W3C home > Mailing lists > Public > www-dom@w3.org > October to December 2010

Re: privacy (Re: Agenda: DOM3 Events Telcon, 21 April 2010)

From: James Craig <jcraig@apple.com>
Date: Fri, 22 Oct 2010 09:38:38 -0700
Message-id: <79574BA5-D16C-4C45-98BF-AD55A682071E@apple.com>
Cc: "Olli@pettay.fi" <Olli@pettay.fi>, Olli Pettay <Olli.Pettay@helsinki.fi>, Richard Schwerdtfeger <schwer@us.ibm.com>, Cynthia Shelly <cyns@exchange.microsoft.com>, Janina Sajka <janina@rednote.net>, "Gregory J. Rosmaita" <oedipus@hicom.net>, "Olli.Pettay@gmail.com" <Olli.Pettay@gmail.com>, Doug Schepers <schepers@w3.org>, Travis Leithead <Travis.Leithead@microsoft.com>, "www-dom@w3.org" <www-dom@w3.org>
To: David Bolter <david.bolter@gmail.com>
Since that part of the spec is outside the scope of the DOM group, let's discuss it on the X-Tech or PFWG lists. 

We recommend browsers adopt a security/privacy policy similar to location requests, where the user can disallow access entirely, or on a per domain basis. For example, if your webmail provider asked for that info, you'd be inclined to allow it, but if say ad servers asked for it, I'd be inclined to disallow it.

We envision these mainly as a way to determine whether or not the web app should listen for certain events and fire certain methods. On high performance web applications, it's unwise to run any code that isn't going to be used. An author could use this for example, do determine whether a screen magnifier was running, and if so, trigger the appropriate calls to the magnifier.focusPosition method.

It's beside the point though. Skilled authors can already determine whether or not screen readers are likely to be running by inspecting the event order and properties that come in to the web app. That will become even easier once the other notification requests make it into a build. 

The intention of this is to make it easier for authors to provide a better accessible experience, and by doing so make it more likely for users of assistive technology to receive a more accessible experience. Every technology has the potential for abuse, but I believe these benefits outweigh the risks.

On Oct 22, 2010, at 6:36 AM, David Bolter <david.bolter@gmail.com> wrote:

> On 13/10/10 10:58 AM, Olli Pettay wrote:
>> On 10/13/2010 04:57 PM, Richard Schwerdtfeger wrote:
>>> > (4)
>>> > Why the need for ScreenReaderID or MagnifierID?
>>> > Yet another way to fingerprint user and/or write
>>> > code which might break particular screenreader or magnifier
>>> > and cause security problems.
>>> >
>>> For the discussion we were trying to limit this to device independent
>>> events. I have privacy issues around the screen reader and magnifier ids.
> Has this topic been discussed? I also have serious concerns about privacy here.
> Cheers,
> David
Received on Friday, 22 October 2010 16:39:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 10:46:16 UTC