This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23614 - accessKeyLabel can expose new information about the user and possibly also other origins
Summary: accessKeyLabel can expose new information about the user and possibly also ot...
Status: RESOLVED MOVED
Alias: None
Product: HTML.next
Classification: Unclassified
Component: default (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Charles McCathieNevile
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords: a11y, a11ytf, a11y_focus
: 10994 (view as bug list)
Depends on: 10888 10994 23613
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-23 20:05 UTC by Mark Sadecki
Modified: 2016-04-11 13:41 UTC (History)
11 users (show)

See Also:

Attachments

Description Mark Sadecki 2013-10-23 20:05:12 UTC 
+++ This bug was initially created as a clone of Bug #10994 +++

Since accesskeys are chosen depending on the user's platform and available keys and available key bindings in the browser/OS, accesskeyLabel exposes that information about the user which was not possible before, i.e. it increases the fingerprinting.

Moreover, if a browser considers accesskeys from cross-origin iframes when assigning a key, accessKeyLabel exposes information about the cross-origin iframed document (if it uses accesskeys) which was not possible before, e.g. it might be possible to tell if the user is logged in on the other site.
Comment 1 Charles McCathieNevile 2016-02-23 15:55:55 UTC 
*** Bug 10994 has been marked as a duplicate of this bug. ***
Comment 2 Charles McCathieNevile 2016-04-11 13:41:55 UTC 
We moved accessKeyLabel to WICG, since it had one buggy implementation and it would be nice if it were improved before we got more of them.

https://discourse.wicg.io/t/accesskeylabel-author-accessible-info-about-shortcuts/1392