This is not stupid at all.
Yes, yes it IS stupid.
It mirrors the obvious principle that everyone here knows, which is that authorization to use a system does not necessarily confer authorization to authorize additional users.
But does that principle automatically apply here? Does a normal person *consider* their Twitter account their own property or the property of twiiter. (Not the legalese... but in terms of how they think about and interact with it.)
Moreover, it's a principle of our daily lives that's so obvious we don't even mention it. I let my neighbor Bob use my pool whenever he wants, but I would be shocked if Jill was using it and just said "Oh yeah, Bob said I could".
Exactly right. Its clearly your property, and your delegate has clearly exceeded his authority according to all social conventions. That would be quite the faux pas, and you'd be rightfully upset.
There is no reason that the principle of non-delegation (that is to say, without explicit authority granted to delegate) shouldn't apply to the virtual world just as much as it applies everywhere else.
It doesn't automatically apply everywhere else. It applies when the property being delegated is recognized as belonging to someone else. It doesn't apply when the property being delegated is recognized as belonging to me. The legalese underneath the transaction may cement that status, but socially what matters is how we perceive the property.
Bob's using YOUR pool. That is the social convention (and the legal reality) of the situation.
If I give you social media account password. Am I giving you access to MY account? Or am I giving you access to a (for example) twitter account that twitter lets me use?
Legally its probably the latter, but that's not how ANYBODY thinks about it. They think of it as THEIR OWN twitter account.
They'll say it's 'my account'; they'll complain 'my account was hacked'... everything surrounding it is framed in that sense of ownership.
The same way they think about their TV service, their cellular phone service, their steam account... that the account "belongs" to them, and they don't give a 2nd thought to whether their friends or guests or babysitters or whatever can watch their TV, or borrow their phone to make a call, or play some video games on my account.
Or even their bank account. People think of that as their property too. It gives them access to their money. Its not the banks money!! It's mine. The password is also mine. I chose it, and the bank shouldn't even know what it is. etc etc.
Yes legally, and when you get deep into it... the money is mine, but the servers are theirs. And the account is permission from them to use their servers using my chosen credential to access the money I entrusted them to hold for me... etc etc.
But if it ever came down to it, and I wanted to give someone my bank account password for some reason, my only thought would be in terms of the risk that represents to the security of MY money. I wouldn't give a 2nd thought to whether or not I had the right to delegate access to the banks servers.
Likewise with twitter... my only consideration in giving out my password would be the risk it represented to my 'reputation', the potential for greif to me from what they might say with it... etc.
The notion that I would be delegating access to twitter's server infrastructure in a way analogous to Bob letting Jill use your pool...? That would NOT be a consideration at all. No normal person thinks of their twitter account in that sense. (even if technically and legally that's what it is.)