You visit a page. It asks for device access. You get a dialog box choosing the device that matches the filter the site wants. You can either choose a device or decline. Site does not see anything other than what you approve.

What is difficult about understanding that?

You're the one missing the forest for the trees. The security risk is not caused by websites, but by the fact that the browser can access your USB devices in the first place.

By giving the browser access to your USB devices, the browser could act as a keylogger even when you're using other applications.

Further, as there's no proper way to sandbox this, you wouldn't just be giving the browser keylogging capabilities, but any native app running under your user.

> The security risk is not caused by websites, but by the fact that the browser can access your USB devices in the first place.

Then you'd better uninstall your browser, because this is already the case right now.

The fact that Chrome makes use of that capability and Firefox does not constitute a privilege/security boundary.

On security focused distros, it obviously works in neither browser right now, because it's a fucking stupid idea.

You could have an elevated service that has separate configuration for which devices the user wants to grant access to, and it could even work as a proxy to disallow "bad" usage patterns. The interface to USB devices doesn't need to be directly with the kernel.

It's true though that it's difficult to ensure only a certain process has access to it, though the default value set to ptrace_scope by e.g. Ubuntu is a step towards helping that.. But in principle the service can know which executable is issuing the request.

All in all this seems quite a big effort for perhaps not that great benefit. In the meanwhile I'll be using Chromium for WebSerial and WebUSB needs.

Except the browser can't even see the device if it's even a vaguely secure operating system.