Designing for accessibility — you can help!

We have the concept of designing for accessibility for the disabled, but we need to include the idea of designing on the web for accessibility to those who are reaching us through national firewalls, or simply concerned with privacy and security. In cooperation with Reporters without Borders, I’m putting together a guide for safer anonymous use of the Internet, this summer.

Right now, we’re documenting and collecting methods that compromise privacy even with the use of anonymity software such as Tor.

Use of some technologies will make a site inaccessible to people practicing “safe surfing.” For example, people with concerns about strong anonymity will surf with javascript turned off in their browsers. If you are concerned that your site should be accessible particularly to users in countries with free speech restrictions, you need to design a site that does not use javascript for anything crucial to navigation or understanding the site.

Javascript can be “leaky” — as a server-side technology (code that is sent from the web site to be run on the surfer’s machine) the user has no control over what a bit of javascript code will ask for. Javascript can reveal the true IP number of a user shielded by a proxy, among other information.
Another piece of code we advise anonymity users to bypass is the Adobe PDF plug in. At the time I write this, this plug in ignores the proxy settings on the user’s machine, and fetches the file to display in the browser window directly. I’ve sent email to Adobe hoping they’ll fix this problem before we publish our guide in the fall.

If you are a person who plays with network security, we’d like you to find ways that plug-ins, applications and system settings can by-pass proxy settings and compromise user anonymity. Comment here contact us through http://tor.eff.org/. Thanks!

33 Comments

  1. ska

    January 7, 2007 @ 3:08 am

    1

    >Javascript can be “leaky” — as a server-side technology
    Thats nonsense. You give the right description –
    >code that is sent from the web site to be run on the surfer’s machine
    but that is called *client*-side.
    >the user has no control over what a bit of javascript code will ask for
    Thats incorrect too. As a client-side app you can control JS code and deny or allow certain actions. That’s how Privoxy works, and the bunch of other proxies. The problem is that the only reliable way to control JS is from browser which implements JS-machine, in all other cases JS code can be obfuscated etc. And the browsers’ developers don’t want to spend their time on such a feature – that’s understandable..
    >Javascript can reveal the true IP number
    How?! JS by itself in a properly written JS machine cant obtain IP address of the computer it runs on. Of course it can create cookie and that cookie will become an identifying sign for everyone who sees it; further you use the browser without Tor with the cookie set in the Tor mode – and you are caught 🙂

  2. christian forex

    February 8, 2007 @ 4:41 pm

    2

    i refer java over anything else.. cookies arent a problem most of the time..

  3. gicu

    August 11, 2007 @ 8:52 pm

  4. jumpinworld » Blog Archive » Designing for accessibility — you can help!

    October 12, 2007 @ 3:38 pm

    4

    […] continued here « Devaluing anonymous political […]

  5. unix linux

    January 13, 2008 @ 11:21 pm

    5

    >Javascript can be “leaky” — as a server-side technology
    Thats nonsense. You give the right description –
    >code that is sent from the web site to be run on the surfer’s machine
    but that is called *client*-side.

  6. php, mysql

    January 13, 2008 @ 11:22 pm

    6

    >Javascript can reveal the true IP number
    How?! JS by itself in a properly written JS machine cant obtain IP address of the computer it runs on. Of course it can create cookie and that cookie will become an identifying sign for everyone who sees it; further you use the browser without Tor with the cookie set in the Tor mode – and you are caught

  7. рецепты курица

    January 13, 2008 @ 11:32 pm

    7

    В советское время рецепты салатов «Столичный» и «Оливье» неоднократно ухудшались, одни ингредиенты заменялись другими. В наше время под названием «салат Оливье» подразумевается смесь варёного картофеля, майонеза, солёных или маринованных огурцов, зелёного горошка и иногда колбасы или курицы, и к настоящему салату «Оливье» отношения, разумеется, не имеет. Простота изготовления и доступность ингредиентов сделали этот салат чрезвычайно популярным блюдом как в советские годы (он был непременным атрибутом советского праздничного стола на 7 ноября и Новый год), так и в наши дни. Другое название современного рецепта этого салата — «Зимний» (возникло из-за того, что его ингредиенты легко доступны в зимнее время, в отличие от ингредиентов «летних» салатов).

  8. net-market

    March 23, 2008 @ 2:02 pm

    8

    You talk about cookies, and java, and activeX and I am sure these are all security “problems”. However, there are a lot more. Pentium IIIs and better each have a personal ID in them,and I have a hard time believing the bios can disable it, after all, it is an op code. Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. I am sure there is more, but this should be enough to make you think.

  9. Jewelry Directory

    May 14, 2008 @ 3:18 pm

    9

    i think java scripts can do it .

  10. oyun indir

    July 27, 2008 @ 11:56 am

    10

    thanxx

  11. JJC

    February 12, 2009 @ 12:53 pm

    11

    You talk about cookies, and java, and activeX and I am sure these are all security “problems”. However, there are a lot more. Pentium IIIs and better each have a personal ID in them,and I have a hard time believing the bios can disable it, after all, it is an op code. Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. I am sure there is more, but this should be enough to make you think.

  12. Oteller

    May 22, 2009 @ 4:13 pm

    12

    We hope this year will end the economic crisis

  13. alyans

    October 17, 2009 @ 4:54 am

    13

    Thanks for your suggestions…

  14. image share

    February 2, 2010 @ 6:35 am

    14

    bu blog bence daha fazla yazı ve bilgi içermeli, editör daha fazla konuyu bu forumda paylaşmalı, eğer türkçe bölümde açılırsa ben bu konuda yazılarımı gönderebilirim..

  15. Wrought iron gates

    May 11, 2010 @ 1:54 am

    15

    Thanks share.this is a great article.

  16. ankara otelleri

    May 28, 2010 @ 5:37 pm

    16

    Hi, I hope it’s good for my writing assignments, if I get a note if I do not repeat here

  17. Artem

    June 8, 2010 @ 3:36 am

    17

    Thanks for your suggestions

  18. Snooker Cues and Equipment

    August 1, 2010 @ 6:12 pm

    18

    thanks for the info it was very informative 🙂

  19. cheap louis vuitton

    August 2, 2010 @ 5:07 am

    19

    good

  20. kiev callgirl

    October 1, 2010 @ 6:41 am

    20

    gerat

  21. проститутки

    October 1, 2010 @ 6:43 am

    21

    Thank you for taking the time to post!

  22. проститутки киева

    October 1, 2010 @ 6:45 am

    22

    I had trouble finding this information on the Internet!

  23. ugg киев купить, уги в киеве

    October 1, 2010 @ 6:46 am

    23

    I agree that some things probably could be done differently

  24. ygs puan hesaplama

    October 30, 2010 @ 8:50 am

    24

    Great, thanks

  25. Фильмы Онлайн

    July 9, 2011 @ 10:08 am

    25

    Great, thanks. Very cool post

  26. olympus sp800

    September 8, 2011 @ 8:28 am

    26

    Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. Javascript can reveal the true IP number of a user shielded by a proxy, among other information.

  27. toner dolum

    December 1, 2011 @ 2:33 pm

    27

    In addition, many people need these informations everyday.

  28. рецепты

    January 26, 2012 @ 11:59 am

    28

    http://receptisalatov.com/ рецепты салатов

  29. Wedding Band Scotland

    June 26, 2012 @ 9:24 am

    29

    Its a shame to ignore the great possibilites that the use of javascript can present especially the powerful jquery library. That said, one must be exceptionally careful that it is not left open to exploit. One of the major problems is the use of scripts blindly, ie including scripts that people have shared online without understanding all of the implications. I would also apply the term client-side technology to javascript rather than server-side.

  30. baki karakoc

    September 5, 2012 @ 5:36 pm

    30

    Great, thanks sharing

  31. Car Tint Brisbane

    December 22, 2012 @ 4:01 am

    31

    Thank you. An issue that can be easily overlooked.

  32. Window Tinting Brisbane

    December 22, 2012 @ 4:03 am

    32

    I hope Adobe has now fixed this.

  33. טבעת אירוסין

    December 31, 2012 @ 10:18 am

    33

    Bravo, I enjoyed every moment of reading this, and I really appreciate stating this.

Log in