-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebHID (Human Interface Device) API #459
Comments
I don't see enough information in the API to understand the proposal. There is a bunch of IDL, but no normative citations to definitions for many of the fields that are exposed. There is discussion of security and privacy threats that are akin to those for WebUSB, which suggests this might share some of the same sorts of risks as WebUSB, but there isn't enough information available to make any sort of determination. Suggesting |
Please take another look, I've updated the specification and I believe everything is now sufficiently specified. |
Is my timeline correct? Why does Chrome team even bother pretending they care about standards and standards processes? |
Here are some events to add to this timeline:
|
This is very much like WebUSB in both capabilities and threat model. Limiting the set of devices to those that identify as HID doesn't change that. It allows for more narrow targeting of devices and changes the protocol, but as capabilities are still generic, the outcome is equally unknowable. Closes mozilla#459.
I'd like to address dmitriid@'s and beaufortfrancois@ comments with a personal opinion. I work on Chrome adding these capabilities. We do strive to develop in the open, solicit feedback on proposals, and draft specifications & cross browser tests. In our ideal world we would communicate and reach relevant interested people as early as possible and have constructive discussions. My personal belief is that in WebHID we understood that the web application developer need was strong and established years ago with Chrome Apps. We knew that some of the other browser vendors were not interested in cooperating on a timeframe we and application developers were motivated to execute on. The timing dmitriid@ details particularly highlights a frustrating lack of meeting good communication goals. I'd like our Chrome team to have done better there. I'd like to share that we understand and have heard you. It is also unlikely that changing those particular timeline items would have changed Mozilla's position in 2020 or 2021. We understood that from Marcos's tweet, non recorded communications, and the previous USB position etc. However, ideally we still would have had more communication earlier. I am glad there are so many developers passionate about creating a successful web platform, and encourage as much proactive communication as possible. For those interested in solving problems related to this, the Device and Sensors working group has been an excellent forum. |
Actions speak louder than words: https://webapicontroversy.com
What actually happened: The only two remaining competitors have explicitly stated that these poorly thought-out and underspecified "standards" (which are nothing more than Chrome's internal APIs) pose a significant security and privacy risk. Chrome said: we don't care. It is literally Chrome who's not interested in cooperating.
Translation: we have a bunch of APIs that are: developed by Chrome, enabled by Chrome and that exist only in Chrome that we just enable by default regardless of consequences. Our goals:
Ah yes, and do so under the guise of "developers want it" and "this is for the better of the web".
Translation: we're busy fracturing the web platform by replacing it with Chrome, and we couldn't be happier doing that. [1] This is a longer issue than can be effectively put into a GitHub comment. The gist is:
The pretence that Chrome "cares for the better web" should just stop. |
@dmitriid that is off-topic for this repository. Please limit your comments to the merits (or otherwise) of proposals. |
This is very much like WebUSB in both capabilities and threat model. Limiting the set of devices to those that identify as HID doesn't change that. It allows for more narrow targeting of devices and changes the protocol, but as capabilities are still generic, the outcome is equally unknowable. Closes #459.
We have seen interest in this API from extension developers and on WICG/webhid#97 we are currently exploring the changes necessary to support it in extensions using Manifest V3, which require service workers and thus lose access to APIs that were previously available on a background page, which had access to the full |
This is very much like WebUSB in both capabilities and threat model. Limiting the set of devices to those that identify as HID doesn't change that. It allows for more narrow targeting of devices and changes the protocol, but as capabilities are still generic, the outcome is equally unknowable. Closes mozilla#459.
Request for Mozilla Position on an Emerging Web Specification
Other information
This API is in Origin Trial starting from Chrome 86.
The text was updated successfully, but these errors were encountered: