Comment by toraway

  > you request webUSB access maliciously to some random device
  > an unsavvy user is likely to click ok

That's not how WebUSB works, the user always has to pick the device themselves from a list. The list cannot have a device pre-selected, and the "Connect" button is greyed out until the user makes a choice themselves.

The default "wtf? get this out of my face" path for a confused user is "Cancel".

The list can be filtered with vendorId filters defined ahead of time, but even if only a single device qualifies the user still has to chose to click it to enable the "Connect" button.

Once a device has been selected, it is considered "paired" to that specific site and the site can see its presence if available on future page loads. The user can revoke access/"unpair" from the site permissions button.

See example below of the pairing process:

https://imgur.com/a/HkpHBW5