Uncertain about USB, Bluetooth, Locks, Keyboard Lock, and Native File System.

I don't want my browser doing those things.

Nothing wrong with that! But to take an example, when I hit a share button on a page I want to see the native share box, not some hideous iframed monstrosity that only works with Facebook. So I want Web Share. And I don't want to download an entire native app just so that I can receive a push alert when my food order is on the way, a web site works much better for that. So I'm happy that Web Push exists.

I get the nostalgia for the "simpler days", but web browers are essentially a universal OS these days. As both a user and a developer I'm quite happy with this.

We hear this pretty often without any evidence. He is a user, you are a user, that makes two opinions.

I think the reality that companies set the rules and people just swallow what they get because alternatives require huge efforts.

We also heard that users want large tiles that are all over their desktop with zero functionality.

I personally don't think it would take off, because I think most user attitudes range from "want these features" to "ambivalence". But if you're so certain, why not try?

Because it runs contrary to maintainer’s interests?

However, maintaining such a fork is not the only prerequisite for it “taking off”. It may well be that my great uncle would love that feature - but how are you going to get his attention when several vendors are already spending millions of dollars in marketing/design/etc to influence which browser he uses?

Two things:

1. The person you respond to is also a user, no reason to dismiss their point of view

2. I don’t think browsers asked users for what they want! It’s a bit disingenuous to say “that’s what users want” when the communication is one way only.

Very few people ask for a specific implementation of a feature unless they want you to clone something they've seen elsewhere. People don't do that.

In user focus groups I've been in though users have told me that they find it hard to know when they need to pay attention to something, or when they've been tagged in to something, or to know when a server side task has completed, or when a long-running webworker process has completed. All of those things are obvious use cases for some sort of notification, and when the feature has been implemented users both enable them and click on them.

Heck, I got a Google Calendar notification pop-up while I was writing this comment.

The problem is that you don't want notifications so you want them to be removed from browsers and then no one gets notifications even if they want them. That's not reasonable. The answer is that you need to be able to block them easily; to turn that feature off for yourself. This exists (in Chrome) - chrome://settings/content/notifications You can disable them for all sites. And yet you'd rather complain that they exist instead.

After that turn off stickies, floaters, modals, etc by default & those who wish to have their browsing experience assaulted into a 1 inch box can opt in.

I think that's part of the problem.

Default browser settings = what the browser developer believes will best server the browser developer's interests.

About what percent of push notification requests do you accept? I think my percentage is 0, and the number of requests is high tens if not hundreds. I don't trust browser notifications at all.

Here's some stats: https://www.businessofapps.com/marketplace/push-notification...

Opt-in rates are around 65%, open rate is between 1 and 10%, I suspect some percentage of those opt-in rates were unintentional or coerced and some percentage of those opens were click bate or accident. so <2.5% of notifications were desired.

I think it's safe to assume a significant portion of the opt-ins and notifications were desired-not.

Based on this information, I would consider notifications undesirable.

Specifically, chat. More specifically... support agents providing live chat support. (And for that matter, end users interacting via chat appreciate push notifications on reply)

Without browser push notifications, there really isn’t a good alternative.

The fact that opt in rates are close to 50% is probably a good thing! It means that browsers aren’t using dark patterns to trick people in to opting into things they don’t want.

I would 100% agree with you if opting out were difficult. But at least Chrome’s implementation makes it very easy to decide which sites I want push notifications from, I really can’t think of any downside given the easy opt out.

If you need notifications, just use a native app (or even a web one wrapped in a native app)

Anyway, most of these "features" are used because they are already there, remove them from the base install of the browser, distribute them as a plugin and make the devs consider that the feature could not be present and they will stop nagging the users begging for their attention

Any website I visit from mobile wants the permission to notify me, 99% of them don't if I visit from desktop

Why is that?

I guess we all know the answer

My experience with this kind of services has always been lame and I strongly believe only bad businesses use them

For example the two larger e-commerce sites in the world,Amazon and Alibaba don't use them

If they were a major improvement, they would.

If you try the same thing with a B2B or other high-touch service, it's not going to end well for you.

Personally I get a terrific amount of value from interacting with my B2B customers through chats, video calls, and screenshares. The customers love it.

In my experience B2B businesses call you, they want to talk to someone, not to a chat bot.

My biggest complain is in fact that I have to take phone calls because clients refuse to use other means of communication.

Yes, actually, IRC works better for chat, I think. Actually, it is probably true of some other stuff too, such as many kind of multiplayer games; you could use a telnet (or SSH) session.

The user doesn't know that another user changed something until he opens the app and then the app has to fetch and integrate all updates since the last interaction with the app and the user has to wait until his app is ready.

Most app that need to push updates to the client do it by having a background service talking to the update server or polling for updates

You can even do it via HTTP(S) if every other protocol is blocked by a firewall or a corporate proxy

Service Workers are the background service for web apps, but since users don't want those services to drain the battery unnecessarily, you have to use the Push API to trigger those background jobs.

So yes, if the app is the active app, you can do polling, WebSockets and all the like and have no problem. Background services are (rightfully) limited for web apps, but not even providing the Push API kills a lot of valid use cases. Firefox and Chrome both provide that API.

They are actually not really.

If you can't run a modern browser on your platform, you're out of luck.

I think the real "as much device-independent as it can get nowadays" is just Firefox

On the major platforms Java is as much as device independent as the web

Older browsers, on the other hand, might not be able to use offline features, but at least you can use the app in the traditional always-on mode.

For your comparison with Java: It is true, Java is very device-independent, but the deployment procedures are much more complicated than simply entering a URL.

Chrome runs only on Windows/Mac/Android (Linux if you allow proprietary software on your distro)

Safari is only Windows/Mac/iOS

Firefox runs on many more platforms, but unfortunately its market share is low

Most big websites have different URLs for the same content. When you're sharing a link, you want the canonical URL, which is neutral and universal, not the URL you're currently on, which might have a session ID, user preferences, scroll anchors, etc appended to it. The share button in your browser uses the canonical URL of the site (if provided), which looks nicer and works better.

Share button certainly doesn't work better; I find it so undependable that I intentionally avoid it.

I get browser push notifications from gmail and facebook. I block everything else, but I'd be pissed if I didn't get those notifications.

Similarly, I like not having an app running so that you could just send me a text. Sms is bad for security, but great see sending short notifications. Almost better, as it is so limited.

Much better than directly copying the URL.

But yeah I often copy the URL to "notepad" app before sharing and trim manually.

I don't think most non-power user even want to try to trim that stuff, because they don't know what can be trimmed and what can't.

file:///C:/Users/blabla/something.pdf

httpx://who.int/something?fbclid=<200-hundred-chars>

Except that with web push the block button is two taps away. Once I’ve given away my phone number that’s it, it can be sent to anyone, I can receive messages from anywhere.

Similarly, used to, my browser was not a bloated application capable of sending me messages. Such that there have been times just launching chrome I get notifications I didn't know my family were going to accidentally enable...

I tend to agree, but this puts us both in the 5% of internet users who know how to do that. (And no, I'm not celebrating that low number.)

> What we didn't know until we analyzed the data was that even though so many people do use CTRL+V and do use "Paste" on the context menu, the toolbar button for Paste still gets clicked more than any other button. The command is so incredibly popular that even though there are more efficient ways of using it, many people do prefer to click the toolbar button.

https://docs.microsoft.com/en-us/archive/blogs/jensenh/no-di...

You and I use Ctrl-V, but the vast majority of users want something a lot more visual.

"Then you don't know what other people want" doesn't seem like a reasonable response.

People want a lot of things - but only use what they can access. Additionally, people will deliberately choose to use broken/painful systems if they have to, in order to accomplish a broader goal. Finally, the vast majority of systems used by users are built because they are profitable to build/operate. In many (most?) cases, they are not profitable to the user in the same way that they are to their builder/operator.

From those simple observations, it seems like quite stretch to claim that anything that has many users is something that people want, and that they enjoy using.

"As a user I don't want this therefore no one else should have it either." is a bit less reasonable, and implies that you don't know what other users want or care about what they need.

"Developers" or average Joe's? Most people I know don't know what push notifications are. RSS? "Some kind of gov agency?". Sharing? "Facebook button!". And, no, they aren't idiots, they just don't care and see any of that. ;)

I think this leaves out a middle ground. The people who design web pages love this stuff, either business decision-makers (because they think it improves metrics) or programmers (because it's a cool way to implement the area of their technological expertise)—but you can be a techie, know exactly what all these things are, and not want them.

(RSS is a funny one to see on the list. It's practically ancient, and most browsers seem to have given up on integrating it—which is a shame, because it's a low-flash solution to a real problem and is user-centered and -controlled.)

I, too, personally wish most of those features didn't exist. But I acknowledge that I am in the minority.

I wish I could at least control these things. I'd like to turn them all off and see what happens to the modern web, and at least understand what I'm allowing when I turn them back on.

Sometimes there are counters on those sharing links, and a tiny portion of visitors seem to click them.

You have already lost me, I do not believe I have ever done this, or wanted to do it

If users don't really give you permissions to use these things it implies to me that users don't really want them.

So, no, v1 wasn’t great. But we can improve on things.

Not minding them too much since I disable them, but at some point it is just not worth it for all the anti-user practices notifications already allowed in my opinion. It just inflates functionality.

In 20 years, if we have even more powerful devices, we will complain about browsers taking ages to load again.

Why would the share button be on a page? Surely this should be a native browser/OS function (as implemented km android, for instance)

It's a freak of luck that we have the web, an app environment with a built-in dev console and actual customization. Just think how much it contrasts with the black box of native apps and with what large companies actually want. I'm in no rush to throw it away.

Obfuscated javascript running in the console is no better than random apps, and webasm is going to make that even more opaque.

You are talking about features that are only needed for websites and why an app doesnt have those features, when they were directly bolted on to deal with the huge amount of complexity we've already handled in the OS.

Regular users aren't plugging their devices into a host computer to access dev tools into their mobile browser.

One of the many reasons I use Amazon via browser and not app. Also open link in new window so you don't lose state, compare easily and much much more.

Now that I think of it, it feels like a bad website shipped as an app. Which it probably is.

I'd prefer not to give my number to them because then they can send me unsolicited "offers" all the time (just look at email) but I don't want to block them either because I still like their pizza.

Several critical or potential annoying functions have opt-in prompts by default, unlike your typical desktop OS.

An OS doesn't protect you from outside, it protects the system from apps and users

Imagine if your OS asked you if you would like to allocate a block of memory at address X everytime it does

That's what to a regular user the prompt means

They just click 'Yes Forever' and are done with it

But that's still an application settings, it has nothing to do with being an OS, browsers are mostly a system for distributing malware in the easiest of ways

At the cost of being as complex as a full OS, without any of the benefits

Wanna bet that if vendors started distributing naked browsers and the extra functionality (of course approved by W3C as standards) were bundled in plugins, which is entirely possible, half of those would linger there with zero downloads?

I don't understand what you mean by "In the browser everything is exposed to everyone by default". Browsers have a much more robust security and privacy model than normal OSes.

For starters, browsers can only implement sandboxing thanks to the OS facilities, otherwise it would be impossible.

And that is modern ones. 5 years ago some browsers were still a security nightmare with not even multiprocess separation.

If you ran untrusted native apps with the same level of consideration that people run untrusted web sites, your identity would be stolen every 30 seconds. That is solid empirical evidence of a better security model.

People identities are stolen constantly by web apps, they just don't know

An app like Excel could steal my data, yes, but it is my willingness to give away all my connections to Facebook and let them spy my interactions that gave away my identity and also the identity of people that do not use Facebook, but are mentioned by me or my other contacts (for example my parents)

That's the real danger

If we wanted to do so, then the "run" operation on an executable would be different.

There is no difference, and in fact, OS have more features and capabilities to make running untrusted code safe.

In 2015 Firefox still did not have multiprocessing. IE did not either, and it was massively used back then.

Browsers are terrible. No other applications or OS components are so monolithic expose the same attack surface.

If we're talking about code executed as a result of, say, buffer overflow attacks, then the impact is the same both for the native app and for the browser. The latter, however, has way much more places where that overflow could happen! And they still happen, security updates for the browsers get pushed all the time.

(And we're not even talking about the world of XSS/CSRF attacks here! Those are pretty much exclusive to the browsers, and widen the attack surface tremendously.)

And have a tiny codebase compared to a browser. And even tinier compared to a browser + all the potentially hostile javascript, css, html, sng, png out there.

And run in native sandboxes or external sandboxes like firejail.

On the other hand, the web as a runtime is one of the most universal platforms we have. If I run Slack in a browser, I sure do want it to be able to notify me! (Though I wish doing so felt more like the Electron app - I’d rather use my browser than Electron if the UX were similar enough. I already have a browser, I don’t need another per application!)

And as an occasional user of less popular mobile platforms (Ubuntu Touch, etc) a more featureful web runtime helps close the gap between those platforms and Android/iOS.

I do think it’d be better if these two use cases were more explicitly distinct than they are now, though.

Platforms have fallen back on walled gardens (app stores) with centralized control of all code execution to compensate for the deficiencies of their security models. I don't want a future where the only apps I can run have to be signed and approved by Apple ahead of time. The web is the escape hatch.

The real reason we see so many web apps is that the decision on what technology to use for an application is largely something developers decide (with "developers" i do not only mean individuals but also companies and organizations that develop applications) and the web gives developers pretty much complete control over what is going on in their application, what the users can do and how, allows them to force everyone use the same version, allows realtime monitoring of how the users use their applications and provides the vendor locking tightest than the most obfuscated native application could have (since all the data is stored in the servers).

Security is just a very convenient excuse since a lot of people shut down their critical thinking whenever it comes up (my guess for why that happens is that since a lot of people have been shamed by supposedly security experts and even more people have mimicked that shaming, we ended up with everyone just shutting up whenever security is brought up to avoid looking like That Clueless One that would be shamed next - but that is just a guess).

But the real reason is the heavy control that web apps give to the developers and the vast majority of users do not really understand how biased against them that setup is.

Also, while the UI is far from ideal (at least on Windows), you can block individual applications from accessing the Internet. It should be much simpler than it is now, though.

Though Android does try to address this with Google Play Instant (https://developer.android.com/topic/google-play-instant). I've never encountered it in the wild though.

I would also suspect that most users haven't any clue of the security implications of using something in a browser versus using an app.

And we got our phones through our daughter who works at Verizon, so when my wife moved from an Android to an iPhone they called me up and asked for my iCloud password which I, like a dumbass, gave them.

I just checked and I've got four more bullshit apps on my phone I need to delete :D

The browser hasn't either. See all the recent intel bugs and how many can be exploited from javascript.

I agree, it's better, but the idea that you can just happily run whatever in the browser and it's all fine isn't quite true either.

But it is a lot better now than it used to be.

When it comes down to it - why am I exposed to untrusted code if what I'm trying to do, for the most part, is just browse and read info?

Perhaps we should separate browsers-as-app-platforms from browsers-as-readers.

If I create a native Windows app and link people the .exe to try it out, approximately 0% of people who run it are going to run it in a securely sandboxed way. If I create a web app and link people it to try it out, approximately 100% of people who run it are going to run it in a securely sandboxed way.

Furthermore, some people will specifically avoid trying out the .exe I send them because they don't trust me fully with everything on their computer. As a developer that wants to show off things I make, I don't want this obstacle to exist. If I make a web app instead, I know it's more likely people will try it out.

I would rather run every application in its own VM under a different unprivileged user

P.s. the browser is the main attack vector on mobile, not only because it's so complex that bugs are everywhere, but mostly because web app security sucks

Citation needed. Browser-based attacks are difficult to come by, because it's just easier to attack an application instead.

You require a citation then make an assertion with with no supporting source.

Many game engines do it as well, just think about DOOM mods

I think the point is that browsers are not as good as an OS as an application platform (given the limitations) but are as complex as an OS and have more bugs

The fact that mobile apps are terrible is not an excuse for having a terrible document protocol used for applications

Apple invented mobile apps as we know them today,but native apps in general have served people well for ages

We are at a point where a native app with some API is more maintainable than a browser app

Not even talking about the ecosystem and its fiascos, like npm corrupted libs used by millions without even looking at a single line of source code or the famous leftpad incident

It doesn't really matter where the weakness is, if it is exploitable

As Alan Kay once said "the web was made by amateurs at best"

While website capabilities have evolved, the web UI itself has regressed. No major UI paradigms have emerged from the web since the 90s (except tabs, arguably). URLs, bookmarks, cmd-F Find, and clicking on links still dominate, except they work worse now compared to the 90s, because of SPAs and lazy loading.

Also, all of those features that rkagerer complained about would be even more abusable, because in general, Windows apps don't have to ask for permissions to those things. I don't get how someone could complain that it's bad for a web app to be able to ask for permissions to their contacts, and would prefer to have a native app (that can get them silently by default).

Maybe you could replace "Windows" with "iOS" in this hypothetical, which would improve the permissions side of things, but I think it's likely that Windows was only supplantable in the first place because of the popularity of things being on the cross-platform web instead of on native Windows apps, and especially as someone without an iOS device, I'd be pretty sour if the effort on the web went purely into a locked-down non-open platform I didn't have. I think the way the web has approached being a universal open-source/open-standard app platform is extremely exciting. The fact that web app buttons look different than iOS/etc buttons is a small price compared to the benefits, and is the sort of thing that can probably be solved within the model once developers think it's important enough to. (I think modern frameworks and/or the web components standard will provide a good base to get more native-like experiences common in the web.)

iOS initially had a web-app-only developer story (the "sweet solution"), but the quality gap between web and native apps was so undeniable that Apple reversed course and shipped a native SDK. It would be no different today.

The quality gap is not about buttons that look different. It's that nothing behaves consistently. Every site does its own custom thing, so users are forced into the lowest common denominator of interactivity (click or tap).

Examples: Gmail has its own fake windows, context menus, dropdowns, drag and drop, key equivalents, etc. and they all fall apart as soon as you try to do anything nontrivial with them. And it's been like this for 15 years, so I don't see any cause for optimism on this front.

A lot of your argument here is based on the assumption Google Chrome is open source software. Google Chrome is not open source, it's proprietary.

I remember when applications had to be tied to the OS, does it run on unix, linux, some other OS, or hardware... what a pain.

If it is a web app it probabbly works most places.

I want to turn off the application side of things for my safety (and I do), but too many sites require it unnecessarily to do the most basic tasks of displaying static text and pictures.

But browsers won't, because they have nothing to gain from it; and it would be way too confusing for many users.

And now many are tied to one or two browsers.

It's true that it has displaced things they were true document or file transfer systems (Gopher, FTP) because it subsumes those functionalities, but it wasn't ever just that.

I agree but I would be ok with them if they required explicit permission from the user before being allowed.

But I was a bit shocked to discover that I was getting notifications from sites that I did not have open, then I realized that when I register for notifications the browser will continuously poll that site in the background, no matter whether I've browsed to that site in this session or not. That was when I decided I didn't want any notifications.

It's not even the interruption, but more the knowledge that my computer is casually making HTTP requests in the background, continuously, on a site I haven't even browsed to, that I don't feel comfortable with..

It means my browser is more bigger and more complex. It broadens the attack surface exposed by my browser, perhaps even if I don't opt-in. It dilutes the efforts of the Firefox team. It introduces new ways for browsers to be subtly incompatible. It further raises the barrier to someone making a serious browser from scratch.

Also, are we guaranteed that these features will be opt-in? There were serious security issues with WebGL (predictably), and I don't think WebGL was opt-in.

This is an issue with that particular website's implementation, not something inherent to the browser or the API.

When that statement applies to 90% of pages out there, that argument gets more stale than cracker left out for the better part of a year.

That staleness, in fact, is why no one is encouraged to run blind unauthenticated proxies on the Internet anymore. Completely valid technology. Very problematic use case.

because the product manager thought my user session was engaging with the site for 2 seconds longer so it must be good.

I never said it was the browser or the API just acknowledging that it is a predictable gripe and not a feature, and yes enabled by the browser and APIs

Notifications? I need those from my calendar app and chat app.

Badges? Messaging systems I use rarely but which are important.

Visibility? I want resource intensive apps to "sleep" when not in use.

USB? I want an Arduino web ide to be able to communicate with hardware.

Screen lock? I don't want the machine to go into sleep mode when I'm presenting a slide deck.

Key lock? I don't want the browser intercepting keystrokes in my word processor or SSH session.

The notifications API is the same. How many of those "uses" are legitimate uses that users consciously want, and how many of them are misclicks or just clicking yes to dismiss the prompt so they can access the content they wanted in the first place?

In my case there's only one website I can think of where I want notifications from my browser: Slack. I can understand that some people might want them for e-mails, social networks, etc but even then that's only like a dozen or so websites. In contrast there more websites than that which use notifications for spammy/annoying/unnecessary purposes, and sadly some people do fall for them and then get their time wasted by these notifications.

In a perfect world where nobody would try to take advantage of people I would totally want web notifications to be a thing because there's basically no downside (websites won't try to use them for spam) and potential upsides.

In a world where it's not only legal but morally acceptable to take advantage of people, waste their time, stalk them, etc (there's a whole industry around this called "martech") I would happily sacrifice the few legitimate uses of web notifications if it means non-technical users can't accidentally opt-into crap and then have their time wasted by spam because they don't know how to opt-out.

Second, how can you know if these features are widely used or not? There's been lots of technologies that have been added to web browsers over the years that weren't widely used, and were later removed.

The httparchive could provide insights on any api afaik.

It doesn't mean it's the right thing to do for society

Browsers have gone far beyond their purpose in an inorganic way

It's like if my alarm suddenly started making coffee, toasts, working as remote and the new planned feature was the ability to warm itself up and iron my shirts

And it would still be a fraction of what browsers do today

There are similar site content settings in any major browser.

On the other hand for say a corporate web application where my only users really do want them ... they're AWESOME.

If there is a site you really like, that you want to share, and would want to recieve pertinent updates from, if you so choose without being hounded to do so, aren't you happy the feature is there?

When I implement this that's how I think anyway.

On the iPhone they require paying apple $100 a year which almost ensures most will be ads.

[0] https://pushover.net/

Whoever invented that API forgot whose client the browser is. Mine.

It is most definitely the page doing the muting.

The web is one of the most open platforms that has ever existed — period. Since the dawn of the smart phone the web developer has heard the following request: "I need a native app because push messages!". Execs want them, users want them. They literally bang down your door asking for the damn things. Allowing the browser to handle push messages means you can keep your app on this amazing open platform instead of share cropping in some app store.

Web Share is barely a thing. It's literally just a call to an already existing browser function and deprecates all the vendor-specific embeds in most sites (each FB, Twitter, etc. share button you see either uses this single-function API, or loads their huge blob of JavaScript on every page that has it - which do you prefer?).

As a user of Web messaging apps, I also like the Visibility API, because it allows the apps I use to stop rendering while in background and just queue up messages to render when I look at them. This allows the process running those tabs to basically go to sleep (even swapping sometimes) which increases battery life and performance.

The rest of the ones you listed, I agree, really shouldn't be in Web browsers.

While there are very few web sites where you want them to send you notifications straight to your desktop, that API is also used to wake up your Service Workers, to let them receive information when they are not the currently active website and are therefore quite important to build things like chats or apps that sync over multiple devices.

AFAIK that Push API for Service Workers is not available on iOS yet, which is a major show stopper for Progressive Web Apps as there are many use cases where you would need something like that.

I share the concerns regarding features with extra high risk of leaking sensitive data. The operating system should control access for those who wish to disable such features; it doesn’t necessarily have to ask for each capability just because the option exists. Those would of course still need to trust the app’s own isolation for web pages if they for app features require access to e.g. file system or Bluetooth.

I don't want every random local news paper or internet chum site prompting me for every permission under the sun every visit.

Push notifications are good when my Webmail tells me there's a new message or Gitlab tells me my tests passed.

Not so good when some crappy newspaper I visit for the first time asks me if I want be notified about all their clickbait articles all the time.

But with Brave it's pretty easy to disable JavaScript on a per-site basis, with "disabled" being the default. So all these things don't bother me anymore.

@include *

@run-at document-start

navigator.something.someMethod = () => {} // noop

https://www.tampermonkey.net/documentation.php

The Contacts API does not allow unrestricted access to your Contacts. It presents a picker for you to choose a contact.

The SMS Receiver API is not universal access to SMS messages, it is access to one specific message and only one that contains your domain name in the message text.

Both have very obvious utility to users. They don't look even vaguely terrifying.

I admit, this is exactly what I did :(

appreciate the info

The browser I use the most does not do any of these things, but it does a nice job of dumping HTML tables to formatted text, which is something the modern graphical browsers cannot do..

Your browser should let you decide whether you give websites access to this functionality?

Some of these things though it may be useful to have, although should be set by the user, independently of the web page entirely; the web page should not be allowed to specify these things.

Specifically, the following things could be user commands (that the web page need not know or care about whether or not it is implemented or used): Picture-in-Picture, Keyboard Lock, Pointer Lock, AirPlay, Screen Orientation (although see below for some comments), camera selection (the user would also be allowed to specify a file instead of the camera, or the user can specify to use the camera where a file is expected too), Theme Color, Badging, Chrome Sender.

Screen Orientation and Presentation Mode: In presentation mode (selectable by the user), this is a "paged screen" media rather than a "continuous screen" media; in this case, the height of one page is known to CSS and JavaScripts (this should be reported as the visible height, even if it isn't entirely visible; in normal more, Infinity should always be reported rather than the correct height), and page breaks work. The width and height may be known too (although not of the entire screen, unless it is full screen mode), but the user would lock the screen orientation using the global screen orientation locking function, if that is what is wanted. If CSS is disabled, then of course this won't work, but that is OK, since if the CSS is disabled then presumably the user doesn't want it to work, so it is OK. For displaying on a separate screen, that may be a function of the operating system anyways, and not of the web browser.

Payment Request is simply a specific case of autofill. Forms could specify autofill IDs, which are more general than this anyways, and fully controllable by the user. Credential Management could also work like this, although using HTTP authentication rather than forms/cookies would seem a better idea to me.

For sharing, the user can just copy the URL by himself; the browser might (or might not) include sharing functions for URLs, or the user may use a separate program which implements this; it is irrelevant which way is done.

Service Workers: For sending forms when internet is not available, what I wanted is the ability to save form data locally to disk and recall it later (on the same or a different webpage), entirely under the user's control; the web page should not need to know or care about this.

Game Pad and Force Touch are probably fine, although, like the keyboard and mouse, should only be enabled when the user activates it.

There are many other things too I think should be done differently.

- Web MIDI - access digital keyboards/synthesizers. I believe in some browsers there's no prompt, unlike Web USB.

- Screen sharing via getDisplayMedia, analogous to getUserMedia for cameras.

- WebRTC, peer-to-peer connections.

- Security keys (WebAuthn), specific support for cheap ($10-$50 depending on features) devices that do second-factor login to websites. Importantly, these devices communicate with the browser about which site you're logging into, making for phishing-proof logins.

0 - https://myscreen.live

If you can handle signaling in another way, you're free to do so.

When I played around with WebRTC the first time, I did it by copying the signaling data via TextAreas and WhatsApp.

Those and all other things listed on linked article are JavaScript-lang/engine things NOT related to browser itself. You could use such using Electron, literally "outside of browser"

Try disable JS in your browser OR try to use Links[0] browser ­— and lets see what you can do with a browser in 2020.

[0] https://en.wikipedia.org/wiki/Links_(web_browser)

This is like replying to "Places you can visit for a road trip" and saying "You can visit all these places by train, too, also let's see you go there in a car without the engine."

(I am a links user, btw.)

Even if you don't have a dark theme already, it's a huge value-add..... (@dang?)

  <picture>
    <source srcset="made-with-bulma__dark.png" media="(prefers-color-scheme: dark)">
    <img alt="Made with bulma" src="made-with-bulma" width="128" height="24">
  </picture>

[0]https://bulma.io/made-with-bulma/

If I have to adjust my monitor brightness to be okay with reading something there's a major issue.

Yes, but the issue is with your monitor brightness or your ambient lighting, not the content. I tune my monitor for use at night with the lights on and as a result, #000 on #FFF is perfectly comfortable at all times. There's rarely a good reason to use a PC in complete darkness and I can't think of any reasons to do it in your own home.

I think that's the key point there. Light themes are good in light, but bad in dark situations, and vice versa. "Most" people prefer light, because they use their computer mostly in the light. Many programmers etc. prefer dark because they use their computers late in the dark a lot.

These are basically two "modes" of use, but software has been treating this as a preference, rather than a mode switch.

Through a set up of PowerShell/Bash scripts, I now have global dark/light mode switches on all my devices and I feel like this is the first time I can really use them effectively in all situations. Light when there's light, dark when there isn't. I even switch on the train as it goes through a tunnel. IMO, this is how it should be used, not as a set-and-forget preference.