This is about the Web USB API, not the entire web in general. Are you routinely ...

cestith · on March 2, 2018

There are operating systems which don't by default give every application running as every user account access to every storage device.

ddevault · on March 2, 2018

>if you ever found yourself in a situation where you needed to connect a USB device to a remote service

I have never found myself in that situation. That sounds like a really silly idea.

Ajedi32 · on March 2, 2018

Then click "deny", or (in the case of a native app) refuse to install the executable. Either way you're safe.

For those that _do_ require [such use cases][1] though; they can now do so without needing to expose their system to an unsandboxed native app.

[1]: https://wicg.github.io/webusb/#motivating-applications

ddevault · on March 2, 2018

I know to do that. How about my grandma, who just clicks whatever button looks like it'll make the message go away sooner?

The web is a disaster and WebUSB is a prime piece of evidence supporting this.

Ajedi32 · on March 2, 2018

Would that include the "Run" button on a downloaded executable?

While obviously we want to do as much as we can to discourage users from shooting themselves in the foot, there are limits. At some point, eventually you _do_ have to trust that the user knows what he's doing.

Giving users a choice on when to allow a page access to one specific USB device is not a "disaster".

jperras · on March 3, 2018

Just because you've never dreamed up a situation where it might be useful doesn't mean that they don't exist.

ddevault · on March 3, 2018

Clarification: I've never wanted to do that in a web browser.

Spivak · on March 2, 2018

Attaching a bootable USB drive to a HTML5 based KVM? Sure it could be accomplished in other ways buy why not this way?

ddevault · on March 2, 2018

Why an HTML5 based KVM? A desktop app would be great for that!