Page MenuHomeMiraheze

Request to add aaside.bushimo.jp and argo-bdp.com to CSP whitelist (in order load external images)
Closed, DeclinedPublic

Description

In order to display the highest quality images possible, the wiki I host directly uses assets from the following websites:

https://aaside.bushimo.jp/
https://argo-bdp.com/

I'd like to request both sites to be added to the wiki's CSP whitelist if possible, please. I don't believe any of these websites pose any security threats or issues.

Thank you.

CSP REVIEW: https://dena.com/jp/privacy/app/dena_pp_en.html

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? NO, no mentions of GDPR
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? Unclear due to different language/difficulty searching
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unsure
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Likely yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? No, unclear
  • Is the site equipped with a security policy? Part of PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? Not very detailed
  • Is the website owner known to have a bad reputation regarding information security? Unclear due to different language/difficulty searching
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Doesn't seem like it

Event Timeline

GabbiNova triaged this task as Normal priority.Jul 12 2021, 15:30
GabbiNova created this task.
Unknown Object (User) removed GabbiNova as the assignee of this task.Jul 13 2021, 04:51
Unknown Object (User) added a project: Site Reliability Engineering.
Unknown Object (User) moved this task from Radar to Discussion on the Site Reliability Engineering board.Jul 13 2021, 04:52
Reception123 removed a subscriber: Unknown Object (User).Aug 24 2021, 19:05

@GabbiNova Hi, sorry for the delay here. Unfortunately it is difficult for me to figure out where the Privacy Policy for these websites is since they are in Japanese, would you mind pointing me to them?

Unknown Object (User) added a comment.Jan 21 2022, 23:54

https://dena.com/jp/privacy/app/dena_pp_ja.html

Seems to be the privacy policy for the company which manages both domains.

Reception123 claimed this task.

Unfortunately, per the assessment above this has to be declined for the moment. The privacy policy is quite short, does not attempt to comply with the GDPR and seems to have a long list of ways that it is able to provide personal information to third parties.