> 1) Prompt the user to download a native app. 2) Prompt the user to follow a link to an app store for their OS. 3) Prompt the user to allow the website access to the Web USB / Web Bluetooth APIs.
99.9999999999999999% of the websites out there doesn’t or shouldn’t need HW-access.
100% of the malicious websites out there will use this the second it lands. That’s one line of code to land seriously serious exploits.
Before their only option was your 1, 2, 3 steps above.
Clearly this is a quantum leap forward, for malicious sites first and foremost.
> 99.9999999999999999% of the websites out there doesn’t or shouldn’t need HW-access. 100% of the malicious websites out there will use this the second it lands. That’s one line of code to land seriously serious exploits.
The same can be said for native apps. Are you in the "no Bluetooth/no USB ever" camp? That's totally fair if you are.
99.9999999999999999% of the websites out there doesn’t or shouldn’t need HW-access.
100% of the malicious websites out there will use this the second it lands. That’s one line of code to land seriously serious exploits.
Before their only option was your 1, 2, 3 steps above.
Clearly this is a quantum leap forward, for malicious sites first and foremost.
The rest of the web isn’t going to give a fuck.
So why are we investing in this?