Initial Accessibility related review of Privacy Threat Model spec

Hi all,

I've had a look at the 'Privacy Threat Model' spec and here are my 
thoughts. Note, this does not represent a formal review from APA (chairs 
list cc'ed here) but I hope it is useful.

 From an accessibility perspective, under the 'High Level Threats' 
section there are attacker goals that will be useful to discuss. In 
particular with regard to browser fingerprinting of people with 
disabilities due to their bespoke personalisation settings and Assistive 
Technologies. These could be high-contrast mode, or large text sizes, 
but are not limited to that. [1]

For example, Symbol sets (AAC type) may be used as a default in the 
browser, which if 'seen' by an attacker can arguably be used to identify 
a user with a cognitive disability. [2]

Also currently under some of the brainstormed threats - you have listed:

#Benign information disclosure (connected hardware [game controller or 
assistive device], system preferences [like dark mode]…)

I think the classification for some accessibility related use cases 
would be 'Sensitive Information'. I'm thinking this kind of 
personalisation requests to user agents, or the disclosure of 
information regarding potentially vulnerable people, may be better 
thought of as 'Sensitive' and treated as such. The potential threat to 
the individual should taken as seriously as access to someone's credit 
card information IMO.

 From my reading of the Threat model spec, these threats are mostly of 
the type, 'Correlation', 'Disclosure' threats.

Regarding the Anti-Tracking table (and boy is that vertical text hard to 
read - also it is not clear exactly what text relates to what - so a 
suitable caption is required at a minimum).

There is some very interesting stuff in there, and I'm wondering if this 
is the place for something on the threat of browser fingerprinting and 
for ideas on combatting it? Apologies if fingerprinting related use 
cases etc belong in some other spec, please advise.

As a final thought as user customisation and personalization relating to 
creating more accessible UIs becomes more advanced, issues of privacy 
etc will become much more relevant. For example, APA have recently 
published a spec 'Personalization Semantics Content Module 1.0' that 
proposed use cases and a vocabulary of accessibility related semantics 
that can be used to customise a UI.

 From the perspective of the PING, the mere presence of these semantics 
within a source file, could be used to identify a person with a 
disability using these type of UIs (if enabled in the browser via a user 
preference.)

I hope this help, comments etc welcome.

Thanks

Josh

[1] https://w3cping.github.io/privacy-threat-model/#high-level-threats

[2] https://globalsymbols.com/symbolsets?locale=en

[3] 
https://raw.githack.com/w3c/personalization-semantics/f48303d97b8744887549c032f6ea9954d13fe165/content/index.html 




-- 
Emerging Web Technology Specialist/Accessibility (WAI/W3C)

Received on Friday, 17 January 2020 11:54:40 UTC