Even if not data, metadata is valuable and should not be in the hands of third parties, so any leakage of that is a problem. If you allow a login for one system to be used for another you gain convenience but are leaking information about yourself. The more systems you expose in this way, the greater the value and risk. Few realise this and frankly we can never know the full implications in advance.
If you don’t mind how such data is used, then we have different views and approaches to privacy. I’m going by how I know this kind of data is currently being used, sold on and abused. I believe this is harmful on many levels and I don’t think many people are aware of the extent of this, or the harm it creates.
So that’s bad, but if you are using a third party to host your data then that leakage is much, much worse. I’m not familiar with the design of Inrupt’s just launched product, and I’m not aware if they’ve made the code public. But the model is the problem, you are necessarily trusting corporations whose imperative is profit, to put your privacy before their profit. What we see is that they will do what they can get away with. There are numerous problems with this model in my view.
Inrupt and those designing the service based approach have not responded to these points so it’s not clear why they’re ok with the approach, whether they believe their solution is not vulnerable to the issues and why, or if they don’t regard them as problems and why that might be. For me, the Solid protocol is a great idea and well suited to addressing these issues, if implemented in ways that address these problems rather than replicate much of what has created the problems we now have.