this post was submitted on 31 Dec 2024
396 points (98.1% liked)

Technology

76365 readers
1295 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Emerald@lemmy.world 9 points 9 months ago (1 children)

don’t get me started on how bad of an idea it is to use webusb

I will get you started. Please explain.

[–] WhyJiffie@sh.itjust.works 7 points 9 months ago

there is no way to verify the downloaded package before installation.

also I generally deem both webusb, and chrome's broader filesystem access apis dangerous, partly because a vulnerability in the website permission checking code with this permission is much worse than with e.g. the camera.
but the more realirealistic problem is that its just too easy to grant a random website so deep permissions to your device, either by accident, by habit or because the user does not understand what is happening. just a click or two and you have just granted a ransom website full access to your drive. with webusb, they can even write a bootable anything to your pendrive.

my concern here is not that you cannot make sure that the graphene website will only do what it needs to, but that the feature exists at all, because of all the other websites. I sincerely bless mozilla for not implementing these.