consider threats of intrusion/annoyance

[npdoty]

I know this proposal is at an early stage, but one immediate threat to consider is how this could be abused for a new class of pop-up ads or intrusive web elements.

We could review this further as it gets more detailed, but some initial questions:

• how will the user know which window opened which PiP? or how to close either the PiP or the opener?
• can a PiP imitate native UI or some other part of the UI of another window?
• what protections are necessary to prevent another round of pop-up ad wars? (is it the same as window.open or will there be different protections necessary if there's less ua/window chrome?)

[yisibl]

Yes, this can cause a proliferation of pop-up ads. I suggest there needs to be stricter permission controls.