- From: Chaals McCathie Nevile <chaals@yandex-team.ru>
- Date: Wed, 06 Apr 2016 15:39:41 +0200
- To: w3c-wai-ig@w3.org
Hello, On Wed, 06 Apr 2016 14:50:04 +0200, Daisuke MIYAMOTO <daisu-mi@nc.u-tokyo.ac.jp> wrote: > I'm working on phishing prevention, and am concerned with > accessibility for people with disabilities. I'm afraid but > many security information, e.g., address bar colored green, > is really important for distinguishing legitimate sites, but > individuals with visual impairment are hard to recognize it. > > My team has interviewed with people with disabilities, > and found the current screen reader applications are not so > efficient to prevent phishing. This was briefly summarized and > available at my github repo as follows: > > https://github.com/daisu-mi/document/ > > Does anyone have information for protecting individuals with > visual impairments from phishing attacks? Normal browser security indicators in toolbars are only sometimes available to screenreaders. But browsers often put up a warning page when a user tries to navigate to something marked as malware by a browser, and that page is generally "reasonably" accessible to screen reader users. I think the common problems are: 1. email-based attacks, as you note. I believe some webmail services provide some protection from attachments, but I am not sure if dedicated email clients do the same. 2. Normal websites, that ask for sensitive information such as passwords which can be used to spend real money, on pages that are not secure. In many cases screen reader users don't *know* whether the page is secured. As well as providing shortcuts to security information - which can be done in browsers today - having the ability to state the security state in the title of the page, so it cannot be faked by the page itself, would be a simple technique for browsers to implement. cheers Chaals -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Wednesday, 6 April 2016 13:40:46 UTC