New: Avoid revealing that consent was denied

[martinthomson]

Isn't this a larger principle? Namely where designs that depend on something from a user, where the user might reasonably deny that something, those designs should avoid leaking information about denial such that sites might retaliate in some way. Designs can help with that by making denial indistinguishable from other reasons that the something might not be available (like in this case, where the something might not even exist). If that is not possible, then it might be appropriate to manufacture some base rate of failure.

_Originally posted by @martinthomson in https://github.com/w3ctag/design-principles/pull/470#discussion_r1467099291_

[dbaron]

It might make sense to connect this with the section on feature detection which currently suggests that "not supported in browser" and "not available in insecure contexts" should always be detectable in the same way, but that "not supported because of device unavailability" should be detected differently. That doesn't currently mention denial of consent, but maybe it should in some way. (However, I'm not sure how -- it's not clear to me that there's an obvious answer.)