, somewhat narrowly construed, to be honest. It's chiefly a source of hosting free e-books (usually in PDF or EPUB format), video, and audio recordings.

It's definitely a safe site to whitelist, I would argue.

If there's concerns that the site may, occasionally or rarely, harbour content of which we'd not approve of, then that's an argument to creating a global abuse filter that produces a log/warning only (so we can track it in #cvt-feed on on IRC and review). We could basically trigger an abuse filter log/warning message when any link is added that is not either a PDF/EPUB file, a common video recording format, or a common sound recording format.

Copying my reply on GitHub:
I don't personally think this is the best idea to allow this. Not every thing in archive.org is safe.

Copying my reply on GitHub:
I don't personally think this is the best idea to allow this. Not every thing in archive.org is safe.

Well, it's not clear to me what we're aiming to prevent by rejecting this. Unsafe links can still be linked to whether the site is whitelisted or not.

Rejecting what is overwhelming a safe, free, and public video and sound recording service would do a great disservice to Miraheze users. If there's concerns about non-video/sound recording/e-book/e-document files, a global abuse filter could be created that disallows embedding of Internet Archive files not in a given extension.

Cheers,
Doug