Re: Accessibility for trustworthiness indicators

Hello,

On Wed, 06 Apr 2016 14:50:04 +0200, Daisuke MIYAMOTO  
<daisu-mi@nc.u-tokyo.ac.jp> wrote:

> I'm working on phishing prevention, and am concerned with
> accessibility for people with disabilities. I'm afraid but
> many security information, e.g., address bar colored green,
> is really important for distinguishing legitimate sites, but
> individuals with visual impairment are hard to recognize it.
>
> My team has interviewed with people with disabilities,
> and found the current screen reader applications are not so
> efficient to prevent phishing. This was briefly summarized and
> available at my github repo as follows:
>
> https://github.com/daisu-mi/document/
>
> Does anyone have information for protecting individuals with
> visual impairments from phishing attacks? 

Normal browser security indicators in toolbars are only sometimes  
available to screenreaders.

But browsers often put up a warning page when a user tries to navigate to  
something marked as malware by a browser, and that page is generally  
"reasonably" accessible to screen reader users.

I think the common problems are:

1. email-based attacks, as you note. I believe some webmail services  
provide some protection from attachments, but I am not sure if dedicated  
email clients do the same.

2. Normal websites, that ask for sensitive information such as passwords  
which can be used to spend real money, on pages that are not secure. In  
many cases screen reader users don't *know* whether the page is secured.

As well as providing shortcuts to security information - which can be done  
in browsers today - having the ability to state the security state in the  
title of the page, so it cannot be faked by the page itself, would be a  
simple technique for browsers to implement.

cheers

Chaals

-- 
Charles McCathie Nevile - web standards - CTO Office, Yandex
  chaals@yandex-team.ru - - - Find more at http://yandex.com

Received on Wednesday, 6 April 2016 13:40:46 UTC