Re: does accessKeyLabel expose user data?

On Dec 10, 2014, at 7:06 AM, Joseph Lorenzo Hall <> wrote:
> I'm wondering if there isn't a solution like an origin-specific "allow
> access to information about the keyboard and keyboard shortcuts" that
> the spec could recommend browser vendors implement here to mitigate this
> increased fingerprinting risk. HTML WG's scope may preclude making
> statements like that, I suspect.

That’s an interesting idea. I’m always a little hesitant to suggest more browser permissions, though. And I think this one would be a particular challenge for the user. It would take a particularly expert user to recognize that “allow access to information about the keyboard and keyboard shortcuts” might also imply “allow this site to remember me and guess what other pages/software I have open on my computer”. More relevant, I imagine it would be difficult for a UA to explain the resulting implications clearly.


Received on Wednesday, 10 December 2014 20:14:27 UTC