yeah, this sounds to me like apparently some people think once again computer owners can't be trusted to grant a permission to anything because some clueless people can be tricked into shooting themselves in the foot.
IMHO I don't buy that this is worth nerfing everything. Without using the exact analogy from the above metaphor, what if we banned cooking appliances, because a bad actor might call people and trick them into turning the stove up to "High" and placing a roll of paper towels on the flame?
I use the WebUSB to manage my keyboard's configuration, and that popup is hard to misconstrue. Also what is even the overlap between users of USB security keys (the main attractive USB target I saw cited) and people who click mindlessly without reading anything?
This isn't just clueless people clicking mindlessly without reading anything. The user wants to log in with their U2F key. They get a box asking if the website can access their U2F key.
Even if they read and understand every word in the box, consult their security training (which tells them "when you log in with a U2F key a box will pop up asking you to select a device, that's normal") the only indication they're doing anything wrong is that the device selection box looks a bit different to normal.
IMHO I don't buy that this is worth nerfing everything. Without using the exact analogy from the above metaphor, what if we banned cooking appliances, because a bad actor might call people and trick them into turning the stove up to "High" and placing a roll of paper towels on the flame?
I use the WebUSB to manage my keyboard's configuration, and that popup is hard to misconstrue. Also what is even the overlap between users of USB security keys (the main attractive USB target I saw cited) and people who click mindlessly without reading anything?