this post was submitted on 01 Jun 2024
1063 points (98.6% liked)
Technology
59148 readers
1946 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
"WebUSB is a JavaScript application programming interface specification for securely providing access to USB devices from web applications"
Holy Hannah, NO!!!!
Might as well allow a website to direct write to your hard drive unprompted again.
Does noone see how BAD this stuff is?
Stop creating attack vectors with glowing neon signs on them.
Except it's a very good thing for 2FA USB keys which prevent people from gaining access unless they have physical access to the key. Also useful for USB gamepads etc
Web engines are nearly OSs at this point. It's aready possible to flash a phone ROM in two clicks with a webpage. Most apps are also already rendered in browser engines anyway, that includes things like steam. The APIs might sound evil until your favorite FOSS project uses them to make your life better.
Unfortunately, if Mozilla refuses to implement stuff like PWAs or advanced APIs it's locked out of that side of innovation both good and bad.
That's precisely the kind of access that a web browser should NEVER, EVER have.
If you think 2 stage download keylogger apps getting into app stores is bad, wait until it can be done with a banner ad. Or by viewing a comment on a post.
You have to specifically permit it on a per site basis, it's not like a website has those permissions by default. If a banner ad or forum post could enable that permission then they'd be able to access your camera as well as a plethora of other permissions?
I don't see any difference between downloading code to run in a web browser vs downloading and running ADB. In fact, running software in a web browser is more sandboxed and with more fine tuned permissions.