From: https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API
"WebUSB provides a way for these non-standardized USB device services to be exposed to the web. This means that hardware manufacturers will be able to provide a way for their device to be accessed from the web, without having to provide their own API."
That doesn't sound secure at all!
That's nonsense. You have to opt-in on any website that is requesting USB access, just like every other useful but potentially privacy-risky browser API.
Plenty of sites ask for camera access, and that is typically a USB device. Plenty of sites ask for microphone accesss, which can be a USB device. And even if those aren't always USB devices, they are still very much a privacy risk that browsers all allow. USB access is no different, a website can't just do whatever it wants, you have to give it permission to use it first. And it doesn't have to be all-or-nothing either, it could be implemented to allow the browser to access only specific USB devices.
Apple is holding back progress in favor of profit. They profit when developers are forced to create a native app where Apple can extract 30% of revenue through the app.
loading story #47683020