Now here's one I've not seen before:
I clicked on a link to a domain that was showing up in my analytics.
I ended up on a site that made me do one of those captcha "click here to prove you're human” (cloudflare-esque)
Then it rendered a page that said "Press ‘Allow' to prove you are not a robot" and I was like “Allow? Where?”
A few seconds later the native safari dialog popped up asking for permission to send me notifications!
I was like "ah, hell no”
But that was damn sneaky
One of the beautiful things about security in browsers is that a lot of people have worked really hard to make it so that visiting any website in the world (doing a GET) is a safe operation.
I _really_ appreciate this about the folks building browsers. THANK YOU!