- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Tue, 31 May 2011 09:56:54 -0400
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: Adam Barth <w3c@adambarth.com>, public-web-security@w3.org, masatokinugawa@gmail.com
On Mon, May 30, 2011 at 6:47 PM, sird@rckc.at <sird@rckc.at> wrote: > Or said in a different way, instead of making everyone in the world > adapt to CSP, find a solution (maybe not the one I suggested, but any) > that just works, or.. CSP will be only used by Paypal.. (instead of > GMail, Facebook, Yahoo, Wikipedia, BBS, etc..) This is tangential, but: actually, this particular issue is not a problem at all for Wikipedia. As a matter of policy, using Wikipedia does not load resources from any site not controlled by Wikimedia or a Wikimedia chapter, because that would leak personal information about Wikipedia users to third parties, which is prohibited by Wikimedia's privacy policy (as it's generally interpreted, to the best of my knowledge): http://wikimediafoundation.org/wiki/Privacy_policy#Access_to_and_release_of_personally_identifiable_information CSP would be very interesting to Wikipedia, because there have been cases where volunteer admins of smaller projects have added links to Analytics or similar, not knowing about the privacy policy.
Received on Tuesday, 31 May 2011 13:57:39 UTC