13617 – Protecting privacy of accessibility settings

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 13617 - Protecting privacy of accessibility settings

Summary: Protecting privacy of accessibility settings

Status:	RESOLVED INVALID

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	LC1 HTML5 spec (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ian 'Hixie' Hickson
QA Contact:	HTML WG Bugzilla archive list

URL:
Whiteboard:
Keywords:	a11y

Depends on:
Blocks:	13619
	Show dependency tree / graph

Reported:	2011-08-03 18:23 UTC by Greg Lowney
Modified:	2012-01-11 18:42 UTC (History)
CC List:	8 users (show)

See Also:

Attachments

Description Greg Lowney 2011-08-03 18:23:47 UTC

HTML5 needs to address concerns about the privacy of a user's accessibility settings. A user should be able to use a web site or document confident that its owners will not be able to infer the user's disabilities merely by querying settings in the user's browser, or at least not without their permission. This will avoid the risk of such information to be sold or used to discriminate against the user in hiring, housing, obtaining insurance, etc.

We have already identified several ways that malicious web content could get such accessibility information, but there are undoubtedly more. Both their levels of risk and options for guarding them vary widely. It is possible that some information could be guarded using voluntary disclosure, allowing the user to choose which components can have access to potentially sensitive information.

Examples include: querying the browser identity and finding it is an accessibility aid (e.g. Emacspeak); looking at size or color of rendered elements to identify large print or high contrast settings (e.g. from a user style sheet, or from disabling the option that lets sites choose their own fonts and colors); querying platform and user agent accessibility settings that may be exposed in the future (e.g. script asking for the platform's "High Contrast Mode" flag, which is not currently exposed but may/should be in the future); watching to see whether controls are activated using mouse or keyboard (e.g. whether control activation is preceded by mousedown or keydown); detecting that display of images is disabled (e.g. images embedded on the page are not being downloaded from the server); examining the DOM for accesskeys or labels added by the user agent (e.g. the Mouseless Browsing browser extension).

Comment 1 Michael[tm] Smith 2011-08-04 05:05:11 UTC

mass-moved component to LC1

Comment 2 Anne 2011-08-15 16:32:39 UTC

EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: <http://dev.w3.org/html5/decision-policy/decision-policy.html>.

Status: Rejected
Change Description: no spec change
Rationale: This seems out of scope for HTML. If there are specific features of HTML that have privacy issues that are not already mentioned by the draft, please file an issue on those.

Comment 3 Michael Cooper 2012-01-11 18:42:26 UTC

Bug triage sub-team thinks this is a valid issue but unsure who the owner should be. Not sure it is in fact in the HTML space, perhaps UAAG or the Privacy Activity should address. The issue is privacy in general, not accessibility specifically. As far as this bug goes, we have decided not to pursue further.