Comment by username223

"Requested upon being needed" might work if it weren't possible for sites to get around it by probing and popping up their own "yes / ask me again later" dialogs. Have the APIs ask on the first call, with a "yes/no + make answer permanent" dialog, and return fake data if the answer is "no." If people were sufficiently annoyed by constant requests for stuff a basic webpage wouldn't seem to need, the web might become a better place.

But yeah, web browsers basically run arbitrary code written by hostile companies, with layers of indirection to confuse accountability. In that environment, you have to weigh "nice to have" against "could be abused," and err on the side of caution.