[codedokode]

Yes instead of IP address the API now provides Apple DNS hostname. But a proper solution would be to put this unnecessary API behind a permission.

[illiarian]

There are too many APIs that need to put behind permissions for permissions to be useful.

No idea how to solve this though.

[notatoad]

i want the chrome apps model to come back - put your permission requests in a manifest, and when the user clicks and install button the app gets its permissions. so "web apps" that the user cares enough about to install get useful features, but pages that you just visit briefly don't.

[illiarian]

> i want the chrome apps model to come back - put your permission requests in a manifest, and when the user clicks and install button the app gets its permissions.

So you will get the Android case where flashlight apps where asking for everything, including location data and contact access, and people were giving it to them

[notatoad]

you can't protect everybody from themselves all the time.

some people are just gonna agree to everything, and you can't stop it. don't ruin apps for everybody just because some guy who couldn't care less shared some data with an app you think they shouldn't have.

[illiarian]

> you can't protect everybody from themselves all the time.

It's not an either-or thing. There are multiple levels to security, and just shoving everything into one big prompt, and letting users deal with it ain't it.