Issue 948 SC 1.3.5 Identify Input Purpose - autocomplete technique VS Privacy/Security

Hi everyone (and particularly John & Lisa),

I'd like to run a proposed response past the group before posting to github (and notifying the commenter before the group gets a chance to review).

https://github.com/w3c/wcag21/issues/948

I'd summarise the core issue as: using autocomplete/autofill could be an issue for privacy/security for people using shared devices (e.g. family computer), and autcomplete shouldn't be proposed as a technique to fulfil it.

You can read the back and forth on the thread, but I'm proposing the response is:

The working group have considered the security and privacy aspects of this, and whilst it must be acknowledged there may be some circumstances in which a user would not want fields identified and auto-filled, the working group feel the benefits outweigh the risks.

Mitigating factors include:

- This is functionality that is already available in user-agents, and used by some websites already.
- It is something that must be enabled within the user-account and browser of the device used.
- People can use various privacy features if that is a requirement.

Currently the autocomplete attribute (for autofill) is the best supported method, so that will be the first technique provided.


Personally, I don't see it as an issue, but I'd appreciate a review from others familiar with autocomplete.

Kind regards,

-Alastair

Received on Tuesday, 5 June 2018 20:17:00 UTC