WebUSB Extension for Firefox
34 points by tuananh 3 hours ago | 24 comments
sva_ 30 minutes ago
I recently flashed GrapheneOS on a Pixel for a friend. I was very surprised that you can do this entire process from the browser using WebUSB - the only downside being that it required me to launch Chromium.
replyOrygin 49 minutes ago
No thanks. I'll accept it in my browser when they fix the security implications this raises, and when the Spec is no longer in draft.
replyRetr0id 40 minutes ago
The security implications of not having WebUSB are having to install untrustworthy native drivers every time you want to interface with a USB device.
reply1313ed01 28 minutes ago
Sounds like something that could have a standalone usb-driver-container or special chromium fork for the 0.00001% of users that need it instead of bloating every browser with yet another niche API and the inevitable security holes it will bring.
replyrafram 26 minutes ago
On macOS, I think I've installed device drivers exactly once in the last decade, and they were for a weird printer.
replyskydhash 34 minutes ago
That sounds like a Windows problem.
replyRetr0id 31 minutes ago
I'm not familiar with the Windows platform but although you can have userspace USB drivers on linux, you still need to be able to run code that can talk to the sysfs interface.
replymonegator 28 minutes ago
you do know microsoft OS 2.0 descriptors are a thing, right?
or that you can force the unknown device to use WinUSB
replybut really most devices you want to interface to via webusb are CDC and DFU so.. problem solved?
Retr0id 24 minutes ago
I'm unfamiliar with the Windows platform but that sounds like something that still requires executing code locally.
replymonegator 18 minutes ago
Not sure what you mean.
replyAnyway OS 2.0 descriptors are a custom USB descriptor that basically tells the device to use WinUSB as the driver. The burden then is in the application that will have to implement the read/writes to the endpoints instead of using higher level functions provided by the custom driver.
If you ever developed software with libUSB, using WinUSB on the windows side makes things super easy for cross platform development, and you don't have to go through all the pain to have a signed driver. Win-win in my book.
pjc50 20 minutes ago
.. or HID ( https://usevia.app/ , for programmable keyboards)
replymonegator 16 minutes ago
yes, you can always use some nasty protocol over HID for your devices. But really most of what i do is one or multiple bulk endpoints so i can achieve full bandwidth (downloading firmware, streaming data, ...)
OS2.0 made it possible to do it without having to write and sign a driver
replyzb3 35 minutes ago
What are the security implications this raises that downloading native programs (needed for example to flash my smartphone) doesn't raise?
replygear54rus 47 minutes ago
And I'll just fire up a chrome instance which I specifically keep for when my daily driver firefox decides to spazz out and not implement basics in 2026 :'(
replylpcvoid 39 minutes ago
How do you make sure that technically illiterate people don't just click away the requestDevice() popup? IMHO a browser offering device level USB access is a security nightmare and there is no way this can ever be made safe and convenient at the same time.
replylimagnolia 14 minutes ago
Isn't that the same excuse Gooogle is using to lrevent folks from installing what they want on Android phones?
replygear54rus 15 minutes ago
You simply don't. This quest of saving idiots from themselves is not gaining anyone anything and meanwhile other people get more and more useless restrictions.
replyexe34 31 minutes ago
You can ask them to type one of the following sentences:
reply"I know what I'm doing, and giving a random website access to my USB host is the right thing to do."
"I'm an idiot."