Just dropping in for a quick prediction... I've been thinking about how many different sites people have authorized to access their Twitter, Facebook, Google, etc. accounts via OAuth2. Those authorizations don't expire, do they? What happens when the client sites expire and new owners grab the domains? I'm thinking that in a few years, we'll see bad actors take over dead startups and exploit the social media access for data harvesting and spamming.