oh yes, that is such a dump design of web permissions

alongside of the abysmal UX for listing/removing them (from a "normal" user POV it's somehwhat usable for someone who understands tech a bit more)

like in general IMHO origin separation over time (e.g. permissions, cache, local storage) should be bound to some public key cryptography schema where the public key is shipped alongside DNS and every time it changes (or disappears) it's treated as a new origin.

So basically HPKP but 1. one key per origin, 2. separate from the TLS key, 3. way less harmful if messed up so actually just fine to use without worry to permanently lock yourself out.

Also maybe 4. crypto likeable to a group of person/company identity public keys detached from TLS and not spoofable by government DNS/TLS takeover attacks. But in a way where this system is added on top instead of being a building block to make it hard for regulators to effectively shut it down. Like I which police all luck to find all the criminals but history non stop shows we can't rely on governments not going crazy and start prosecuting people for just being different without different meaning "actively" hurting other people or entrapping and then persecuting people for having different political (or religious) opinions or other similar nonsense.