Mozilla Connect

That's an absolutely insane false equivalency. You can't seriously compare sandboxed, limited access to hardware devices authorized by the user to granting websites unfettered hypervisor access. This is just a disingenuous argument.

Adding any new feature will increase attack surface, and how low level a feature is does not necessarily dictate how much risk is involved. Most vulnerabilities in browsers these days are because of poor memory management, not due to the nature of the APIs that are implemented. For example, the very recent CVE-2024-9680 was due to a bug in the AnimationTimeline API. It is ostensibly a high-level API, but resulted in arbitrary code execution in which the attacker could do pretty much anything.

So just because a feature allows lower-level access to hardware devices does not mean it's any more likely to introduce a vulnerability than any other feature. The risk introduced by a feature must be evaluated against the usefulness of it, and so far it seems Web USB, Web Bluetooth, etc. have filled a niche that has seen adoption with some great use cases, for example:

• Arduino has a web-based IDE which can flash directly from the browser. This is advantageous because Arduino hardware is often used in educational settings, where weak and often locked-down devices like Chromebooks or netbooks are ubiquitous. It simplifies setup for educators, administrators, and school IT, and in fact hardens security posture.
• iFixit's soldering iron can be configured from the web without installing any native software.
• Pixel phones can be recovered from a bricked state using a web-based tool, without the need to install any additional software.
• ESPHome and the related ESP Web Tools project are often-used in the home automation space to facilitate quick configuration or flashing of firmware onto ESP-based devices.

I'm sure there are others I've missed; these are just from the top of my head. What all of these things have in common are that end users do not need to install an additional piece of software to work with their device, and the hardware manufacturers do not need to worry about maintaining a tool (including: updating dependencies that have bugs, being careful with memory management, etc.) for many different platforms. See my previous comment for more thoughts on that.

As this suite of APIs sees more mainstream adoption, Firefox will be seen as lagging behind other browsers.

Consider that Web APIs which provide access to hardware devices are significantly safer in terms of security than the present alternative: instructing the user to download a random executable that likely needs to run with administrative privileges on the machine. With Web USB, Web Serial, etc. access is limited to only the devices the user specifies (+ only to that specific origin), and I certainly trust web browser vendors more to not introduce silly bugs that lead to compromise of my machine — I mean, have you seen the quality of the utilities that hardware vendors come up with?

It's a win-win for users and manufacturers: users do not need to worry about installing highly privileged, potentially buggy software on their machine and instead just use a simple webpage; manufacturers do not need to worry about platform-specific implementations of hardware APIs, maintaining the utility software, pushing updates to users, etc.

I would also like to add that devices can implement a specific descriptor that defines the origins that the device trusts to access it. Why not begin with an implementation which allows only a device's trusted origins to access it, and hide a "show all devices" option behind about:config? This would eliminate a big chunk of risk.

exactly this, thanks for putting more words to the point

at the end of the day it really is just simply this ^^^

they aren't focusing on what the community wants and are doing questionable and, frankly bad or pointless decisions and they're really gonna start losing users over it soon if they don't get their act together