When I switched from Windows XP to Linux, it was considered the more secure OS. On Windows, users were still running with admin rights by default.
I've used CrunchBang Linux, Lubuntu and Linux Mint since then, and while the security of dominant consumer OSes—now Android and iOS—has improved significantly in the past 15 years, not much seems to have changed on desktop Linux.
Where on my smartphone I can grant an app access to only the one photo I need it to have access to, on Linux, for all I know every program that is running under my user account may have uploaded all of my personal files to a malicious actor a thousand times over.
Where on my smartphone I can deny an app access to my location, on my laptop any application can easily get my external IP address and a list of wifi access points and bluetooth devices.
I read Windows and MacOS have adapted to the age of always online computers as well. Why are Linux distros not keeping up and applying the principle of least privilege?