[whymarrh]

And what does this revocation accomplish? The app still has your unique address. This revocation is simply "don't log me in next time." You still need to use the app to delete any data, if that's even possible (highly-dependent on the app). This is no different than going to your GitHub account (in the parent comment's example and revoking https://docs.github.com/en/authentication/keeping-your-accou...).

I don't disagree that having a keypair on the client for authentication is a cool idea, but it's hardly specific to "Web3" (e.g. https://developer.apple.com/documentation/authenticationserv...).