- From: David Singer <singer@apple.com>
- Date: Mon, 27 Apr 2015 08:58:51 -0700
- To: chaals@yandex-team.ru
- Cc: bernard <ei8fdb@ei8fdb.org>, Katie Haritos-Shea GMAIL <ryladog@gmail.com>, Nicholas Doty <npdoty@ischool.berkeley.edu>, Joseph Lorenzo Hall <joe@cdt.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-id: <3704F583-45CF-44BA-A6FB-D7C10E5BC2F3@apple.com>
> On Apr 26, 2015, at 12:01 , chaals@yandex-team.ru wrote: > > 26.04.2015, 17:45, "bernard" <ei8fdb@ei8fdb.org>: >>> On 26 Apr 2015, at 06:11, chaals@yandex-team.ru wrote: >>> >>> 22.04.2015, 15:36, "Bernard Tyers" <ei8fdb@ei8fdb.org>: >>>> I haven’t had a chance yet to pass my screen reader over it, but I wonder how the obfuscated font will work with assistive technologies? Has anyone tried it yet? >>>> >>>> When I get some desk space and proper Internet I’ll give it a try and see what I find. >>> I had a very quick look, and it creates random text replacing stuff. Which doesn't play well in a screen reader… >>> >>> Did I miss something? >> >> Let me guess you were using Firefox or Chrome? Initially I was getting the exact same issue as you when I tried this, I wrote some text and copy-pasted it into a blogpost: > > Using Yandex browser alpha, on MacOS, and VoiceOver > > I opened the page and pasted some text in to generate the magic codes. > > I got the random text, which looked like a CAPTCHA - hard-to-read versions of the text, and was read by VoiceOver as junk. > >> http://www.ei8fdb.org/thoughts/2015/04/w3c-public-privacy-thread/ >> >> I got random text, and thought it was broken. It seems the webfont isn't loading for me because the SSL cert on the URL hosting the webfont has expired (!) and so my browsers didn’t want to load it. >> >> Following the link to the webfont: https://fontemutante.com.br/uploads/font_mutante/file/1/Mutante_fast_mix.ttf >> and accepting the expired cert allows you to download and install the font to your system. > > As far as I can tell what they do is simply remap glyphs to different underlying characters - a bit like using ROT-13 substitution (a simple cypher many primary school kids play with - http://en.wikipedia.org/wiki/ROT13 explains it for those who missed out or want a reminder). > > Which means the underlying text, which is what e.g. a screenreader uses, becomes unreadable, relying on the font to make it *look* like the text it was. > > This approach seems to substantially fail its original goal, since it is feasible to use OCR to see what was being rendered if you are trying to track the user. But because screenreaders don't do that it also breaks for actual people. :( well, and it’s a substitution cipher, which are hardly the state of the art and fairly easily cracked. However, I think the point is hat keyword scanners etc. may be thrown off. of course, that also means spam filters will not see it as spam… > > cheers > >> Leaving aside the (important) issue of the expired SSL cert for a moment, the results using a screen reader are not promising. >> >> Using JAWS on Windows (version 16) screenreader it cannot interpret the text in any of Chrome, Firefox. >> >> On OS X both Firefox and Chrome can “decipher” the text visually but it is not readable by VoiceOver. Safari cannot decipher it visually >> >> Here is a short video I’ve recorded to illustrate the issue on OS X: >> >> https://youtu.be/2-DOFRsx6jw >> >> NB: The video is not listed, so please share responsibly. >> >> I have a contact in Amnesty International who I have forwarded this to. >> >> Any thoughts on this? >> >> Thanks, >> Bernard > > -- > Charles McCathie Nevile - web standards - CTO Office, Yandex > chaals@yandex-team.ru - - - Find more at http://yandex.com David Singer Manager, Software Standards, Apple Inc.
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Monday, 27 April 2015 15:59:19 UTC