> Off by default lets everyone choose to turn it on if they're interested.
It lets more sophisticated users choose. Less sophisticated users however will more likely switch to a different browser the moment a site doesn't work before poking through settings.
I think a better way than a separate setting would be to go in the direction of many software firewalls and present it to the user as a choice when an application requests it as many browsers currently do with the location APIs. This would provide individual domain-level control over what permissions sites are granted by you. I don't know why this sort of policy seems to be restricted only to the location APIs...
It lets more sophisticated users choose. Less sophisticated users however will more likely switch to a different browser the moment a site doesn't work before poking through settings.
I think a better way than a separate setting would be to go in the direction of many software firewalls and present it to the user as a choice when an application requests it as many browsers currently do with the location APIs. This would provide individual domain-level control over what permissions sites are granted by you. I don't know why this sort of policy seems to be restricted only to the location APIs...