We are already here. As the volume of code/technology increases, it should be clear that systems need strong permission boundaries. It is impossible to meaningfully audit all dependencies and services.

If my desktop music player has an exploit, it should not be possible that it can read my SSH keys. Node supply chain hacks keep occurring where your development environment can leak your private data. Mobile OS have this isolation already, but desktop is sure to slowly follow. I think we might eventually get to a point where even code libraries get assigned capabilities (eg libxml does not have network access).

The thing I found most surprising here was how many devices that person has on their network. In my house, it's a phone and computer per person, plus a chromecast. That's it.