[SynchrotronZ]

I'm... not sure I want this. It sounds pretty useful/fun form a programmers perspective.

But from an end-user perspective I fear that it will lead too various "features" hogging resources. I would assume I could block them client-side, but I'm also the family-tech and quite frankly I don't expect my grandparents to do the same.

[mmahemoff]

"User agents must not provide Push API access to webapps without the express permission of the use"

I share your concern. but I share a great fear that web apps will become increasingly irrelevant if they remain just documents that can't do anything when they're not explicitly in a running tab/window.

The permission requirement is the same one that allows for local storage, which could have caused great problems, but has so far held up well.

[dspillett]

> The permission requirement is the same one that allows for local storage

Assuming this does not allow the push of UI interaction, then yes. If it would allow UI responses to be pushed then we would be one XSS vulnerability or "uneducated users" away from a new set of exploits for forcing pop-under advertising , and other potentially more insidious problems, through.

Local Storage and Index DB are storage only so the only attack routes are DoS-due-to-disk-full-errors which is generally less attractive (you can make more money pushing stuff to people than pushing people off the network).

[travisby]

And the Ask toolbar doesn't get installed without expressed permission, either.

[nailer]

We all get phone calls or text messages now when we don't have the associated binary apps open. Isn't this just the same thing for web apps?

[TheOtherHobbes]

It's the same things for web apps, with added near-infinite possibilities for spam.

[nailer]

It's permission based. Read the linked spec.

[TheOtherHobbes]

Are the permissions fine-grained enough to give users the power to say Yes to useful content and No to intrusive marketing messages?

Or is the option to include that choice going to be left to site designers?

[nailer]

I can't see that in the spec, so no. Like most things, if you don't like an app, you can revoke it's privileges and uninstall it.

The questions you keep asking are basic things solved by reading the article - you seem to have concerns, but you haven't done the minimum amount of work necessary to determine whether your concerns are valid.

[domenicd]

Permissions are per-origin.

[vbezhenar]

Safari supports push notifications from websites for a while. I've found it convenient for the news websites I often visit just to check for new content. It's like RSS integrated into OS. One can misuse it, but generally it's useful.