[Bug 13617] New: Protecting privacy of accessibility settings

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13617

           Summary: Protecting privacy of accessibility settings
           Product: HTML WG
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: a11y, a11ytf
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: gcl-0039@access-research.org
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org, public-html-a11y@w3.org


HTML5 needs to address concerns about the privacy of a user's accessibility
settings. A user should be able to use a web site or document confident that
its owners will not be able to infer the user's disabilities merely by querying
settings in the user's browser, or at least not without their permission. This
will avoid the risk of such information to be sold or used to discriminate
against the user in hiring, housing, obtaining insurance, etc.

We have already identified several ways that malicious web content could get
such accessibility information, but there are undoubtedly more. Both their
levels of risk and options for guarding them vary widely. It is possible that
some information could be guarded using voluntary disclosure, allowing the user
to choose which components can have access to potentially sensitive
information.

Examples include: querying the browser identity and finding it is an
accessibility aid (e.g. Emacspeak); looking at size or color of rendered
elements to identify large print or high contrast settings (e.g. from a user
style sheet, or from disabling the option that lets sites choose their own
fonts and colors); querying platform and user agent accessibility settings that
may be exposed in the future (e.g. script asking for the platform's "High
Contrast Mode" flag, which is not currently exposed but may/should be in the
future); watching to see whether controls are activated using mouse or keyboard
(e.g. whether control activation is preceded by mousedown or keydown);
detecting that display of images is disabled (e.g. images embedded on the page
are not being downloaded from the server); examining the DOM for accesskeys or
labels added by the user agent (e.g. the Mouseless Browsing browser extension).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Wednesday, 3 August 2011 18:23:53 UTC