Comment by oneplane
4 years ago
Because users are users and they win inevitably do the wrong thing. Normally not such a big deal, but with the interconnected world a compromised user is a big problem. It's used as a stepping stone to compromise others, cause problems to other systems by using them as slaves in a botnet or simply using them to send spam.
Users need to be protected against themselves as long as they can't take responsibility for their actions.
If the user is going to be tricked on the web, they can be tricked in other ways. If the web doesn't support MIDI, users will just download MIDI malware as an app.
By your logic, the web should not have video support either, because users are users and it will inevitably be misused.
If you were serious about addressing this: We need clear and robust and granular permission dialogs on web and native apps. Ideally they'd be consistent across web/native, which would help users trust their software, and understand the permissions they give.
And then we need to crowd source what the default should be for each site, because otherwise every site will have 100 permission popups
Couldn't we hide the rarely used features behind a checkbox in advanced settings?