You’re not thinking evil enough, honestly. Two examples off the top of my head, each being fairly innocent mistakes: If you enter your phone number for 2FA, it’s not going to be public-facing. It’s their responsibility to keep that information private from internal and external threats. Ok, so what if it leaks… right? Oh, it turns out the hacker SIM swapped your phone number for the 2FA, and did a password reset on your account via support chat. Still no big deal, its just social media… Except you’ve been giving updates to all your patreon backers on your project that’s shipping soon. It suddenly vanishes off the internet, replaced with a crypto scheme, and all your supporters just flooded your bank with chargebacks. Your attempts at getting your account back are met with silence and your supporters are now furious. Was any of that your fault? No. You get $100.

Let’s try another example: Bounty programs are used by companies to collect bugs and other possibly exploits so they can be fixed. “Too expensive, nobody will know if there’s a bug anyway.” So the app on Google Play store gets installed by 30 million users with a critical flaw… if a very specific image is opened in it, the phone bricks. All the news sites cover the bug, pushing the image to the front page. You open the app and… Your expensive phone just died. Were you at fault for that? No. You get to join the arbitration group and get an individual settlement of $12.

Think more evil. Don’t stick with the “I have nothing to lose” because you almost always have something to lose. The fact these terms were even thought of and written means you do have a financial investment in the platform.