We have decades of experience about how this works in the real world. Which is that most people will blindly click whatever button is there in order to get the site to work.
For features which compromise privacy or security it’s not an acceptable approach.
That's a non-issue. If fingerprinting is your concern, people aren't going to blindly tap through 3-5 "allow ____ access to your device" dialogues before they get the hint. If it is dangerous, then Apple could issue a warning in the notification explicitly telling people that it could compromise their browsing.
WebRTC and WebMs don't compromise security anyways. Apple just reaches into their bag of canned excuses and happened to pull out "security" this time.
I think you missed the point: Nobody reads the warnings or notifications. Which is why it's absolutely an issue.
And yes, I routinely revoke permissions for dozens of sites from all sorts of Chrome permissions that the user doesn't even remember visiting, much less authorizing. People just click stuff.
