I would happily set all browsers to always deny all ads and untrusted domains the ability to use microphone and camera at all times. So there's no need for an avalanche of alerts, it just shouldn't be permissible for a resource from an untrusted source.

It may be widely used, but for a highly concentrated set of sites. I can't think of an occasion I've used it beyond Google, Microsoft, and Zoom properties. Perhaps Slack and Discord too? So there must be a better way.

> deny… untrusted domains the ability to use microphone and camera at all times

I believe this is the default for most browsers now, right? (Or have I been spoiled by Firefox?) This is the best way, where the camera is always inaccessible, unless you enable it for a domain which needs it. Since I rarely ever see the camera/mic request option, I don’t think we’ve been conditioned to allow this type of request. (Compared to cookies, which show up on nearly every site.)

If you want to disable permissions dialogues altogether, then what’s a trusted domain? Just zoom and a handful of others? If you write yourself a nice app which uses the mic, do you have to email Google to get yourself added to the list of trusted domains? That would be pretty bad for the open web, so permissions dialogues are the alternative

The solution to this is simple, but not easy: block everything by default and do not prompt to enable it (but do show an indicator of what has been blocked).

This is how Firefox tracker protection, uMatrix, noscript, and a plethora of ad blockers and other privacy tools work.