You keep waving your hands and saying “but we can do it anyways, not a problem!” when in fact, yes it still is a problem. Browsers also make decisions to that protect user privacy. Like it or not, the vast majority of people using a web browser never touch a single setting. They don’t understand the privacy implications of what they do most of the time. Browser makers do have that understanding, so we attempt in standards to help protect privacy as best we can while providing new APIs to allow for cool new things to be built.
Which is why I asked for something not necessarily related to your product. Just anything that demonstrates the performance gain that can be openly shared. If you are incapable, that’s fine. I ask you don’t think I asked for your whole product to be shared just to demonstrate your numbers though, that’s certainly not the intent.
Maybe these two go hand-in-hand. Because we have knowledge about our domain, we understand the privacy implications it has for users here. Where on native, “Who cares? We could always query this stuff and no one thought twice about it.” Well, the web functions differently at it’s core. A different set of morals apply to what browsers can provide to developers at the cost of end users. You’re bringing native morals to the web and that doesn’t mix.
We do desire new features. However, they need to be brought in safely in a manner that helps protect people. The web isn’t, “What does native have that we don’t? Ok, let’s just do it.” there are different concerns that you don’t seem willing to accept exist.
@npdoty brought up an interesting point though. An origin-specific whitelist for the permission to occur is feasible. So developers using this info would need to get permission from vendors to even request it from users by the origin URL. While it is a difficult scenario UX wise for browsers, it does add a safety net if someone is found to be abusing this API they can have their access revoked. That’s the kind of thing we need to have some kind of oversight in the usage of this. Is that kind of permission model something you’d be willing to compromise on? Having a hard-line “ignore people’s privacy and give me what I need in a full publicly accessible API” is not going too far.