Re: Initial Accessibility related review of Privacy Threat Model spec from Pete Snyder on 2020-01-20 (public-privacy@w3.org from January to March 2020)

From: Pete Snyder <psnyder@brave.com>
Date: Mon, 20 Jan 2020 11:07:10 +0000
To: Joshue O Connor <joconnor@w3.org>
Cc: Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <722AB582-44A3-4437-AB96-DD2A0903EC8F@brave.com>
Hi Joshue,

Just wanted to second Christine on this, and say thank you very much for taking the time to go through the document!

The document is still very under-development, but once its in a more-final-form, would you be available to talk with us for 30min sometime, both to make sure the document includes more of your expertise, and to make sure the privacy model we’re forming around doesn’t rule out / make unnecessarily-difficult accessibility features.

I expect this is still weeks, if not months out, but wanted to see if that’d be of interest / possibility.

Thanks again!
Pete

> On Jan 17, 2020, at 4:06 PM, Joshue O Connor <joconnor@w3.org> wrote:
> 
> Christine Runnegar wrote on 17/01/2020 16:02:
>> Many thanks Joshue for reviewing the working draft of Privacy Threat model. I’m sure Jeffrey and Tom will find this most useful, and any other thoughts you might have.
> 
> Great stuff.  I'm very happy to discuss further.
> 
>> On the browser fingerprinting side, have you seen PING’s Group Note on Mitigating Browser Fingerprinting in Web Specifications
>> 
>> Link: https://www.w3.org/TR/fingerprinting-guidance/
> 
> I've not seen this! Very helpful and I look forward to reviewing that, will have a look and feedback.
> 
> Thanks a mil
> 
> Josh
> 
>> 
>> Christine
>> 
>>> On 17Jan2020, at 3:54 AM, Joshue O Connor <joconnor@w3.org> wrote:
>>> 
>>> Hi all,
>>> 
>>> I've had a look at the 'Privacy Threat Model' spec and here are my thoughts. Note, this does not represent a formal review from APA (chairs list cc'ed here) but I hope it is useful.
>>> 
>>> From an accessibility perspective, under the 'High Level Threats' section there are attacker goals that will be useful to discuss. In particular with regard to browser fingerprinting of people with disabilities due to their bespoke personalisation settings and Assistive Technologies. These could be high-contrast mode, or large text sizes, but are not limited to that. [1]
>>> 
>>> For example, Symbol sets (AAC type) may be used as a default in the browser, which if 'seen' by an attacker can arguably be used to identify a user with a cognitive disability. [2]
>>> 
>>> Also currently under some of the brainstormed threats - you have listed:
>>> 
>>> #Benign information disclosure (connected hardware [game controller or assistive device], system preferences [like dark mode]…)
>>> 
>>> I think the classification for some accessibility related use cases would be 'Sensitive Information'. I'm thinking this kind of personalisation requests to user agents, or the disclosure of information regarding potentially vulnerable people, may be better thought of as 'Sensitive' and treated as such. The potential threat to the individual should taken as seriously as access to someone's credit card information IMO.
>>> 
>>> From my reading of the Threat model spec, these threats are mostly of the type, 'Correlation', 'Disclosure' threats.
>>> 
>>> Regarding the Anti-Tracking table (and boy is that vertical text hard to read - also it is not clear exactly what text relates to what - so a suitable caption is required at a minimum).
>>> 
>>> There is some very interesting stuff in there, and I'm wondering if this is the place for something on the threat of browser fingerprinting and for ideas on combatting it? Apologies if fingerprinting related use cases etc belong in some other spec, please advise.
>>> 
>>> As a final thought as user customisation and personalization relating to creating more accessible UIs becomes more advanced, issues of privacy etc will become much more relevant. For example, APA have recently published a spec 'Personalization Semantics Content Module 1.0' that proposed use cases and a vocabulary of accessibility related semantics that can be used to customise a UI.
>>> 
>>> From the perspective of the PING, the mere presence of these semantics within a source file, could be used to identify a person with a disability using these type of UIs (if enabled in the browser via a user preference.)
>>> 
>>> I hope this help, comments etc welcome.
>>> 
>>> Thanks
>>> 
>>> Josh
>>> 
>>> [1] https://w3cping.github.io/privacy-threat-model/#high-level-threats
>>> 
>>> [2] https://globalsymbols.com/symbolsets?locale=en
>>> 
>>> [3] https://raw.githack.com/w3c/personalization-semantics/f48303d97b8744887549c032f6ea9954d13fe165/content/index.html
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Emerging Web Technology Specialist/Accessibility (WAI/W3C)
>>> 
> 
> 
> -- 
> Emerging Web Technology Specialist/Accessibility (WAI/W3C)
Received on Monday, 20 January 2020 11:07:19 UTC