I wonder if companies will seriously start to rethink "transitive permissions" or "network permissions". This is very similar to what bit Facebook in the ass years ago: I have permissions to see all the data of my friends, but in the past I could also click a button to let someone who requested see not just my own info, but also all the info from my friends.
From a "computer science" perspective this makes sense: if I say you can view all my data, I lose control with who else you share that data with. But from a "human" perspective, most people don't think that if I give you access that I'm essentially giving access to the rest of the world.
These types of network permissions make any company who holds them a prime target because it means bad guys only need to hack a few accounts to get exponentially more data.
No, IIRC this predates that entire permission model. "Friends of friends" today means just what it sounds like - my friends and all of their friends can see the data Iark that way.
Back in the late 00s/early 10s when lots of "Facebook apps" were a bit of a craze (think Farmville), you could give an app maker permission to view your personal data and all of the data that you could see about your friends. This is how Cambridge Analytics was able to build profiles of 87 million Facebook users when only a few hundred thousand actually installed the "your digital life" app: https://www.theguardian.com/news/2018/mar/17/cambridge-analy...
From a "computer science" perspective this makes sense: if I say you can view all my data, I lose control with who else you share that data with. But from a "human" perspective, most people don't think that if I give you access that I'm essentially giving access to the rest of the world.
These types of network permissions make any company who holds them a prime target because it means bad guys only need to hack a few accounts to get exponentially more data.