WebUSB Extension for Firefox

Original Article ↗ Hacker News Discussion ↗

Scope of the discussion

  • Thread centers on whether exposing USB to web pages (via WebUSB and this Firefox extension) is desirable, safe, and worth standardizing.
  • Strong split between proponents (convenience, cross‑platform, sandboxing) and opponents (attack surface, UX pitfalls, long‑term risks).

Security, privacy, and permissions

  • Critics see WebUSB as major new attack surface in an already complex browser sandbox; a WebUSB 0‑day could let any site tamper with connected devices.
  • Concerns include:
    • Malicious firmware (e.g., keyboards becoming keyloggers or HID “rubber ducky” devices).
    • Difficulty explaining risk to non‑technical users who habitually click “allow.”
    • Permission‑popup fatigue with many different browser capabilities.
    • Potential use of USB device identity as a tracking vector.
  • Supporters argue:
    • Access is per‑device, per‑site, and explicitly user‑prompted; storage devices are excluded.
    • Compared to downloading native drivers/executables (often with broad system privileges), a browser sandbox is safer in practice.
    • Users already run untrusted binaries; WebUSB doesn’t meaningfully change that risk profile.

Use cases and benefits

  • Frequently cited successes: flashing GrapheneOS (even from another phone), BBC micro:bit education, Web MiniDisc, keyboard configuration/firmware flashing, BLE thermometer firmware, thermal printers, RTL‑SDR dongles, FlipperZero, ESPHome, Meshtastic, Stadia controller conversion, IoT configuration, VR/AR sideloading.
  • Advantages noted:
    • Single cross‑platform implementation instead of OS‑specific drivers.
    • No need to install persistent vendor software; closing the tab removes it.
    • Helpful on platforms like Chromebooks or where native tools are weak or unavailable.

Mozilla, standards, and implementation strategy

  • Mozilla currently rejects WebUSB on security/privacy grounds; some applaud this caution, others call it “security theater” or anti‑user.
  • Debate over standards process:
    • One side claims the spec is stalled mainly due to Apple’s resistance and store economics.
    • Another notes standards require two independent implementations; so far only Blink‑based browsers implement it.
  • Some feel WebUSB should stay opt‑in via extensions, hidden flags, or “developer” settings; others argue such gating kills adoption and entrenches Chrome‑only web apps.

Longevity, lock‑in, and philosophy

  • Worry that hardware vendors may ship only web apps, which can disappear, leaving devices unmanageable.
  • Counter‑view: native drivers and proprietary desktop apps also vanish; web apps are at least inspectable and often more portable.
  • Broader philosophical split:
    • One camp wants powerful “personal computing” in the browser, matching native capabilities.
    • Another wants a simpler, safer web with fewer powerful APIs, accepting fewer features to protect users and reduce complexity.