- From: <bugzilla@jessica.w3.org>
- Date: Wed, 03 Aug 2011 18:23:48 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13617 Summary: Protecting privacy of accessibility settings Product: HTML WG Version: unspecified Platform: All OS/Version: All Status: NEW Keywords: a11y, a11ytf Severity: normal Priority: P2 Component: HTML5 spec (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: gcl-0039@access-research.org QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org, public-html-a11y@w3.org HTML5 needs to address concerns about the privacy of a user's accessibility settings. A user should be able to use a web site or document confident that its owners will not be able to infer the user's disabilities merely by querying settings in the user's browser, or at least not without their permission. This will avoid the risk of such information to be sold or used to discriminate against the user in hiring, housing, obtaining insurance, etc. We have already identified several ways that malicious web content could get such accessibility information, but there are undoubtedly more. Both their levels of risk and options for guarding them vary widely. It is possible that some information could be guarded using voluntary disclosure, allowing the user to choose which components can have access to potentially sensitive information. Examples include: querying the browser identity and finding it is an accessibility aid (e.g. Emacspeak); looking at size or color of rendered elements to identify large print or high contrast settings (e.g. from a user style sheet, or from disabling the option that lets sites choose their own fonts and colors); querying platform and user agent accessibility settings that may be exposed in the future (e.g. script asking for the platform's "High Contrast Mode" flag, which is not currently exposed but may/should be in the future); watching to see whether controls are activated using mouse or keyboard (e.g. whether control activation is preceded by mousedown or keydown); detecting that display of images is disabled (e.g. images embedded on the page are not being downloaded from the server); examining the DOM for accesskeys or labels added by the user agent (e.g. the Mouseless Browsing browser extension). -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Wednesday, 3 August 2011 18:23:49 UTC