describing the privacy threat of disclosure of use of assistive technology
npdoty opened this issue · 1 comments
The Privacy Considerations section notes that there is a potential threat in describing different content to users who are using assistive technology that the author could subsequently observe from their behavior (that you clicked on a particular link, etc.) that a user was likely employing that technology. The text notes this as an active fingerprinting concern. That is possible, it could be an additional bit of potentially identifying information that could be added to a larger fingerprint.
Is it just using-accessible-technology-or-not, or could this be used to figure out exactly what kind of assistive technology is in use?
I would emphasize more that it's a potential disclosure of potentially sensitive information about the user (that they may need assistance of a particular kind).
This particular issue is broader than ARIA, JavaScript itself being the main culprit for privacy risk. The Working Group asked the TAG for guidance on how this affects ARIA, based on the more serious implications in other core web technologies like the JavaScript even model.
Closing as duplicate of w3ctag/design-principles#293