Sure, but some people are concerned about any website being one confirmation prompt away from being able to have full access to hardware in the user's physical environment, and being able to permanently change the behavior of that hardware.

A hacker may think such things are convenient for them, but an end user does not know the ramification of a random website (WebUSB IIRC still does not have origin restrictions) getting hardware access - nor can we categorize the risk in order to protect them.

▲

lxgr 3 hours ago | parent [-]

What physical access and what permanent behavior changes in particular are you concerned about? Most common "dangerous" USB device classes are explicitly excluded in Web USB.

I've heard about rogue keyboard firmware, but that requires having a programmable/updatable firmware keyboard in the first place. And that closes the loop of my argument: People that want to update the firmware in their keyboard will do so, whether it's in the browser or by installing a potentially shady and not at all sandboxed third party application.

At least in the browser, permissions are time limited and scoped to explicitly granted devices.

> WebUSB IIRC still does not have origin restrictions

How would you even enforce these on the open web?

▲

dylan604 2 hours ago | parent [-]

The most important USB thing I have are storage devices. Keyboards/mice/etc are much less of a concern. If something rogue happens to a drive, that's a "major problem in Australia. Please help us stop it" situation.

▲

lxgr an hour ago | parent [-]

That would indeed be horrible, which is why storage devices are explicitly excluded from WebUSB.

	▲	dylan604 22 minutes ago \| parent [-]
		It's a good thing that history has shown us that things have never happened that were designed not to happen. Sure, my tinfoil hat is securely fashioned, but I've been around long enough to see things get subverted even if it's not until long after release.