| ▲ | JimDabell 6 hours ago | |
> The spec is still in draft because Apple refuses to let it move forward This is untrue. Web standards need two independent implementations. Google can’t convince any other rendering engine besides their own to implement it. It doesn't take a single no from Apple to veto it; it takes a single yes from anybody outside of Blink to move it forward. Nobody is doing that. Here is what Mozilla have to say about WebUSB: > Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers. — https://mozilla.github.io/standards-positions/#webusb Until Google can convince anybody outside of Blink to implement it, it is not a standard it’s a Blink-only API. | ||
| ▲ | leptons 3 hours ago | parent [-] | |
Apple has provided no alternative, and no suggestions for how to improve the draft. They are not helping advance the draft only for selfish reasons. They also won't allow any other browser on iOS for the same selfish reasons. Apple continues to use abusive business tactics, and it's why they are being sued by the DOJ in an antitrust lawsuit. Them not implementing and not even suggesting changes to WebUSB and WebBluetooth are just further examples of it. https://www.justice.gov/archives/opa/media/1344546/dl?inline >Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to So the alternative is installing questionable drivers from questionable websites that give an attacker full-access to the entire computer. This is far less good for security, and is unfortunately the norm right now. >we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. So is every other browser API that's currently implemented that requires explicit approval from a user. It's nonsense to single out WebUSB specifically. > It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers. Bullshit. You have to explicitly allow WebUSB to interact with any website that requests it. It does NOT allow arbitrary tracking, and this sentence proves that whatever Mozilla writes about it is disingenuous, trying to incite hysteria about an API. | ||