W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2014

Re: does accessKeyLabel expose user data?

From: Nick Doty <npdoty@w3.org>
Date: Wed, 10 Dec 2014 12:14:12 -0800
Cc: chaals@yandex-team.ru, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <2716612B-2FA0-4423-A414-FE599F7FC2F6@w3.org>
To: Joseph Lorenzo Hall <joe@cdt.org>
On Dec 10, 2014, at 7:06 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> 
> I'm wondering if there isn't a solution like an origin-specific "allow
> access to information about the keyboard and keyboard shortcuts" that
> the spec could recommend browser vendors implement here to mitigate this
> increased fingerprinting risk. HTML WG's scope may preclude making
> statements like that, I suspect.

That’s an interesting idea. I’m always a little hesitant to suggest more browser permissions, though. And I think this one would be a particular challenge for the user. It would take a particularly expert user to recognize that “allow access to information about the keyboard and keyboard shortcuts” might also imply “allow this site to remember me and guess what other pages/software I have open on my computer”. More relevant, I imagine it would be difficult for a UA to explain the resulting implications clearly.

Nick

Received on Wednesday, 10 December 2014 20:14:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC