We have all seen it: a page that looks harmless, asks for location "just for a second", and promises something fun.
This is your reminder that browser permission prompts are a social-engineering surface.
I built a small demo project to illustrate the idea:
https://github.com/mebularts/location-find-prank
The point (not the "prank")
Modern browsers protect location behind a permission prompt - but users can still be nudged into clicking Allow.
This project is shared as a privacy / awareness demo:
- how easy it is to request location
- how convincing UI can be
- how quickly "one click" can reveal more than people expect
How to protect yourself (and your users)
- Treat location permission as sensitive. Default to Block unless you truly need it.
- Always verify the site / domain before granting any permission.
- Review your browser permissions regularly:
- remove location access from sites you do not recognize
- disable "Remember this decision" for sketchy pages
- For products: never ask for location "just because you can". Ask only when it is required, explain why, and offer a clear fallback.
Ethics
Do not use location prompts to trick people.
If you are doing any demos, do them with explicit consent and in a controlled setting.
If you have ideas to make permission UX safer or more transparent, I would love to hear them.
Top comments (0)