[Bug 10994] accessKeyLabel can expose new information about the user and possibly also other origins


Aryeh Gregor <Simetrical+w3cbug@gmail.com> changed:

           What    |Removed                     |Added
                 CC|                            |Simetrical+w3cbug@gmail.com

--- Comment #1 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2010-10-08 20:38:48 UTC ---
On the other hand, this is a useful feature, and axing it would be sad. 
MediaWiki has to do a lot of guesswork here to create useful tooltips, which
will fail on even slightly exotic browsers:


The is_* variables there are basically just UA-string regexes.

All major browsers use a consistent key assignment scheme as far as I know, so
that should normally add no information beyond the UA string.  People using
obscure browsers are already easy to fingerprint.

The only people who would be more easily fingerprinted seem like they'd be
people using weird configurations, where the accesskey is non-default -- but is
this really an issue?  Surely there are lots of obscure configuration options
in various browsers that will increase fingerprintability a lot.

If fingerprinting is an issue, the browser can ignore the user option's value
when reporting the accesskey.  That will result in incorrect info being
reported to the user by the website, maybe, but it's better than currently.

This feature would still be useful if it always returned some fixed prefix that
depends only on the browser concatenated with the value of the accesskey
attribute.  That would cover the large majority of cases.  If that's what's
needed to avoid security problems, I think it's preferable to killing the
feature altogether.

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 8 October 2010 20:38:51 UTC