Addressing screen reader privacy concerns for ACTION-80: https://www.w3.org/WAI/IndieUI/track/actions/80
--- a/src/indie-ui-context.html Thu May 01 09:50:51 2014 -0700
+++ b/src/indie-ui-context.html Sat May 03 18:01:40 2014 -0700
@@ -152,7 +152,7 @@
</dd>
</dl>
- <p class="note">Standard vendor prefixes (<code>ie</code>, <code>moz</code>, <code>o</code>, <code>webkit</code>) are reserved, and any additional implementation or external taxonomy identifiers may be defined in a supplemental, informative document.</p>
+ <p class="note">Standard vendor prefixes (<code>ie</code>, <code>moz</code>, <code>o</code>, <code>webkit</code>) are reserved. Any additional implementation, host language, or external taxonomy identifiers may be defined in a supplemental working group document.</p>
</section>
<!-- :::::::::::::::::::: END Window Interface :::::::::::::::::::: -->
@@ -988,8 +988,17 @@
<dd>prompt with author-provided justification</dd>
</dl>
+ <p>User Agents MUST NOT implement high security features like <code>screenreader<code> settings until the user <a href="#privacy-model">privacy model</a> is implemented. User Agents MUST allow users to control sharing of prompted settings on a per-domain basis.</p>
+
<p>Web authors SHOULD NOT request any keys in this category unless the knowledge is essential to the operation of the web application, and web authors MUST provide a justification for the request as defined in @@ section.</p>
+ <d class="ednote">
+ <h5>Editorial Note on User Privacy</h3>
+ <p>Due to community feedback related to privacy, this feature may be marked as at-risk or removed. The working group acknowledges its usefulness in complex web applications such as enterprise document-editing suites, but also acknowledges the fact that its utility may be easily misunderstood or potentially misused.</p>
+ <p>For example, the typing echo or other verbosity settings would be useful today, for sites such as Google Docs and iWork for iCloud. These applications use custom display views that are not able to be made accessible through conventional means, so speech output is controlled via live region announcements. The web application does not otherwise have access to user settings such as typing echo, so without access to this feature, the web application could not mimic the user's preferred output.</p>
+ <p>One potential misuse is for user metric or tracking. Even with the <a href="http://www.marcozehe.de/2014/02/27/why-screen-reader-detection-on-the-web-is-a-bad-thing/comment-page-1/#comment-2466420">best of intentions</a>, this is a potentially harmful misuse of the API. There are currently very strict user <a href="#privacy-model">privacy model</a> requirements to implement this feature in a reasonably safe and secure way, but if the working group is not comfortable in the implementation's ability to sufficiently prevent this type of misuse, we will remove the feature.</p>
+ </div>
+
<section id="screenreader">
<h4 class="settings-key">Key: <code>screenreader</code></h4>
<p>Returns whether a screen reader is currently active (active) or not (none).</p>
@@ -1027,10 +1036,10 @@
</section>
</section>
- <!-- need to consider these a bit more
<section id="screenreader-typing-echo">
<h4 class="settings-key">Key: <code>screenreader-typing-echo</code></h4>
- <p>Returns a value indicating whether typed speech from a screen reader echos words, characters, both, or none.</p>
+ <p>Returns a value indicating whether typing in text fields causes a screen reader echos whole words, characters, both, or none.</p>
+ <p>
<dl class="properties">
<dt>Has Associated Media Feature</dt>
@@ -1046,6 +1055,7 @@
</section
+ <!-- need to consider these a bit more
<section id="screenreader-words-per-minute">
<h4 class="settings-key">Key: <code>screenreader-words-per-minute</code></h4>
<p>Returns a number indicating the approximate words-per-minute rate of a screen reader user's text-to-speech settings.</p>
@@ -1070,7 +1080,7 @@
<!-- :::::::::::::::::::: END userScreenReaderSettings :::::::::::::::::::: -->
<p class="todo">Todo: Probably need additional categories for screen magnifiers (active/none, scale factor), switch control software (active/none), and the more general "api-compatible" key which could be used for automation scripts in addition to real assistive technology.</p>
- <p class="todo">Todo: Need a mockup of an example user prompt with displayed justification string.</p>
+ <p class="todo">Todo: Need a mockup screen shot of an example user prompt with displayed justification string.</p>
</section>