Designing for accessibility — you can help!
We have the concept of designing for accessibility for the disabled, but we need to include the idea of designing on the web for accessibility to those who are reaching us through national firewalls, or simply concerned with privacy and security. In cooperation with Reporters without Borders, I’m putting together a guide for safer anonymous use of the Internet, this summer.
Right now, we’re documenting and collecting methods that compromise privacy even with the use of anonymity software such as Tor.
Use of some technologies will make a site inaccessible to people practicing “safe surfing.” For example, people with concerns about strong anonymity will surf with javascript turned off in their browsers. If you are concerned that your site should be accessible particularly to users in countries with free speech restrictions, you need to design a site that does not use javascript for anything crucial to navigation or understanding the site.
Javascript can be “leaky” — as a server-side technology (code that is sent from the web site to be run on the surfer’s machine) the user has no control over what a bit of javascript code will ask for. Javascript can reveal the true IP number of a user shielded by a proxy, among other information.
Another piece of code we advise anonymity users to bypass is the Adobe PDF plug in. At the time I write this, this plug in ignores the proxy settings on the user’s machine, and fetches the file to display in the browser window directly. I’ve sent email to Adobe hoping they’ll fix this problem before we publish our guide in the fall.
If you are a person who plays with network security, we’d like you to find ways that plug-ins, applications and system settings can by-pass proxy settings and compromise user anonymity. Comment here contact us through http://tor.eff.org/. Thanks!
ska
January 7, 2007 @ 3:08 am
>Javascript can be “leaky” — as a server-side technology
Thats nonsense. You give the right description –
>code that is sent from the web site to be run on the surfer’s machine
but that is called *client*-side.
>the user has no control over what a bit of javascript code will ask for
Thats incorrect too. As a client-side app you can control JS code and deny or allow certain actions. That’s how Privoxy works, and the bunch of other proxies. The problem is that the only reliable way to control JS is from browser which implements JS-machine, in all other cases JS code can be obfuscated etc. And the browsers’ developers don’t want to spend their time on such a feature – that’s understandable..
>Javascript can reveal the true IP number
How?! JS by itself in a properly written JS machine cant obtain IP address of the computer it runs on. Of course it can create cookie and that cookie will become an identifying sign for everyone who sees it; further you use the browser without Tor with the cookie set in the Tor mode – and you are caught 🙂
christian forex
February 8, 2007 @ 4:41 pm
i refer java over anything else.. cookies arent a problem most of the time..
gicu
August 11, 2007 @ 8:52 pm
http://msdonline.ro
jumpinworld » Blog Archive » Designing for accessibility — you can help!
October 12, 2007 @ 3:38 pm
[…] continued here « Devaluing anonymous political […]
unix linux
January 13, 2008 @ 11:21 pm
>Javascript can be “leaky” — as a server-side technology
Thats nonsense. You give the right description –
>code that is sent from the web site to be run on the surfer’s machine
but that is called *client*-side.
php, mysql
January 13, 2008 @ 11:22 pm
>Javascript can reveal the true IP number
How?! JS by itself in a properly written JS machine cant obtain IP address of the computer it runs on. Of course it can create cookie and that cookie will become an identifying sign for everyone who sees it; further you use the browser without Tor with the cookie set in the Tor mode – and you are caught
рецепты курица
January 13, 2008 @ 11:32 pm
В советское время рецепты салатов «Столичный» и «Оливье» неоднократно ухудшались, одни ингредиенты заменялись другими. В наше время под названием «салат Оливье» подразумевается смесь варёного картофеля, майонеза, солёных или маринованных огурцов, зелёного горошка и иногда колбасы или курицы, и к настоящему салату «Оливье» отношения, разумеется, не имеет. Простота изготовления и доступность ингредиентов сделали этот салат чрезвычайно популярным блюдом как в советские годы (он был непременным атрибутом советского праздничного стола на 7 ноября и Новый год), так и в наши дни. Другое название современного рецепта этого салата — «Зимний» (возникло из-за того, что его ингредиенты легко доступны в зимнее время, в отличие от ингредиентов «летних» салатов).
net-market
March 23, 2008 @ 2:02 pm
You talk about cookies, and java, and activeX and I am sure these are all security “problems”. However, there are a lot more. Pentium IIIs and better each have a personal ID in them,and I have a hard time believing the bios can disable it, after all, it is an op code. Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. I am sure there is more, but this should be enough to make you think.
Jewelry Directory
May 14, 2008 @ 3:18 pm
i think java scripts can do it .
oyun indir
July 27, 2008 @ 11:56 am
thanxx
JJC
February 12, 2009 @ 12:53 pm
You talk about cookies, and java, and activeX and I am sure these are all security “problems”. However, there are a lot more. Pentium IIIs and better each have a personal ID in them,and I have a hard time believing the bios can disable it, after all, it is an op code. Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. I am sure there is more, but this should be enough to make you think.
Oteller
May 22, 2009 @ 4:13 pm
We hope this year will end the economic crisis
alyans
October 17, 2009 @ 4:54 am
Thanks for your suggestions…
image share
February 2, 2010 @ 6:35 am
bu blog bence daha fazla yazı ve bilgi içermeli, editör daha fazla konuyu bu forumda paylaşmalı, eğer türkçe bölümde açılırsa ben bu konuda yazılarımı gönderebilirim..
Wrought iron gates
May 11, 2010 @ 1:54 am
Thanks share.this is a great article.
ankara otelleri
May 28, 2010 @ 5:37 pm
Hi, I hope it’s good for my writing assignments, if I get a note if I do not repeat here
Artem
June 8, 2010 @ 3:36 am
Thanks for your suggestions
Snooker Cues and Equipment
August 1, 2010 @ 6:12 pm
thanks for the info it was very informative 🙂
cheap louis vuitton
August 2, 2010 @ 5:07 am
good
kiev callgirl
October 1, 2010 @ 6:41 am
gerat
проститутки
October 1, 2010 @ 6:43 am
Thank you for taking the time to post!
проститутки киева
October 1, 2010 @ 6:45 am
I had trouble finding this information on the Internet!
ugg киев купить, уги в киеве
October 1, 2010 @ 6:46 am
I agree that some things probably could be done differently
ygs puan hesaplama
October 30, 2010 @ 8:50 am
Great, thanks
Фильмы Онлайн
July 9, 2011 @ 10:08 am
Great, thanks. Very cool post
olympus sp800
September 8, 2011 @ 8:28 am
Also, I suspect that most bios have a serial number that could be accessed, and what about your windows key code, your ethernet card’s mac address. Javascript can reveal the true IP number of a user shielded by a proxy, among other information.
toner dolum
December 1, 2011 @ 2:33 pm
In addition, many people need these informations everyday.
рецепты
January 26, 2012 @ 11:59 am
http://receptisalatov.com/ рецепты салатов
Wedding Band Scotland
June 26, 2012 @ 9:24 am
Its a shame to ignore the great possibilites that the use of javascript can present especially the powerful jquery library. That said, one must be exceptionally careful that it is not left open to exploit. One of the major problems is the use of scripts blindly, ie including scripts that people have shared online without understanding all of the implications. I would also apply the term client-side technology to javascript rather than server-side.
baki karakoc
September 5, 2012 @ 5:36 pm
Great, thanks sharing
Car Tint Brisbane
December 22, 2012 @ 4:01 am
Thank you. An issue that can be easily overlooked.
Window Tinting Brisbane
December 22, 2012 @ 4:03 am
I hope Adobe has now fixed this.
טבעת אירוסין
December 31, 2012 @ 10:18 am
Bravo, I enjoyed every moment of reading this, and I really appreciate stating this.