- From: Joshue O Connor <joconnor@w3.org>
- Date: Fri, 17 Jan 2020 11:54:35 +0000
- To: public-privacy@w3.org
- Cc: "group-apa-chairs@w3.org" <group-apa-chairs@w3.org>
- Message-ID: <d4a8aea6-bdaf-f5f3-f73b-1e5551300781@w3.org>
Hi all, I've had a look at the 'Privacy Threat Model' spec and here are my thoughts. Note, this does not represent a formal review from APA (chairs list cc'ed here) but I hope it is useful. From an accessibility perspective, under the 'High Level Threats' section there are attacker goals that will be useful to discuss. In particular with regard to browser fingerprinting of people with disabilities due to their bespoke personalisation settings and Assistive Technologies. These could be high-contrast mode, or large text sizes, but are not limited to that. [1] For example, Symbol sets (AAC type) may be used as a default in the browser, which if 'seen' by an attacker can arguably be used to identify a user with a cognitive disability. [2] Also currently under some of the brainstormed threats - you have listed: #Benign information disclosure (connected hardware [game controller or assistive device], system preferences [like dark mode]…) I think the classification for some accessibility related use cases would be 'Sensitive Information'. I'm thinking this kind of personalisation requests to user agents, or the disclosure of information regarding potentially vulnerable people, may be better thought of as 'Sensitive' and treated as such. The potential threat to the individual should taken as seriously as access to someone's credit card information IMO. From my reading of the Threat model spec, these threats are mostly of the type, 'Correlation', 'Disclosure' threats. Regarding the Anti-Tracking table (and boy is that vertical text hard to read - also it is not clear exactly what text relates to what - so a suitable caption is required at a minimum). There is some very interesting stuff in there, and I'm wondering if this is the place for something on the threat of browser fingerprinting and for ideas on combatting it? Apologies if fingerprinting related use cases etc belong in some other spec, please advise. As a final thought as user customisation and personalization relating to creating more accessible UIs becomes more advanced, issues of privacy etc will become much more relevant. For example, APA have recently published a spec 'Personalization Semantics Content Module 1.0' that proposed use cases and a vocabulary of accessibility related semantics that can be used to customise a UI. From the perspective of the PING, the mere presence of these semantics within a source file, could be used to identify a person with a disability using these type of UIs (if enabled in the browser via a user preference.) I hope this help, comments etc welcome. Thanks Josh [1] https://w3cping.github.io/privacy-threat-model/#high-level-threats [2] https://globalsymbols.com/symbolsets?locale=en [3] https://raw.githack.com/w3c/personalization-semantics/f48303d97b8744887549c032f6ea9954d13fe165/content/index.html -- Emerging Web Technology Specialist/Accessibility (WAI/W3C)
Received on Friday, 17 January 2020 11:54:40 UTC