I'm afraid I might be partially responsible for the lack of this work-around. In a phone conversation with the Browser Isolation product manager a few weeks before the product launch in March (but remember, well over a year after I first contacted Cloudflare about accessibility in this product), I articulated some version of the problems with a remote screen reader that I laid out in [1]. But I may not have emphasized enough that this would be better than nothing. Since it was a phone conversation and not an email exchange, I unfortunately have no record of what I said. Still, I can't take full responsibility for the fact that, to all outward appearances, they have done nothing about this problem so far.
> For blind people, TTS settings are very personal.
Is there a whitepaper that articulates concrete solutions to reconcile the myriad flavors of screen reader configurations with Browser Isolation technology?
the other issue is that while this would work for screen readers, it wouldn't work for me. I can see fine, but I'm losing the use of my arms, so I use vimium with dictation to navigate pages. they'd have to bake vimium into it as well...
...which suggests to me, why not allow approved browser extensions to run on the remote side? you could have a screen reader extension, I could have vimium, it wouldn't be great but it would be secure, and again, better than nothing.
Your suggestion is probably the correct solution technically speaking, as it funnels the screen reader I/O stream through browser APIs.
The immediate objection is that most popular screen readers (JAWS, NVDA) are native apps and not browser extensions, (some?) extension-based screen readers being immature. mwcampbell articulated it as much in a different post, asking for a native desktop client as opposed to a browser based client. Alas, 'native desktop client' is a different technology than Cloudflare RBI, subject to different tradeoffs, which may well be at odds with the goals of Cloudflare RBI as a product.
A hypothetical browser accessibility protocol is likely to prove insufficient, as native screen reader apps will themselves become an attack vector.
Unlocking the situation requires a wider industry buy-in beyond Cloudflare. Screen readers must be rearchitected with security in mind. IT departments must manage accessibility apps. Advocacy groups must commit to roadmaps that include a lot of change, and that may even degrade the status quo for many years to come. Given that existing screen reader apps have decades of engineering already poured in, it will be hard and expensive to enact change. A good early step could be creating an industry standard various entities can rally behind.
I've struggled with security vs. accessibility myself. my work won't allow my dictation software on the secure workstations we have to use, at least for the near future. they allow Dragon, but Dragon sucks for interaction and programming. companies can't just throw their hands up and say "security" though.. or at least they shouldn't. they can and do, I guess.
[1]: https://news.ycombinator.com/item?id=28028682