"permission prompts confuse users" I'd like to see the supporting evidence here, and I'm not being antagonistic, I honestly want to know more about this. I also wonder if this will still be true now that Apple is going consent-everything on the iPhone.

"This web app would like to access your device's accelerometer to _____. Accelerometers measure movement, motion and vibration." [ Allow? ] [ Disallow ]

Does that explain that if you leave the accelerometer on while you walk around a city, the app could tell what route you took by matching it to maps?

Or that if the accelerometer is enabled while showing you videos of people you might find attractive, the app could probably figure out your sexual preferences/orientation?

Is that necessary though? Can't one limit the accelerometer data only when the app is in use? Aren't android/ios moving toward that direction (permissions that are granted while the app is in use)?

That probably fixes most cases of the first attack I mentioned, but doesn't do anything to alleviate the second.

what bothers me most about conversations like this is I can't see how any of the arguments uniquely apply to webapps but not native apps. and if they aren't that different, then it seems really counterproductive to only wage the battle on the web standards front.

Clicking/tapping/activating a link should be a safe action that users don't have to reason carefully about. Some of these arguments are indeed different if the user has performed some sort of installation ceremony for the Web app... though I don't think we've standardized that.

I think the vast majority of new device APIs should be kept from web content entirely, not even with permissions, unless the installation has happened. the use-cases for installed apps to use these, and do so responsibly (with perms) far outweighs the use-cases for sites.