Page MenuHomeMiraheze

CSP review for 1.1.1.1
Open, NormalPublic

Description

I would like for 1.1.1.1 to be in the CSP. This is because I would like to use their DoH server in scripts.

Cloudflare's recursive DNS' privacy policy is at https://developers.cloudflare.com/1.1.1.1/privacy/

Only connect-src would be needed.

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? Yes
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? No
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Yes?
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Sort of, privacyquestions@cloudflare.com
  • Is the site equipped with a security policy? Not specifically, part of PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? Not specifically, part of PP
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? Not specifically, contact through privacyquestions@cloudflare.com

Event Timeline

OrangeStar renamed this task from CSP review for dns.quad9.net to CSP review for 1.1.1.1.Feb 18 2024, 17:55
OrangeStar updated the task description. (Show Details)

Had to change to Cloudflare's 1.1.1.1 because Quad9 doesn't serve CORS headers, while Cloudflare does.

Reception123 triaged this task as Normal priority.EditedFeb 18 2024, 20:55
Reception123 subscribed.

Since you're part of the SRE team, feel free to do the initial review yourself if you want (which is then subject to approval by the DSRE). If not, I'll try to get to it next week.

Does Trust and Safety still handle the portion of CSP reviews as they relate to privacy and data protection, under the new WikiTide Foundation, or has it fully reverted to the SRE team?

In any case, this all seems reasonable to me, from a purely armchair capacity, from a privacy and data protection standpoint.

@Dmehus The new process has indeed reverted to SRE and no longer involves T&S.

@Dmehus The new process has indeed reverted to SRE and no longer involves T&S.

Ah, okay, sounds good! :)