I posted this on the related task here, but I assumed it wasn't seen because it is closed. However, to recap, I would like to request adding Facebook back to the CSP. My use-case here is that I use Facebook's iFrame Page Plugin to show the newsfeed of the mobile game my wiki is about. They only have Facebook, no Twitter or anything, so I can only use Facebook as a newsfeed, and since I do not use Facebook outside of it, it makes it much easier for me to update my own wiki where there is an update in the game. However, if the security concern is too great, then I can reference it externally instead of on my wiki, it is just a lot less convenient for me.
Still, I implore you to reconsider, as there are other plugins on there that I can see other wikis using, such as certain embedded posts/comments, like buttons, a button to join the wiki's group (if they have a Facebook group), and like me, using the Page Plugin as a newsfeed.
Thank you very much in advance!
- Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? While GDPR isn't specifically mentioned, Facebook allows you to delete/rectify/etc. your data
- Does the site provide a list of personal data being collected by using the service? Yes. see PP
- Is the website owner known to have a bad reputation regarding privacy? It's complicated
- Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unsure
- Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Likely yes
- Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Yes
- Is the site equipped with a security policy? Yes, see PP
- Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? Don't see any specifics beyond general information
- Is the website owner known to have a bad reputation regarding information security? No
- Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? I don't see any particular way of contact besides generally support