Sounds about right. Even if we imagine that developers adopt this technology for some reason, what's to stop them from also keeping copies of any data they are granted access to? or just using it for auth and giving you no direct access to your data? It all seems too idealistic, since developers derive little benefit from the added complexity.