[steelframe]

> Harvesting data and using it for marketing purposes?

Twitter's actions make everyone less secure. The next time an online service asks me to enable 2FA to protect my account, I'll have to consider whether the potential for abuse of my 2nd factor information is worth the additional risk to my account.

[tialaramex]

FIDO tokens (for U2F or WebAuthn) don't give the relying party anything valuable. If they literally publish everyone's parameters it makes essentially no difference to anything. It doesn't even mean they stop being useful for authentication.