Was browsing on the GrapheneOS website and came across a new thing called WebUSB, which is essentially a JS API through which GrapheneOS web installer worked.

This got me wondering, if website could read what’s plugged into my computer like my phone or disks, isn’t that a huge risk to privacy? I don’t know how this works (haven’t used it) so I would like to know about its privacy.

AFAIK Firefox doesn’t allow this API, so that’s a relief (I use librefox), but what about other browsers? I am getting a bit paranoid.

[Also, are there other APIs like these; which are a privacy nightmare that websites could use?]

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    36
    ·
    2 months ago

    When you use it the browser pops up a window to select a device to connect, I’m not sure if the website can see anything until you actually pick a device and allow.