W3C home > Mailing lists > Public > public-html@w3.org > October 2010

[Bug 10994] New: accessKeyLabel can expose new information about the user and possibly also other origins

From: <bugzilla@jessica.w3.org>
Date: Fri, 08 Oct 2010 12:02:18 +0000
To: public-html@w3.org
Message-ID: <bug-10994-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=10994

           Summary: accessKeyLabel can expose new information about the
                    user and possibly also other origins
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: simonp@opera.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Since accesskeys are chosen depending on the user's platform and available keys
and available key bindings in the browser/OS, accesskeyLabel exposes that
information about the user which was not possible before, i.e. it increases the
fingerprinting.

Moreover, if a browser considers accesskeys from cross-origin iframes when
assigning a key, accessKeyLabel exposes information about the cross-origin
iframed document (if it uses accesskeys) which was not possible before, e.g. it
might be possible to tell if the user is logged in on the other site.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Friday, 8 October 2010 12:02:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:20 UTC