Are there any examples of that happening on the web yet? All browser vendors agree that most of these new features need to be behind explicit permissions.
Hell people are still complaining about full screen permissions pop-ups and no browser has gotten rid of them yet because they know the problems that could come from it.
If anything there is a push to go the other direction, making previously "enabled by default" things behind permissions.
You're right that they're (ostensibly) placing emphasis on permissions at the moment, but I don't see that staying the same if websites start adopting and using these features in any quantity.
> Are there any examples of that happening on the web yet? All browser vendors agree that most of these new features need to be behind explicit permissions.
Well, WebRTC is enabled by default. Exposes your real IP, and allows anyone to portscan your whole LAN.
WebRTC never had permissions so that's not an example of a feature that had its permissions removed after a time.
And that was actually the feature I had in mind in my last paragraph. There is a pretty big push to put it behind a permissions window (at least for local network access).
Why was something like this ever implemented without permissions anyway?
If such a big mistake is made – releasing info about devices in the LAN, de-anonymizing people, and releasing location data – then what mistakes will be made with WebUSB or WebFilesystemAccess?
I seriously don’t want anything to ever have access to anything unless I grant it.
There’s a reason UNIX has no execute permissions by default for files, and a reason why I use SELinux.
This whole browser shit destroys the whole security model.
Many consider it a mistake (I sure as hell do), hence everything else being behind a permissions model.
I could ask you why SELinux is necessary in the first place, but the fact is that mistakes are made and learned from, and additional software is made to fill in the gaps.
If you want that amount of control, there are plugins that grant it, and using a plugin is much like using SELinux to fill in gaps or mistakes in the platform.
Software will never be bug free, and that's not an excuse to never write anymore software.
Hell people are still complaining about full screen permissions pop-ups and no browser has gotten rid of them yet because they know the problems that could come from it.
If anything there is a push to go the other direction, making previously "enabled by default" things behind permissions.