WebUSB. Could websites know what's connected to my computer?
WebUSB. Could websites know what's connected to my computer?
Was browsing on the GrapheneOS website and came across a new thing called WebUSB, which is essentially a JS API through which GrapheneOS web installer worked.
This got me wondering, if website could read what's plugged into my computer like my phone or disks, isn't that a huge risk to privacy? I don't know how this works (haven't used it) so I would like to know about its privacy.
AFAIK Firefox doesn't allow this API, so that's a relief (I use librefox), but what about other browsers? I am getting a bit paranoid.
[Also, are there other APIs like these; which are a privacy nightmare that websites could use?]
When you use it the browser pops up a window to select a device to connect, I'm not sure if the website can see anything until you actually pick a device and allow.
Yes there is a risk of bugs being exploited just like any other feature in a browser. Another example is WebRTC being used to de-cloak VPN users. I think WebGPU and/or WebGL also had exploits that allowed remote code execution or escaping the browser sandbox.
WebRTC being used to de-cloak VPN users
The clock of my device always match with the location of the server of my VPN provider
For those who actually think I said clock instead of cloak :)
If they can, I'm going to buy a whole bunch of vibrators that charge via USB
Be careful, you might get a virus. https://www.malwarebytes.com/blog/news/2024/02/vibrator-virus-steals-your-personal-information
Even computer get STD