> I don't see why any website should need special direct access.
And this also holds back things like better security from USB security keys.
You have to access the key in exactly the way that is implemented ... even if that implementation sucks or has bugs or has security failures.
Everybody hates Electron .. but then want to hamstring the browsers. Well, people still want do do the thing they want even if you don't let them. They will find a way around .. and currently that way around is Electron.
I believe USB security keys are covered under a different API.
But even then, you can use this argument against it. When this type of USB access is allowed, it gives phishing attacks even more power. Now, you’ll click prompts for authentication and little did you know that malicious actors and read/write the entire USB drive!
And this also holds back things like better security from USB security keys.
You have to access the key in exactly the way that is implemented ... even if that implementation sucks or has bugs or has security failures.
Everybody hates Electron .. but then want to hamstring the browsers. Well, people still want do do the thing they want even if you don't let them. They will find a way around .. and currently that way around is Electron.