What is the use case?

[quantumproducer]

With the ubiquity of USB based attacks I wonder, what is the use case for allowing typically insecure user program (web browser) to connect to USB?

What problem is this solving?

[adriweb]

One such example that comes to mind (as a user and contributor of the following project) is https://www.numworks.com/blog/webusb-firmware-update/

[tazjin]

One use-case for security-minded folks is getting whole new attack vectors. If you make a living writing exploits this could come in handy!

[karelbilek]

My opinion is that WebUSB is very useful if you are a vendor of a hardware that wants to allow to be accessible from the web. The API is nice. And browsers are now a de-facto operating systems whether you like it or not.

However, I agree that the current model of WebUSB "any device can talk to any website" is dangerous - and originally, WebUSB was not open like that! - and hardware vendor had to specifically whitelist domain URLs. This would be a much better compromise between security and usability.

Whitelisting was removed here as a move away to feature policy (similar to how webcams etc are handled) - #86 - I think both feature policy AND the explicit URL whitelisting would be good. (At that time I also thought this would be a good idea though.)

See my issue #127 that I still stand behind :)

[reillyeon]

I think this thread has done a good job of documenting a number of use cases for this API. Thanks all!