-
@tjcrowder It’s been a while since I last read the spec, but I think it’s up to the implementor to determine how it is enabled and whether it requires a user to grant permission for a site to use the API. My position is that it’s something users should have to grant permission for.
-
@tjcrowder Of course I also think our current approach to permissions is less than ideal and am exploring ways to improve that experience to better inform and protect users.