The web is increasingly implementing standards that allow websites direct access to hardware and other information, which could potentially be used to personally identify or otherwise track users.
I find it highly ironic that we should limit access using permissions to extensions and apps, but do nothing of the sort when it comes to arbitrary websites on the internet.
Site Permissions exist, but with a focus on user security rather than user privacy.
Permissions should be improved with a renewed focus on user privacy, by adding or changing defaults for features including but not limited to the Accelerometer, Gyroscope, and Magnetometer sensors (called motion and light sensors) to the laundry list of Site Permissions.
I explicitly name these three sensors because they are used by the Apple Watch, in combination with trained Machine Learning models, to determine exactly what you are doing at any given moment--from walking, to getting in the car, to driving, and swimming.