I’m not convinced because many of those “legitimate websites” don’t have a very good track record of respecting user security and privacy. Given past events, I find it hard to believe that the ad industry or the entertainment industry or any other industry won’t abuse access to these APIs. To make it worse, if popular websites wants permission to use these highly-invasive APIs, users would have no choice but to cave in. This worries me a lot.
Even if you don’t consider bad intentions, the security implications are huge. Imagine if Zoom had used this feature. The security fiasco a few months back would’ve been made a whole lot worse.
The “legitimate websites” that disrespect privacy and security almost always do that in a way transparent to the user (ignoring the cookie prompts, but I don’t think that’s a fair comparison). For example, news websites could try and access my location info, but they don’t because there’s a permission prompt which would appear.
For this particular feature, there can be no meaningful transparency whatsoever. Permission to use TCP or UDP is very, very different from permission to access location info. Any user can easily imagine the possible consequences of allowing the latter, but the definitely not the former. Heck, no one can possibly know the actual consequences unless someone goes through the effort to reverse engineer websites using this feature.
Even if you don’t consider bad intentions, the security implications are huge. Imagine if Zoom had used this feature. The security fiasco a few months back would’ve been made a whole lot worse.