|
|
|
|
|
|
by eqvinox
554 days ago
|
|
|
> Arguably the browser is far more secure. The browser is far more secure because everything it allows access to is tightly controlled, in most cases by scoping it to the website. Even if you grant persistent camera/microphone access, it remains scoped temporally: you need to have the website opened up. An USB device fundamentally does not support this security model. Code that can interact with an USB device can put persistent state on it without any checks enforced upon it. That USB device may later interact with other (bug-laden) code on the same system, or even worse, be moved to a different host entirely, with a different OS stack there, and trigger interactions there. Yes, the browser is far more secure — because it has very few (anti-)features like this. I'm incredibly happy that WebUSB is not particularly commonplace to use. Having secure browsers is more important to me than the convenience of USB access from websites. |
|
|