There isn't much to fear here. Web Bluetooth has been around nearly ten years now and nothing monumental has sprung forth from it. It is wonderfully convenient to have at your fingertips, especially in the ChromeOS world, but it's not gonna turn everyone's devices into Flipper Zero targets.

> Comments like this scare me.

Sorry to hear that. I thought this was a safe space for hackers to express enthusiasm about pushing their own hardware and software further (and in this case even in a comparatively safe way).

> I just have no faith in humanity, and do not understand why we think this is a good idea to give a browser this much access to local system resources.

The browser already has all that access, it's just further granting it to web apps, and on a page-by-page, device-by-device, explicitly user opt-in basis at that.

And as I've mentioned, the alternative here is to install a potentially untrusted native application that gets the same access and so much more.

If that's what the Github page tells users to do, many of them will just do it without thinking twice. Is that better?

What if we implement them but hide them deep in the settings or as experimental feature inside the hidden developer menu, behind multiple warning messages and password prompts? Only the very determined developers and advanced users would be able to unlock them. Then it's safe enough?

You can press a simple button on a webpage and it will install malware on your iPhone. Plenty of exploits have been out there for a long time.

Should we disallow clicking on anything on a webpage too?

WebUSB is no more risky than any other tech. You have to explicitly opt-in to use WebUSB on any site requesting access to it. And I'm sorry if someone's grandfather trusts a malicious website and gets hacked, but that isn't a reason to prevent the rest of us from using tech that enables functionality on non-malicious websites that serves a useful purpose.