Limiting it to installed apps still has the problem of users blindly agreeing to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chrismorgan on Jan 21, 2022 \| parent \| context \| favorite \| on: Porting USB applications to the web. Part 1: libus... Limiting it to installed apps still has the problem of users blindly agreeing to something that is fundamentally super dangerous. I don’t believe installing PWAs currently exposes any new security surface, so this would be a significant change, and worse still a persistent hazard with probably no indication of what’s going on when it’s in use. I think there’s still potential in the general concept, but it’d take work and is certainly not ready yet in any browser. Yes, certain classes are restricted from access via WebUSB for security, https://wicg.github.io/webusb/#protected-interface-classes. But as the note says, it’s about balance: that list is necessary for security, but not sufficient.

RReverser on Jan 21, 2022 [–]

> Limiting it to installed apps still has the problem of users blindly agreeing to something that is fundamentally super dangerous.

Same can be said about native apps. Like with other hazards, in the end it's all about balance - you can't stop users from _ever_ doing stupid things.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact