[AgentME]

If web apps are fully sandboxed by default as today, then presenting the user a UI for a web page wanting to upgrade to a (still sandboxed permissionless) web app seems like a waste of the user's attention. Why should the user see a prompt just because a webpage wants to do some WebGL visualization (that doesn't put any of the user's data at risk)? It seems like the perfect recipe to lead to user apathy to permission dialogs and users clicking to allow permissions automatically, because most of the dialogs are for nothing, but then the user may be taught to click through actual important dialogs just as automatically. I'm reminded of when IE used to warn the user about secure connections.

[bityard]

> If web apps are fully sandboxed by default

Are they, though?

If they were, then tracking users via third-party cookies and other resources wouldn't be possible. Nor would it be possible for a web site in my browser to suddenly start taking up all of my CPU/RAM due to a programming error or malicious site such as a crypto-miner. For the relatively little isolation that does happen, sandbox-escape vulnerabilities seem to be getting discovered all the time.

Also, as a technical user, I want more control over what web sites can do with my computer than a non-technical user might.

The more holes you poke in a sandbox, the worse a sandbox it is.

[AgentME]

Third-party cookies seem to be on the way out thankfully. I agree that there should be a permission necessary (or at least some much better heuristic) for allowing a webpage to use too much CPU/memory.

[autoexec]

> Why should the user see a prompt just because a webpage wants to do some WebGL visualization (that doesn't put any of the user's data at risk)?

Probably because there's no way to say that it "doesn't put any of the user's data at risk". WebGL has been abused for browser fingerprinting which itself puts user's privacy at risk, but it also has a long history of very nasty vulnerabilities and exploits. It's been fully disabled in my browser for years because of the security issues.

[Seirdy]

Web browsers are not bulletproof. Their sandboxing implementations depend on OS features, which vary. Check a CVE database for your favorite browser and you'll find plenty of historic holes to dig through.

WebGL is one of the biggest fingerprinting vectors on the modern Web platform, and expands browser attack surface significantly. Most webpages should absolutely not have access to privileges like this.

[hackerfromthefu]

But WebGL does put the users data at risk. WebGL is an attack vector for fingerprinting which is data about the user, that gets correlated with other data about the user to stalk them.