Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
troupo 9 hours ago

> What are the security implications this raises that downloading native programs (needed for example to flash my smartphone) doesn't raise?

1. Permission popups fatigue

2. Usually users select the apps they install, most sites are ephemeral. And yes, even with apps, especially on Android, people click through permission dialogs without looking because they are often too broad and confusing. With expected results such as exfiltrating user data.

oofdere 3 hours ago | parent [-]

> Permission popups fatigue

Native apps also have this, and it's worse because they usually just ask for sweeping admin access on windows, unlike WebUSB which just brings up a device selection menu

troupo 2 hours ago | parent [-]

> Native apps also have this, and it's worse because they usually just ask for sweeping admin access on windows

On iOS they only pop up the menu when they try to access the required functionality, and there's a limited number of things they can do.

> unlike WebUSB which just brings up a device selection menu

So the user has to contend with permissions on phones, in desktop OSes, but 26 more potential permissions [1] from a browser are fine because a) it's just a single permission window and b) the browser exists in total vacuum from all other user experiences.

[1] Counted in Chrome settings -> Site settings -> permissions. Why Chrome? Because they are the ones pushing all the hardware APIs, among others

oofdere 12 minutes ago | parent [-]

> On iOS they only pop up the menu when they try to access the required functionality, and there's a limited number of things they can do.

great! your web browser does the exact same thing!

> 26 more potential permissions [1] from a browser are fine because a) it's just a single permission window and b) the browser exists in total vacuum from all other user experiences.

your argument is a non-sequitur; if I go install a firmware flasher, it is going to ask for permission to access the device I am flashing no matter what. on macos it will ask for "full disk access" for all your disks! on windows it will ask me "Do you want to allow this app to make changes to your device?" (what changes????). and then after that the app has to look at all of your devices and ask you which you want to use, and if there's a bug in the code, it might operate on the wrong one.

those OS permissions are confusing and obtuse, dare I say useless, and yet they still exist, and of course they cause fatigue!

whereas if you go to a webusb tool, the browser presents you a list of devices, with only the ones the app can use visible, and the app never gets more permission than it needs. it is simply a better UX and DX than the "permissions" cloud you're yelling at.