I felt that way too, but having used it a few devices as an end user I enjoy being able to close the browser and have the whole stack disappear. Instead of having to install a creepy Logitech tool to pair a mouse with a receiver, as soon as that task is done, goodbye Logitech. I guess a real concern is manufacturers stop offering native drivers, but for the majority of hardware the PnP or the Linux kernel just handle it.

There's a real risk of losing the ability to control your device if the manufacturer stops hosting their propertiary WebUSB app, too.

Standard USB drivers aren't going to disappear from my disk and can be reverse engineered long after its manufacturer has dropped support or gone under.

So what is an example use case where you'd prefer to do X without using this particular tech?

macOS allows USB access without installing a driver, so that's probably why. The "driver" is just part of the app.

Most device drivers nowadays aint necessary to solely get the device working, but to get it working well. All keyboards will work out of the box without any drivers/webusb-pages, but good luck configuring rapid triggers on your Wooting keyboard or a DPI-switching macro on your Logitech mouse without it.

My USB wireless keyboard and mouse work just fine without vendor software, but if I ever lost the dongle and had to re-pair them with a different dongle, I'd need the vendor's software to do it.

My bluetooth headphones work just fine without vendor software, but apparently with an app I can adjust the audio to somehow make me better at playing computer games. I think it amplifies other players' footsteps or something? If I wanted that, I'd need the vendor's software to do it.

My PSU works just fine without vendor software, but includes a USB monitoring interface, which would let me see certain things like fan speeds, voltages and currents. Of course I can monitor most of those with my motherboard's existing sensors; and a dip in the 12v rail will power off the system before any monitoring could respond. But if I did want to use those features, I'd need the vendor's software to do it.

Despite my distrust for vendor software, I have even less trust for webusb. Partly that's because I'm a hater in general, but mostly it's because there are too many holes in the web browser's sandbox already - if things in the sandbox are re-flashing your keyboard firmware you've given up on sandboxing, you just haven't admitted it to yourself yet.

> What product categories exist where all entries only work (over USB) with native drivers?

All the categories you've listed have products that require a companion application to configure things out of band, that the "universal" driver doesn't understand.

In the case of the four HID you've listed the app would be for configuring key mapping, macros, rgb, firmware updates.

Some webcams need apps to control things not exposed by the native driver (things like head tracking or more specific sensor control).

I'm not familiar with the market but I would imagine that many headsets and DACs nowadays have similar apps to tune EQs presets and the like.

everyone has a different threshold at which they would consider something 'untrustworthy'

Curious what your floor is for 'trustworthy', a company with a US headquarters? Personally I feel sketched out by any silicon not made in Sweden or Japan, so, pretty much all of it.

People are already doing that in the experimental embedded world, and let me tell you, it's pain. True and utter pain. You're going to fight different versions of libusb's userland being installed, Windows/macOS/Linux kernel occupying the device with a default driver (cough rtl_sdr) and a whole lot of other messes.

Or some things aren't even available made using libusb. Think control applications for RGB lights in keyboard and mice. There's a certain manufacturer all but mandating installation of its slopware. Being able to provide all of this as WebUSB has advantages.

Not really, as long as the firmware developers used OS 2.0 descriptors

(For the rare occurences that our customer is using 7 or earlier, we tell them to use zadig and be done with it.)

I'm not familiar with the Windows platform but although you can have userspace USB drivers on linux, you still need to be able to run code that can talk to the sysfs interface.

The Linux problem is more

Hope every time you want to interface with a USB device.

I'm unfamiliar with the Windows platform but that sounds like something that still requires executing code locally.

.. or HID ( https://usevia.app/ , for programmable keyboards)

How does the security of userspace drivers compare to having drivers within a sandboxed web environment with access to only the devices you’ve explicitly allowlisted?

> Permission popups fatigue

Native apps also have this, and it's worse because they usually just ask for sweeping admin access on windows, unlike WebUSB which just brings up a device selection menu

Apple has provided no alternative, and no suggestions for how to improve the draft. They are not helping advance the draft only for selfish reasons.

They also won't allow any other browser on iOS for the same selfish reasons.

Apple continues to use abusive business tactics, and it's why they are being sued by the DOJ in an antitrust lawsuit. Them not implementing and not even suggesting changes to WebUSB and WebBluetooth are just further examples of it.

https://www.justice.gov/archives/opa/media/1344546/dl?inline

>Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to

So the alternative is installing questionable drivers from questionable websites that give an attacker full-access to the entire computer. This is far less good for security, and is unfortunately the norm right now.

>we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent.

So is every other browser API that's currently implemented that requires explicit approval from a user. It's nonsense to single out WebUSB specifically.

> It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.

Bullshit. You have to explicitly allow WebUSB to interact with any website that requests it. It does NOT allow arbitrary tracking, and this sentence proves that whatever Mozilla writes about it is disingenuous, trying to incite hysteria about an API.

Isn't that the same excuse Gooogle is using to lrevent folks from installing what they want on Android phones?

You can ask them to type one of the following sentences:

"I know what I'm doing, and giving a random website access to my USB host is the right thing to do."

"I'm an idiot."

You simply don't. This quest of saving idiots from themselves is not gaining anyone anything and meanwhile other people get more and more useless restrictions.

They can click everything away, so maybe educate them or buy an ios device for your relatives instead of breaking computing for everyone else.