[GrantMoyer]

It depends on how styleable the <permission> element ends up. I don't imagine any website will use it if it's limited to being an ugly default button with non-configurable text. But if the button is configurable enough, there's nothing to stop websites from abusing it for permission spam, just like the current model is.

Basically, I expect users wil stil need a way to defend against permission spam.

[bastawhiz]

This proposal doesn't (nor can it possibly) fix the issue of the site putting a full-viewport UI up that forces you to trigger a permission modal. That's an issue today, and it doesn't even have anything to do with permissions. See: cookie popups, newsletter popups, disable your ad blocker popups. It's impossible to avoid that problem, because the nag screen is the content of the page. Even if you block permission requests with today's options, the site can still do this to annoy you into changing your mind.

If you're on a site that follows your cursor around with this button forcing you to click on it, the SITE is spam, not the permission request.