W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > April to June 2018

Issue 948 SC 1.3.5 Identify Input Purpose - autocomplete technique VS Privacy/Security

From: Alastair Campbell <acampbell@nomensa.com>
Date: Tue, 5 Jun 2018 20:16:26 +0000
To: John Foliot <john.foliot@deque.com>, lisa.seeman <lisa.seeman@zoho.com>
CC: WCAG <w3c-wai-gl@w3.org>
Message-ID: <AM5PR0902MB20028094098D87702613356FB9660@AM5PR0902MB2002.eurprd09.prod.outlook.com>
Hi everyone (and particularly John & Lisa),

I'd like to run a proposed response past the group before posting to github (and notifying the commenter before the group gets a chance to review).


I'd summarise the core issue as: using autocomplete/autofill could be an issue for privacy/security for people using shared devices (e.g. family computer), and autcomplete shouldn't be proposed as a technique to fulfil it.

You can read the back and forth on the thread, but I'm proposing the response is:

The working group have considered the security and privacy aspects of this, and whilst it must be acknowledged there may be some circumstances in which a user would not want fields identified and auto-filled, the working group feel the benefits outweigh the risks.

Mitigating factors include:

- This is functionality that is already available in user-agents, and used by some websites already.
- It is something that must be enabled within the user-account and browser of the device used.
- People can use various privacy features if that is a requirement.

Currently the autocomplete attribute (for autofill) is the best supported method, so that will be the first technique provided.

Personally, I don't see it as an issue, but I'd appreciate a review from others familiar with autocomplete.

Kind regards,

Received on Tuesday, 5 June 2018 20:17:00 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:26 UTC