What are the security implications this raises that downloading native programs (needed for example to flash my smartphone) doesn't raise?

▲

barnabee 7 hours ago | parent | next [-]

None. People will follow any instruction presented to them when they think it will get them something they want. Mozilla’s stance here is infuriating.

▲

troupo 7 hours ago | parent | prev [-]

> What are the security implications this raises that downloading native programs (needed for example to flash my smartphone) doesn't raise?

1. Permission popups fatigue

2. Usually users select the apps they install, most sites are ephemeral. And yes, even with apps, especially on Android, people click through permission dialogs without looking because they are often too broad and confusing. With expected results such as exfiltrating user data.

▲

oofdere an hour ago | parent [-]

> Permission popups fatigue

Native apps also have this, and it's worse because they usually just ask for sweeping admin access on windows, unlike WebUSB which just brings up a device selection menu

	▲	troupo 23 minutes ago \| parent [-]
		> Native apps also have this, and it's worse because they usually just ask for sweeping admin access on windows On iOS they only pop up the menu when they try to access the required functionality, and there's a limited number of things they can do. > unlike WebUSB which just brings up a device selection menu So the user has to contend with permissions on phones, in desktop OSes, but 26 more potential permissions [1] from a browser are fine because a) it's just a single permission window and b) the browser exists in total vacuum from all other user experiences. [1] Counted in Chrome settings -> Site settings -> permissions. Why Chrome? Because they are the ones pushing all the hardware APIs, among others