We'd like to request a privacy review for phase 2 of the Accessibility Object Model, which we're currently implementing experimentally in Chrome.

Here's some text from the current draft of the Accessibility Object Model phase 2 spec
(https://wicg.github.io/aom/spec/phase2.html):

"""
This phase raises some potential privacy concerns. If a web app receives an accessibility input event, it now knows for a fact that assistive technology or some other client of a native accessibility API is running. There is potential that this could be used to track or discriminate against some users.

To address these concerns, a web site should not be able to receive these events until the user has explicitly opted in to allow those events to be received by that web site.

A new web permission should be added, "accessibility-events", with a default value of "ask".

A website can add event listeners to AOM nodes without triggering any permission checks. However, as soon as an accessibility event would trigger an AOM event listener, at that point the user is prompted to see if they want to enable the site to be able to listen for accessibility events.

Example permission dialog text: "The site www.example.com would like to respond to accessibility events." [Allow] [Block]

Because of the potential privacy concerns, maybe this permission should only be available on secure sites? Many other permissions have gone that route.
"""