But any click can do that, right? No need for it to be a fake Allow/Deny prompt.... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jfoster on April 29, 2019 | parent | context | favorite | on: The inception bar: a new phishing method

But any click can do that, right? No need for it to be a fake Allow/Deny prompt.

The best I can think of is that it does 2 things:

1. Preserves the "true" allow/deny prompt for a time when the user will allow.

2. Lulls the user into a sense of security. The page is nice and/or their browser will ask about anything the page tries to do.

ehnto on April 29, 2019 [–]

My guess is something to do with needing to have a user prompt certain types of cross site javascript actions.

It also needs to seem legitimate so people click it but don't report it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact