Hacker Neue

Preferences
JimDabell parent
That website is full of non-standard things. For instance Web NFC and Web Bluetooth are not standard web platform APIs, they are Blink APIs that have been rejected on privacy and security grounds by both Mozilla and Apple. Nothing apart from Blink has implemented them.

Mozilla on Web NFC:

> We believe Web NFC poses risks to users security and privacy because of the wide range of functionality of the existing NFC devices on which it would be supported, because there is no system for ensuring that private information is not accidentally exposed other than relying on user consent, and because of the difficulty of meaningfully asking the user for permission to share or write data when the browser cannot explain to the user what is being shared or written.

https://mozilla.github.io/standards-positions/#web-nfc

Mozilla on Web Bluetooth:

> This API provides access to the Generic Attribute Profile (GATT) of Bluetooth, which is not the lowest level of access that the specifications allow, but its generic nature makes it impossible to clearly evaluate. Like WebUSB there is significant uncertainty regarding how well prepared devices are to receive requests from arbitrary sites. The generic nature of the API means that this risk is difficult to manage. The Web Bluetooth CG has opted to only rely on user consent, which we believe is not sufficient protection. This proposal also uses a blocklist, which will require constant and active maintenance so that vulnerable devices aren't exploited. This model is unsustainable and presents a significant risk to users and their devices.

https://mozilla.github.io/standards-positions/#web-bluetooth

coupdejarnac
How is asking for user consent insufficient? I smell Apple propaganda.
ajross
Never really understood Mozilla's position on remote device access.

Yes, it's a risk, essentially by definition. It's no less so (and in particular absolutely not helping your browser product or the web platform!) if you just punt and force everyone to use a proprietary iOS/Android/Windows app instead.

Innovation happens on the physical side of the design wall too, you can't just put your head in the sand and figure someone else will solve it. That's how we got the walled app gardens in the first place.

And just to make this concrete: QMK keyboards configure magically by pulling up a web page ("use.via") on the device. Lots of gadget-space open source hardware uses similar tricks. This is not an obscure or useless feature. And it's deeply sad that Firefox[1], in its senescent obsolescence, doesn't even want to pretend to play for a piece of that action.

[1] The archetypical hacker's browser in its prime!

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal