| ▲ | zb3 7 hours ago | ||||||||||||||||
This is not just an isolated incident, it's the whole trend of limiting capabilities in the name of security and that's what I was referring to. However in this particular case, even the security argument doesn't hold, either I: a) know that I want to use USB - in that case I'll switch browsers or download a native binary (even more unsafe), it's not that I'd decide that I no longer want to flash my smartphone b) I don't understand what's happening but I follow arbitrary instructions anyway - WebUSB changes nothing. | |||||||||||||||||
| ▲ | Orygin 5 hours ago | parent | next [-] | ||||||||||||||||
A native binary can be verified by anti malware systems, and once installed and working, poses no security risk. A 0day in a browser for the WebUSB system would allow any website to mess with arbitrary USB devices connected to your computer. While the browser sandbox is generally safe, it is also a huge target, and with a security risk like that, it wouldn't surprise me if it's a prime target for black hats. | |||||||||||||||||
| ▲ | skydhash 7 hours ago | parent | prev [-] | ||||||||||||||||
So instead of using trusted vendors or requiring tools with auditable code, we just allow everyone to be able to access the user’s devices? | |||||||||||||||||
| |||||||||||||||||