Page MenuHomeMiraheze
Create Task
Maniphest T7880

Review Imgbox CSP Entry
Closed, ResolvedPublic
Actions

Description

CSP REVIEW

  • Is the site equipped with a privacy policy? Yes, however an unusually short one
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? No, however similarly to Imgur (see T7881) they emailed me and said that "The information we preserve is the email you used to register and IP sessions."
  • Does the site provide a list of personal data being collected by using the service? No
  • Is the website owner known to have a bad reputation regarding privacy? No
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unclear but potentially no, "You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website."
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Due to the nature of the website likely yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? No
  • Is the site equipped with a security policy? No
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? No
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? No

Related Objects

Event Timeline

John triaged this task as Normal priority.Aug 28 2021, 19:22
John created this task.
Herald added a subscriber: RhinosF1. · View Herald TranscriptAug 28 2021, 19:22
Reception123 updated the task description. (Show Details)Aug 31 2021, 11:32
Herald added a subscriber: Unknown Object (User). · View Herald TranscriptAug 31 2021, 11:32
Reception123 subscribed.Aug 31 2021, 11:33

This one appears to be very lacking if we look at our CSP checklist. Due to its nature (just image hosting) it could potentially still make it but a second opinion would be appreciated before it can move further down the line or be declined.

Unknown Object (User) added a comment.Sep 1 2021, 14:21

 I can venture a guess that it might not collect such personal data?

I don't think we should be guessing on that.

Reception123 added a comment.Sep 1 2021, 14:32
In T7880#159936, @Universal_Omega wrote:

 I can venture a guess that it might not collect such personal data?

I don't think we should be guessing on that.

Indeed, that's why I asked for a second opinion as I'm not quite sure.

Reception123 added a comment.Sep 7 2021, 06:29

I've emailed them and they confirmed to me that "The information we preserve is the email you used to register and IP sessions." so in that case I'll pass the review to T&S for further review.

Reception123 updated the task description. (Show Details)Sep 7 2021, 06:29
Reception123 moved this task from SRE Review to T&S Review on the CSP Review board.
Reception123 added a project: Trust & Safety.
Owen moved this task from T&S Review to DSRE Review on the CSP Review board.Sep 10 2021, 16:43
Owen subscribed.

IP addresses can't be linked in a way to create an individual user profile, email address would be out of scope of Miraheze's purview. Therefore, this can be approved.

John closed this task as Resolved.Sep 11 2021, 10:19
John claimed this task.
John moved this task from DSRE Review to Completed on the CSP Review board.