Even though the other browser vendors have positive reaction, note how this follows the same pattern Chrome has followed for over a decade:

- scribble on a napkin (explainer)

- ask others for their position

- ship regardless of position or any outstanding issues

- claim it's a new standard

I'm curious to why the polyfill example uses unpkg.com. It is quite unreliable and has broken sites many times.

jsdelivr.com is much more reliable (Multi-CDN, Multi-DNS). Comparison: https://www.jsdelivr.com/unpkg

I am not affiliated in anyway to jsdeliver or unpkg. I simply used to be a user on unpkg.

Yay! Next up, <usermedia>, which is even more vital a permission to be able to flip on and off!! https://github.com/WICG/PEPC/blob/main/usermedia_element.md https://groups.google.com/a/chromium.org/g/blink-dev/c/jQgYo...

As noted in the intent to ship for both, these are a very specific narrow cases chipped off a bunch broader attempt to offer declarative ways to handle permissions in general, a <permission> element.

Intent-to-ship for geolocation: https://groups.google.com/a/chromium.org/g/blink-dev/c/GL0Bk...

Earlier Page-Embedded Permissions Control (PEPC) proposal: https://github.com/WICG/proposals/issues/113 https://github.com/andypaicu/PEPC/blob/main/explainer.md

The root problem is that permissions right now are super hard to adjust for users (and the way they are exposed to the page is not very good at dealing with users turning permissions on and off either). It's imo very good that we are finally leaving this awful tarpit of design, & moving towards permissions being more fluid. I get that other browsers wanted to be conservative & not do a generic <permission> element, but given how big an improvement this feels like, I sort of wish it'd gotten the pass.

I'm a bit confused about how it actually works, and somehow they decided to not include a demonstration video.

If clicking on it does trigger a location permission prompt: what's the point? The "issues" with prompts getting denied can already be solved by web developers doing this themselves, rather than just blindly firing off a request on page load.

If clicking on it does not trigger a location permission prompt: have we forgotten about the Line Of Death [0]? Clicking random website-styled elements should never result in dangerous actions being taken - and leaking the user's physical location is definitely dangerous. Sure, they are trying to restrict the styling, but that's a fools' errant: somebody will just make a browser game where the button looks to refer to something ingame, but actually leak your real-world location.

Besides, who's actually asking for this? Location is perhaps useful for Google Maps-like websites to save you a few seconds of scrolling, but in practice it has mostly been spammy websites trying to get me to "subscribe to local news". Making geolocation easier is the last thing I want in my browser!

[0]: https://textslashplain.com/2017/01/14/the-line-of-death/

This seems pretty sketchy, and I don't really understand what prevents a website from clickjacking.

The original flow is awkward, but also renders the permission element in a location that can't be clickjacked, thus offering some protection from geolocation.

Main purpose of this seems to offer a way for undoing "previously blocked location access" by the user.

> If a prompt appears unexpectedly, users may block it reflexively or accidentally, unaware that this decision creates a permanent block that is difficult to reverse. This context gap—rather than the feature itself—is a primary driver of high denial rates.

> If a user previously blocked location access when browsing a site (perhaps by accident or lack of context), clicking the element triggers a specialized recovery flow. This helps them re-enable location at the moment when they actually want to use location, without the friction of navigating deep into the browser's site settings.

Google sees "high denial rates" when they try ask users for their geolocation. This is a problem for Google's customers, the advertisers. So they introduce this <geolocation> HTML tag so that dark patterns can be employed to trick users into permanently sharing location even though they have blocked location sharing before.

If the Google engineers who are working on this feature would actually give a damn about users who decided to block geolocation access, this feature would be designed as a "temporary access to geolocation for duration of browser session".

So basically it is all about more tracking and less data privacy.

It's overdue that skilled engineers provide better solutions than this crap, but of course it's much easier to be apolitical and become a millionaire working for a bunch of tech bros who visited Epstein's island.

The demo crashes Chrome on Android for me.

https://permission.site/geolocation_element.html

I just don't get it. Why is this needed?

But I have no doubt there is a play happening here.

Probably it will change over time to make gathering data easier?

Or something else that makes Google money.

This might be easier than refusing permission every time - it sounds like I can just not click it. I really dislike location permission things. I don't know what location will be shared, I don't use anything that needs a precise location, and I don't ever want to share my actual location. If location permission things showed me a map with where they think I am and let me click a (vague) location to share, I might use them, but currently to find nearest stores or whatever I just type in a postcode or use their map.

Edit: this has prompted me to go find a way to turn off location permission requests in the browser settings. It turns out you can do it under Privacy and Security > Site Settings in Firefox and Chrome.

Is this element in the standard or some form of "embrace, extend, and extinguish"?