alt Hacker NewsI wouldn't describe it as "conservative" but as "pro-native-apps and anti-web-apps", which seems irrational in this day and age where "native apps" means platform lock-in by monopolies, less sandboxing and user-control than on the web, much more gatekeeping and control over published binaries, and these days the web app is usually a more private/secure alternative to the native app (which also bundles a marketing SDK, now, and fingerprints you invisibly via iCloud Keychain, tracks you with various identifiers, and more).
If native platforms removed USB or Bluetooth, the "control over my own hardware" crowd would flip a table. I just wish they also understood the benefits of the web compared to native. The Chrome/Project Fugu team's dream of making the web platform as powerful as native platforms is the correct one from a user freedom standpoint, or at bare minimum a "user choice" standpoint.
Replies
The web and native app platforms have very different security models.
Nobody is vetting websites for you. There is no guarantee the same company operates a website today that did yesterday. There is no obvious distribution or regulatory authority instituting penalties for illegal actions (and often is no legal presence in a country when illegal actions take place).
That means for the web, every consent prompt has a large, sometimes even unbounded amount of harm behind it if the user picks incorrectly, and browsers have limited capacity to help them pick correctly outside of reactive block lists once substantial harm has been done and recognized.
This is why, for example, the major browsers have all moved to restricting web extensions behind their own review processes/stores, and put restrictions that make unaudited web extensions difficult to install outside of development workflows. The risk is just too great.
Chrome pushed many of these API early in the Chromebook product cycle, because their idea was that you would only build apps using web technologies. I somewhat doubt they would have pushed for WebUSB themselves if Chromebook started in its current state, where it primarily runs android apps and is about to transition to be android-based.
> where "native apps" means platform lock-in by monopolies, less sandboxing and user-control than on the web, much more gatekeeping and control over published binaries, and these days the web app is usually a more private/secure alternative to the native app
Please add “mobile and/or proprietary” before “native apps”. Linux and BSD on PC are still very much free. The web as a platform is just a NIH effort.
I'm not saying pro-native-apps outright even if that might be what it gets boiled down as. I'm saying I do not trust anything that runs in a browser. I actively block as much nonsense as possible. I do not trust devs that write code to run in browsers. There's a lot of devs getting taken out in the blast radius, but the only way to be sure is to take off and nuke it from orbit. There are devs out there hell bent on writing malicious code. I am willing to take a stand and refuse to use things when the net result is negative. I do not use social media. I do not shop at Walmart. These are the decisions I'm willing to live with even if it makes life slightly less "easy" because I've made a moral decision to not open myself up to nonsense just to later ask "what happened...".