[chii]

There's no problem with having the capability in a web app. It's only a problem if those capabilities are not consented to b the user first.

[vinay_ys]

There is definitely no problem in having the capabilities in the hardware. But appropriate assured controls should have been built and provided to the end-user. The challenge is these controls are not in hardware-switch-esque form. They are left to the whims and fancies of individual apps. That blame goes to platforms.

[m463]

I disagree. Having things like this rolled into the browser means it's one security vulnerability or corporate decsion away from hurting someone.