|
|
|
|
|
|
by IshKebab
555 days ago
|
|
|
That doesn't make any sense. The API is available for abuse independently of how many legitimate users there are. Or are you thinking only about attacks where the attackers have a genuine reason to ask for USB access? Because IMO that is going to pretty rare, and also not very interesting because in those cases the alternative is you download an executable with unlimited permissions. But in any case it makes no difference. If the API has been available to 75% of users for 7 years, it's downright idiotic to think making it available to 77% of users will make a difference. |
|
|
- a large part of privacy issues only exist under legitimate use cases
- a comparatively smaller but still relevant part of security issues would involve attacking (e.g. code injection) a legitimate web application (which the user may already trust) as a first step, and progressing from there
- the fact that such few genuine use cases exist makes users much less likely to accept any illegitimate use, since it will be a permission request box that they have never seen before and haven't been desensitized to