should a browser have api-s allowing websites to access directly the file system and usb devices which might be insecure and help in fingerprinting or it should not. a.k.a chrome against all the ants.
It already does though. It's the type=upload box we've had for decades. Think of it as how smartphones let you give access to only a specific file or see a subset of files. The "UI" is just using a system control. You can also drag and drop files into the browser too. This is all available to javascript.
It doesn't. Websites don't have access to your file system.
> It's the type=upload box we've had for decades.
It isn't. That isn't giving the access to your file system to a website. That is simply providing a file to a website. The website doesn't even get the real path to the file but a C:\fakepath\filename.
> You can also drag and drop files into the browser too. This is all available to javascript.
Again, that is not giving access to your filesystem to a website. That is giving a file to a website.
I do agree partially but I don't see a difference in practice
Using your definition every app on Android and Apple doesn't have access to your filesystem either.
Just like you have to select which image from your camera roll that Facebook is allowed to see / access. It gets that one image, and only that image, on purpose. It doesn't get to have a free for all through your files.
In this case, Safari also doesn't implement the API, and that's far from an ant. Plenty of cases where something is effectively everywhere but in Firefox, but this time Apple also decided against it.
