For native desktop applications revoking relies on the application not being malicious and letting you uninstall it, so there isn't really any prior art or better current alternative.

Yeah, this doesn't seem like a fair criticism. If you've got a pitch for a better UX, cool, but this is so much better than the status quo that it's hard to see what the problem is?

I think you are talking about which app platform is better? I am talking about how to make a web browser—in the literal sense—safe. My point is that the current UX for shoehorning an app platform into a web browser makes browsing too unsafe. By browsing I mean “click any link.”

I don't see it, what is the attack you're thinking of? I think we all agree that clicking any link must be safe. Is the problem that, after confirmation, you can do things like download and run an exe or grant access to a USB gamepad?

Can I tell you my use case? I don't buy many gadgets, I'm a nerd and some look fun, but I don't want to run drivers from noname vendors. That's so much trust, and it's a ton of work to for me (a pro) to audit them. I 100% will give their site web bluetooth access though, nbd. 🤷‍♂️

I agree kernelspace device drivers suck; let’s get rid of them. I also agree that there should be safer Bluetooth APIs available to apps on all platforms. It doesn’t follow from that every web browser needs to implement WebBluetooth.

We agree we need a safer way to use devices. We also agree it doesn't *have* to be the web (I happen to think it's a pretty good place to put it though). I'm trying to understand what the attack against it that makes you think it will be unsafe?

One concern from Mozilla folks is that it exposes to the Web things that weren't designed with the knowledge that they'd be exposed to arbitrary Web content. (There should be straightforward ways to address this.) This isn't theoretical; see blocklisting of Yubikeys in WebNFC.

A user could be tricked into granting access to a device they shouldn't, that's a problem that needs to be solved. Today, not only could a user could be tricked into a running an exe they shouldn't, there is no way to understand what that executable can do. Isn't that worse?

I agree executables are often dangerous. However, as long as the Web is a multi-vendor multi-OS platform, there will be things you can do in native apps on at least some platforms that the Web can't do. So some level of unusual or new things will always need native code/apps.