Google first tendered the notion of "WebUSB" in 2016, although in December 2018 it was still in Editor's draft status.

Only supported in the Chrome browser, it allows Javascript running in the browser to directly access USB devices (ostensibly with user permission).

It is fascinating or terrifying depending on how you look at it. On the positive side, it perhaps facilitates connectivity between the legions of web-only-mindset developers and actual hardware. With computing devices becoming increasingly hostile to local peripherals, this could be a welcome change. However, on the negative side, it could be yet another attack vector.

Google's 2016 post paints an artificially rosy picture.

Note their very particular wording of "what you could expect with the WebUSB API" when they describe an idealized plug-in-a-device-and-it-just-works future with WebUSB.

The unvarnished reality is that this driver-less future requires... well... the exact same hunting down and installing of drivers.

In Linux, udev rules must be added to allow permission to access the device. (I always think there is such irony in Linux being so obstinate with USB devices, but yet being entirely open to immediately upload any piece of data on your computer to the cloud (or USB device that appears to be a network connection), but that is another story.)

In Chrome OS, there is a USB permission_broker that selectively allows access to devices. If your device doesn't agree with the particular configuration cocktail of that computer, you are plain out of luck.

Windows is the most onerous. Chrome only works with custom drivers that use WinUSB/libusb, so not only must the user install a driver, but it must be the "right" driver compatible with Chrome/WebUSB! (Ah, what irony relative to Google's rosy description of what WebUSB was supposed to prevent.) Programs such as Zadig provide the only hope of creating such a custom driver.

So, take the hype with a hefty degree of cynicism.


back to main page contact