I believe that you and some others are looking for a scape goat, it is up to you as the owner of your website that it is GDPR compliant regardless of the software or what it may or may not do.
And I believe that you too are mistaken. Time will tell. I don't think companies like Instagram are offering expansive data portability options out of the goodness of their hearts.
By the way, even if XenForo doesn't
need anything added to be GDPR compliant, there is a lot more XenForo can do to
help us to be GDPR compliant.
Just like there is a default Terms and a default Cookie Info, there could be a default Privacy Policy with most of the elements there to get us started. There could be a number of configurable Opt-In settings during registration for those of us who want to offer opt-in personalized ads, affiliate linking, etc.
Yes, those are not
needs for someone running stock XenForo. But neither are ad placements, yet XenForo gives us ad placements. That's just one of many examples where XenForo goes beyond needs to give us
wants.
Ultimately, XenForo has competition, and a lot of stuff that XenForo doesn't
have to include
is going to be included by their competition.
Lastly, I have put in the work so that my sites
are GDPR compliant. So I have no need of a scapegoat.