A bit OT, but most of this thread seems to be generally about WebUSB, not the OP (although it is a pretty cool hack!)
On one hand, I really want WebUSB, but at the same time, I REALLY don't want the average person to have WebUSB.
Practice has shown that consent popups do not work and people will manage to give consent to anything without even realizing it ("I never clicked on anything", they say, while I swipe away 50 spam push notifications and remove push permissions from about a dozen "news" sites).
Honestly, I kind of like the Internet Explorer version of permissions, where you needed to mark certain sites as "trusted" to enable certain features. The process is hard to discover, takes a decent amount of time, is a bit confusing, done in a system-styled modal popup with reasonably scary and large warning icons.
If people had to go through this process to mark a site as "trusted" in order to use WebUSB, WebBluetooth, and the other dangerous APIs, far fewer would do it by accident. The UX would still be better than installing a native app and you get sandoxing as a bonus, so I think the tradeoff would be worth it.
Chrome Web Notifications are also a complete dumpster-fire. In my experience the average older folk has no idea what web notifications are. They accidentally enable notifications from shady websites over time, and then blindly believe the web-spam notifications being pushed to their phone informing them *HELLO YOUR PHONE HAS VIRUS DOWNLOAD "CLEANER APP" TO FIX BEFORE PHONE DIE* is legit.
> On one hand, I really want WebUSB, but at the same time, I REALLY don't want the average person to have WebUSB.
This is the endless struggle of all time. It's like some people have some sort of super-messing-things-up power. If you don't make something LITERALLY impossible to achieve, they will find a way to do it by accident. Always. They will go out of their way to find things to do by complete accident, and they will never have any idea what they're doing! They'll follow guides to change settings they don't understand, trigger functionality they don't understand, grant access they don't understand, no matter how complex you try to make the process, no matter how many warnings you add, and no matter how hard you try to guard against exactly this kind of idiocy.
And this sucks. Because there are people out there who do know what they're doing, who do things on purpose, and who would appreciate to have power that it just so happens that an Idiot should never be given. It is practically not possible to expose that power without being flooded by Idiots who did something Stupid with it.
I agree. One of the biggest things people don't understand is that most users simply don't understand what they're doing, and Google does not understand how to design software safe for them. Annoying processes seem pointless but often they have a very clear point: Making sure intent is solid.
Apple recently implemented some web APIs in a strategy that shows they actually understand designing for people: The APIs only work if you "install" the website. It makes it possible to access useful PWA features... but it doesn't allow any arbitrary website to do so, there's an extra process normal humans understand to enable it.
An installed PWA is also persistently visible: It's on the homescreen. So it's a visible reminder of that permission grant and a clear sign of something a user wants to have some sense of access to them.
> Google does not understand how to design software safe for them
The only way to design software safe for Idiots is to design software where it is not possible to make a mistake, not possible to have an accident, and not possible to compromise anything even on purpose.
Unfortunately, non-Idiots don't tend to appreciate that kind of babyfied experience, so we tend to end up with some compromise where the things that Idiots will inevitably mess up should ideally be the least consequential possible things that can also provide some sort of value to non-Idiots.
As a result some of the more advanced experiences that are entirely inappropriate to grant Idiots are simply not available, because if they were, then Idiots would find a way to cause really bad accidents.
> On one hand, I really want WebUSB, but at the same time, I REALLY don't want the average person to have WebUSB.
I really do want the general public to have access.
Many people need to interface with devices and we are sadly in a situation where Apps served by closed App Store are the only option.
If I want to distribute a way to allow the wider public to access a device that no longer has official support, WebUSB is by far the easiest way.
In an alternative world where Chrome did not support it, the average person would need to be able to install and run [python or other scripting language].
If the developer was really keen then they might offer a desktop app or go through the long and expensive process of submitting it to an App Store.
I think WebUSB can have a secure UI and I also can’t think what devices the average user has plugged in that could be compromised. I am pretty sure you can’t use WebUSB to take control of a keyboard or mouse (HID), storage, wifi, audio, smart card of U2F devices.
But it’s super useful for proprietary label printers, random toys/gadgets and programming/flashing microcontrollers.
Modal prompts where applications (and websites!) request permissions are an absolutely terrible UX. Sure, they're very easy to use and convenient, but they're easy to use to accidentally grant very wide access to untrustworthy third parties.
Granting permission to pages should be, as you say, an explicit user-initiated flow via a permissions panel. The same should be so for sandboxed desktop applications. Does an application want to continuously record your screen? Then it should be granted this permission explicitly via a permissions control panel. It shouldn't be able to show a modal dialogue where people just click "yes". Many times, with good reason: they simply don't understand the technicalities of what they're being asked.
On one hand, I really want WebUSB, but at the same time, I REALLY don't want the average person to have WebUSB.
Practice has shown that consent popups do not work and people will manage to give consent to anything without even realizing it ("I never clicked on anything", they say, while I swipe away 50 spam push notifications and remove push permissions from about a dozen "news" sites).
Honestly, I kind of like the Internet Explorer version of permissions, where you needed to mark certain sites as "trusted" to enable certain features. The process is hard to discover, takes a decent amount of time, is a bit confusing, done in a system-styled modal popup with reasonably scary and large warning icons.
If people had to go through this process to mark a site as "trusted" in order to use WebUSB, WebBluetooth, and the other dangerous APIs, far fewer would do it by accident. The UX would still be better than installing a native app and you get sandoxing as a bonus, so I think the tradeoff would be worth it.