I think one thing people are discussing a lot here about Privacy around contacts and sharing. Limiting access to contacts , completely or partially, is the wrong way to design such systems. There are two problems with this approach:
1. Having permission to contacts is NOT a capability. Running a function on it that is by design not leak PII is infinitely more valuable and a capability.
2. Asking users to grant permission is broken by design: You are giving a very bad multiple choice to the user: `(a)Creepy? (b). LessCreepy (c). Don't Use App`
Instead if we only granted operation rights and hid the actual information instead it would be so much better. We need a separation of data from the function to empower apps to give better choices to users.
1. Having permission to contacts is NOT a capability. Running a function on it that is by design not leak PII is infinitely more valuable and a capability.
2. Asking users to grant permission is broken by design: You are giving a very bad multiple choice to the user: `(a)Creepy? (b). LessCreepy (c). Don't Use App`
Instead if we only granted operation rights and hid the actual information instead it would be so much better. We need a separation of data from the function to empower apps to give better choices to users.