logoalt Hacker News

Retr0idtoday at 1:40 PM7 repliesview on HN

The security implications of not having WebUSB are having to install untrustworthy native drivers every time you want to interface with a USB device.

Replies

tjofftoday at 3:14 PM

The security implications if this goes mainstream is that you are expected to do this for all kinds of hardware.

Right now that isn't the case and I can't remember last the time I had to uninstall untrustworthy native drivers.

A lot to lose, very little to gain?

show 3 replies
1313ed01today at 1:52 PM

Sounds like something that could have a standalone usb-driver-container or special chromium fork for the 0.00001% of users that need it instead of bloating every browser with yet another niche API and the inevitable security holes it will bring.

show 1 reply
raframtoday at 1:53 PM

On macOS, I think I've installed device drivers exactly once in the last decade, and they were for a weird printer.

show 2 replies
fhntoday at 3:01 PM

why would you be using untrustworthy hardware to begin with?

show 1 reply
skydhashtoday at 1:46 PM

That sounds like a Windows problem.

show 3 replies
monegatortoday at 1:52 PM

you do know microsoft OS 2.0 descriptors are a thing, right? or that you can force the unknown device to use WinUSB

but really most devices you want to interface to via webusb are CDC and DFU so.. problem solved?

show 2 replies
PunchyHamstertoday at 1:48 PM

You can have userspace drivers for usb devices in Linux

show 1 reply