E-mail List Archives

Re: [WebAIM Forum] Hyperlink Accessibility vs. Security

for

From: Jonathan Avila
Date: Sep 28, 2017 3:52PM


> Pretty much, basically the hyperlink is the URL and not meaningful at all

From a WCAG perspective if the link text is ambiguous to all users it's not a violation of WCAG 2 A/AA. There is more of an impact to users with disabilities than users without disabilities but it would pass.

Jonathan

Jonathan Avila
Chief Accessibility Officer
Level Access, inc. (formerly SSB BART Group, inc.)
(703) 637-8957
<EMAIL REMOVED>
Visit us online: Website | Twitter | Facebook | LinkedIn | Blog
Looking to boost your accessibility knowledge? Check out our free webinars!

The information contained in this transmission may be attorney privileged and/or confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited.

-----Original Message-----
From: WebAIM-Forum [mailto: <EMAIL REMOVED> ] On Behalf Of Carly Gerard
Sent: Thursday, September 28, 2017 5:43 PM
To: WebAIM Discussion List < <EMAIL REMOVED> >
Subject: Re: [WebAIM] [WebAIM Forum] Hyperlink Accessibility vs. Security

Pretty much, basically the hyperlink is the URL and not meaningful at all. From my end a little bit annoying! Am curious if anyone has encountered something like that before, or suggestions to advocate the importance of accessibility without dismissing security concerns.

From: WebAIM-Forum < <EMAIL REMOVED> > on behalf of Angela French < <EMAIL REMOVED> >
Sent: Thursday, September 28, 2017 2:37:51 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] [WebAIM Forum] Hyperlink Accessibility vs. Security

OH, you mean to just spell out a URL and not make it a hyperlink at all? Ugh.

-----Original Message-----
From: WebAIM-Forum [mailto: <EMAIL REMOVED> ] On Behalf Of Carly Gerard
Sent: Thursday, September 28, 2017 1:39 PM
To: WebAIM Discussion List < <EMAIL REMOVED> >
Subject: Re: [WebAIM] [WebAIM Forum] Hyperlink Accessibility vs. Security


No worries Angela, I can try to explain better--although that's another good point to consider, the fact that URLs may be malicious in themselves. We know that hyperlinks need to have meaningful text to be accessible to AT, such as in the following example:

<a href="https://domain.com/link-to-pdf ">Open Example PDF</a>

In this case, a user would see the hyperlink as "Open Example PDF," and wouldn't see the actual URL. According to the email I received from our tech services, however, it sounds like they've heard to make the URL visible (and not use meaningful hyperlink text) for security purposes. Brief searches online have led me to phishing awareness articles that have also suggested this practice.


This leads me to wonder how to consider both accessibility and security in this matter, and how I should start that discussion.


I hope my explanation makes sense, and that maybe there's a reasonable solution.

From: WebAIM-Forum < <EMAIL REMOVED> > on behalf of Angela French < <EMAIL REMOVED> >
Sent: Thursday, September 28, 2017 12:11:09 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] [WebAIM Forum] Hyperlink Accessibility vs. Security

Perhaps I am misunderstanding you, but you can still have a bad link behind what looks like a good one . For example:

<a href="www.malicioussite.com">www.goodsite.com</a<http://www.malicioussite.com">www.goodsite.com</a<http://www.malicioussite.com">www.goodsite.com</a<http://www.malicioussite.com">www.goodsite.com</a>>>

-----Original Message-----
From: WebAIM-Forum [mailto: <EMAIL REMOVED> ] On Behalf Of Carly Gerard
Sent: Thursday, September 28, 2017 11:13 AM
To: WEBAim Forum < <EMAIL REMOVED> >
Subject: [WebAIM] [WebAIM Forum] Hyperlink Accessibility vs. Security

Hello WebAIM,


I have gotten questions from fellow colleagues in tech services about embedding links in text (i.e. meaningful hyperlinks). They seem to understand the need for it as far as accessibility goes, but are also concerned about phishing attempts. According to our tech user services department, making URLs visible is a good practice in preventing phishing attempts both ways. Kaspersky did an article that verifies not opening embedded links<https://usa.kaspersky.com/resource-center/preemptive-safety/phishing-prevention-tips>, but I'm not sure when it was written.


Has anyone encountered security issues from using meaningful hyperlink text and not making the URL visible?


Thank you,


Carly


Carly Gerard | Web Accessibility Developer <EMAIL REMOVED> <mailto: <EMAIL REMOVED> >
Web Communication Technologies
University Relations & Marketing
How did I do? Please leave feedback.<https://wwu.az1.qualtrics.com/jfe/form/SV_br2NhzupyEtQTTT?Q_SDID=SD_87CoVYO6SFgylVz>