There are use cases for things like Arduino (a microcontroller development board). We'd like to allow uploading to Arduino boards from an online IDE. We'd also like to allow for interaction between sensors and actuators on an Arduino board and websites (e.g. programs written in the Scratch visual programming language). Yes, we can do much of this by having the user install a local application that communicates via web sockets, but that has its own security implications and adds an additional step for the user.
Unfortunately the obvious way of doing this with WebUSB is, from a security perspective, equivalent to giving the online IDE the ability to install arbitrary code. The Arduinos with sophisticated enough USB stacks to support WebUSB can also be reprogrammed by sketches to emulate a keyboard and inject keystrokes, including a series of keystrokes that downloads and executes a malicious executable.
> Yes, we can do much of this by having the user install a local application that communicates via web sockets, but that has its own security implications and adds an additional step for the user.
You're target audience is arduino hackers, and you're worried about them installing an app? You need to seriously reassess your assumptions.
It still doesn't make any sense. Who that's not intimidated with soldering irons and wiring circuits up that can literally burst into flames if you do it wrong, is going to say, "Heavens to Betsy! I have to click an installer! My word, I'm comin' down with the vapors!"?
