Page MenuHomeMiraheze

Review Libera.chat CSP entry
Closed, ResolvedPublic

Description

libera.chat

CSP REVIEW

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? While there is no explicit mention of the GDPR users are provided with the option to access/modify/delete their information
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? No
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Yes, domain is a IRC provider.
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Unclear if specific privacy team exists but PP directs to policy@libera.chat
  • Is the site equipped with a security policy? Not that I can see
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? No
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Not that I can see

Event Timeline

Reception123 triaged this task as Normal priority.Aug 31 2021, 11:41
Reception123 created this task.
Unknown Object (User) added a comment.Sep 1 2021, 06:00

I have updated the CSP (merged by @Reception123) to just use web.libera.chat instead of the unnecessary wildcard.

While Libera.chat seems to be lacking when it comes to our security checklist due to its nature (an IRC network) in my opinion it could be approved. Passing onto T&S for review.

Owen subscribed.

Assessment looks good.

John claimed this task.
John moved this task from DSRE Review to Completed on the CSP Review board.