Of course, it doesn't stop a malicious someone from doing evil things, it just makes his work more complicated (find a way to induce the user to touch the interface first and not just binding to the onload event). And that's why, in my opinion, it would still prevent most users from these unsolicited spams behaviours. After all, can you really stop someone malicious from doing malicious things ? I don't think the "ask for permission popup" model would offer us a better guaranty...