Whitelists/allowlists are tricky, because they create a bias towards existing, larger players. If you're creating some new gadget, you now have to convince the browser makers to allow it through. And the browser makers need to come up with some way to have a level of confidence that requesters are not just trojan horse manufacturers. Or so lax on security that a rogue website can use your USB connection to reprogram the device's firmware to emulate an ethernet device that will MitM your network.
You can let the user accept new entries, but then you're back having to give random nontechnical people enough context and information to make the correct choice when a random website causes the permission dialog to appear. Empirically, that doesn't go too well.
Whitelists/allowlists are tricky, because they create a bias towards existing, larger players. If you're creating some new gadget, you now have to convince the browser makers to allow it through. And the browser makers need to come up with some way to have a level of confidence that requesters are not just trojan horse manufacturers. Or so lax on security that a rogue website can use your USB connection to reprogram the device's firmware to emulate an ethernet device that will MitM your network.
You can let the user accept new entries, but then you're back having to give random nontechnical people enough context and information to make the correct choice when a random website causes the permission dialog to appear. Empirically, that doesn't go too well.