Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't know the general political disagreements, but I personally don't want WebUSB and think it's a garbage idea.

The browser can already access the USB devices it needs through normal OS interfaces (the keyboard and mouse being the obvious examples). I don't see why any website should need special direct access. The only use-cases seem to be giving access to web programmers who can't be bothered to write a standalone application (not a group I trust) or to provide additional ways to track users (something I don't want).

I don't even trust Google and Mozilla enough to give them access, much less any random stranger who's setup a website.

Not everything needs to be accessible from the web. I don't know where the line is, but for me USB access is across the line.



> I don't see why any website should need special direct access.

And this also holds back things like better security from USB security keys.

You have to access the key in exactly the way that is implemented ... even if that implementation sucks or has bugs or has security failures.

Everybody hates Electron .. but then want to hamstring the browsers. Well, people still want do do the thing they want even if you don't let them. They will find a way around .. and currently that way around is Electron.


I believe USB security keys are covered under a different API.

But even then, you can use this argument against it. When this type of USB access is allowed, it gives phishing attacks even more power. Now, you’ll click prompts for authentication and little did you know that malicious actors and read/write the entire USB drive!




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: