988896 - Make it harder to detect that we're simulating mouse clicks or other means when performing a doAction on an element

Status: NEW

(Core :: Disability Access APIs, defect)

Description

[Marco Zehe (:MarcoZ)]

STR:
1. With NVDA and Firefox running, go to http://dylanb.github.io/screenreaderdetection/
2. Press the button.

Result: You're immediately recognized as a screen reader user using Firefox.

3. Turn off NVDA's virtual buffer by pressing Insert+Space Bar, reload the page with Ctrl+R, and tab to the button and press it using Space.

Result: You are now being identified as a keyboard user using Firefox.

Proposal: When we perform a doDefaultAction or doAction[0] on an element such as a link or button, do things to make it less obvious that we've been invoked by a screen reader. Ideas:
1. Simply use a simulated keystroke to activate a button (e. g. Space), unless we detect that the button has a onMouseDown or onMouseUp handler, in which case it *needs* mouse clicks.
Or
2. When performing mouse clicks, make sure we simulate an unsteady hand between the mouse down and mouse up, e. g. by moving the mouse pointer a very tiny bit to the left and/or right (randomized) before releasing the mouse button. Just enough to fool the heuristics, but not enough to initiate something that could be seen as a drag and drop action.
Or
3. Other possible ways of obfuscating that we're simulating things on behalf of a screen reader.