You have to balance the this ease of use with increasing potential attack and fingerprinting surface. Correct approach is something in the middle - a separate off-by-default setting or recommended official extension.
replyChrome has the option to turn off APIs by default. I do it for my installs. I think that disabling that option for everyone is not a good approach as average user will never figure out how to enable it, making that technology effectively dead, so we get back to installing host software.
replySometimes security and usability contradict with each other.
...in your opinion. the firefox team disagrees.
replyThey already killed Firefox. It has 2% marketshare. Next to something called "Samsung Internet" LoL. They're not in position to force technology usage.
reply