I would love to see a user study of the following scenario: I don’t trust video call site X but a job interviewer sends me a link to a video call using that site. I want to enable camera and mic access for that site for the one call and never again. What % of users can do it?

For native desktop applications revoking relies on the application not being malicious and letting you uninstall it, so there isn't really any prior art or better current alternative.

Yeah, this doesn't seem like a fair criticism. If you've got a pitch for a better UX, cool, but this is so much better than the status quo that it's hard to see what the problem is?

I think you are talking about which app platform is better? I am talking about how to make a web browser—in the literal sense—safe. My point is that the current UX for shoehorning an app platform into a web browser makes browsing too unsafe. By browsing I mean “click any link.”

I don't see it, what is the attack you're thinking of? I think we all agree that clicking any link must be safe. Is the problem that, after confirmation, you can do things like download and run an exe or grant access to a USB gamepad?

Can I tell you my use case? I don't buy many gadgets, I'm a nerd and some look fun, but I don't want to run drivers from noname vendors. That's so much trust, and it's a ton of work to for me (a pro) to audit them. I 100% will give their site web bluetooth access though, nbd. 🤷‍♂️

I agree kernelspace device drivers suck; let’s get rid of them. I also agree that there should be safer Bluetooth APIs available to apps on all platforms. It doesn’t follow from that every web browser needs to implement WebBluetooth.

We agree we need a safer way to use devices. We also agree it doesn't *have* to be the web (I happen to think it's a pretty good place to put it though). I'm trying to understand what the attack against it that makes you think it will be unsafe?

One concern from Mozilla folks is that it exposes to the Web things that weren't designed with the knowledge that they'd be exposed to arbitrary Web content. (There should be straightforward ways to address this.) This isn't theoretical; see blocklisting of Yubikeys in WebNFC.

A user could be tricked into granting access to a device they shouldn't, that's a problem that needs to be solved. Today, not only could a user could be tricked into a running an exe they shouldn't, there is no way to understand what that executable can do. Isn't that worse?