Comment by stagas

Browsers should just bundle all the advanced but privacy concerning APIs into a single App permissions dialog that you get on the domain you visit and that's it. That should include everything JS except simple DOM manipulations, so you don't have to completely disable it as most regular websites just need a few hover events and image carousels. When a website needs to be an app, the web can and should act as an application delivery platform with proper permission dialogs and installation prompts. Separate the concerns and you're done, instead of this farce, but of course when an OS company is focusing only on short-term revenue rather than empowering their users in the long run, they would be blind to solutions like these.