Comment by array_key_first

The main problem I have this with real-world analogies we use for hacking is we assume that, like a home owner, these companies ultimately care about security and are in good-faith trying to make secure systems.

They're not. They're malicious actors themselves. They will expose the absolute maximum amount of data they can with the absolute maximum amount of parties they can to make money. They will also collect the absolute maximum amount of data. Your screen is 1920 by 1080? Cool, record that, we can sell that.

All the common sense practices we were taught in school about data security, they do the opposite. And, to top it off, they don't actually want to fix ANYTHING because doing so threatens their image, their ego, and potentially their bottom line.