And... it's awful. The user doesn't need to approve domains for vibration, so I've already seen this API used in multiple cases... all PHISHING SCAMS, using Google imagery, vibrating, and telling the user to click a button to fix it... at which point it probably downloads a virus or asks for your password. Either the spec or the browser implementation didn't put users first. FAIL.