To my understanding their browser isolation text just renders to canvas on their edge servers (don’t quote me on this). Does canvas provide any accessibility at all and is actually a bigger problem with the creation of that standard / element in HTML5 with text generation? It’s essentially an image block that allows text generation with almost no accessibility in mind? That’s not really Cloudflare’s fault if so.
I agree accessibility needs to be of higher priority. It’s a shame it’s seems to be almost always a secondary priority to everything in tech.
But this post feels like an open letter to some bigger issue when it seems like it’s a very niche and non-common security tool.
> Does canvas provide any accessibility at all and is actually a bigger problem with the creation of that standard / element in HTML5 with text generation? It’s essentially an image block that allows text generation with almost no accessibility in mind? That’s not really Cloudflare’s fault if so.
Not everything needs to be accessible; there are plenty of non-accessible reasonable use cases for canvas.
For example, I made a small game with canvas some years ago. This isn't accessible for blind users, and that's okay. There is no real way to make this accessible as it's fundamentally a graphical game. It's called a disability for a reason: there are some things you just won't be able to do.
The problem isn't with the non-accessible technologies, but when people use this in ways that make every-day stuff required for basic participation inaccessible. That's basically the issue with Cloudflare's product.
Are screen readers capable of reading interfaces generated with QT or other desktop UI toolkits?
A cursory look at QT's documentation seems to indicate that they are aware of screen readers, but I didn't dig deeply enough to find out if they were compatible by default.
I know VoiceOver on OSX can at least read out the interfaces on the included apps, but I also don't know if that's true for every app---or if it actually extends to the browser and canvas/plugin rendered (flash, java, etc.) interfaces.
As an addendum, I'm pretty hopeful that in this decade we'll get AI vision enabled screen readers so anything that's displayable to a sighted person can also be immediately used with some caveats by someone reliant on screen reader.
> Are screen readers capable of reading interfaces generated with QT or other desktop UI toolkits?
Qt is one of the very few UI toolkits that is more or less accessible. And even Qt's accessibility implementation isn't great. My advice for someone implementing a cross-platform desktop app would be to go with something based on the web platform. That doesn't have to be Electron; Tauri [1] looks promising, though I haven't tested it lately.
> As an addendum, I'm pretty hopeful that in this decade we'll get AI vision enabled screen readers so anything that's displayable to a sighted person can also be immediately used with some caveats by someone reliant on screen reader.
Sadly, that might be what it takes to get access to applications using the long tail of UI toolkits.
This is a major challenge in the Move Fast and Break Things javascript world of half baked UI frameworka that arent accessible.
The problem with AI screen readers (Android already has one) is that they provide a "good enough" solution that drains the interest in building server frameworms that really work.
The pre-announcement [1] lays out at least some of those alternatives. I understand why they chose the approach they did, but they needed to do the work to make it accessible, as I advised them when that post came out.
> To my understanding their browser isolation text just renders to canvas on their edge servers (don’t quote me on this). Does canvas provide any accessibility at all and is actually a bigger problem with the creation of that standard / element in HTML5 with text generation? It’s an image block that allows text generation with almost no accessibility in mind? That’s not really Cloudflare’s fault to be honest.
The standard workaround is to create a parallel DOM that's invisible, e.g. covered up by the canvas. To be clear, this parallel DOM should be based on the accessibility tree of the remote browser, not based on the original DOM, as that would undermine the whole point of the exercise. This work-around may not be perfect, but Cloudflare hasn't implemented even this.
> But this post feels like an open letter to some bigger issue when it seems like it’s a very niche and non-common security tool.
It seems to me, from Cloudflare's original pre-announcement of this technology [1], that they intend for it to be widely adopted. Here's the money quote:
> Operating costs translate directly to customer costs. The S2 system was designed to make deployment to an entire enterprise and not just targeted users (aka: vaccinating half the class) both feasible and attractive for customers.
IMO, the best possible solution right now would be a native desktop client for their remote browser, as opposed to a browser-based client. But it would probably be better in the long term to fill in the appropriate gaps in web standards so the browser-based client can be fully usable with a screen reader.
