Also, I wonder whether there is a Threat scenario of "compelled transfer" where @DTinitiative -style infrastructure could be used by a powerful actor (say a state) to force users to transfer/copy their data from a more protected location to a less protected location.
Numerous potential examples we can think of, from international to US-domestic.
@J12t @DTinitiative Hmm. Everything we work with assumes the user has to authenticate with source and destination to process the transfer (see, e.g., https://dtinit.org/blog/2024/01/16/threat-model-pt-one and we have another piece in this series coming out Tuesday). I don't see any intermediary replicating the user sign-in function, so I don't think that this is any more risky in the direct transfer context than in a data download scenario?