Data Transfer Project Protocol to Transfer Your Data From One Service to Another
A lot of new online services are cropping up every day, making our life a lot easier.

But it is always harder for users to switch to another product or service, which they think is better because the process usually involves downloading everything from one service and then re-uploading it all again to another.

Thanks to GDPR—stands for General Data Protection Regulation, a legal regulation by European Union that sets guidelines for the collection and processing of users' personal information by companies—many online services have started providing tools that allow their users to download their data in just one click.

But that doesn't completely simplify and streamline the process of securely transferring your data around services.
Cybersecurity

To make this easier for users, four big tech companies—Google, Facebook, Microsoft, and Twitter—have teamed up to launch a new open-source, service-to-service data portability platform, called the Data Transfer Project.

What is Data Transfer Project and How Does it Work?

Google Microsoft Data Transfer Project (DTP)
Data Transfer Project (DTP) data portability protocol is a universal import/export standards that have been designed to give users a new way to move their data directly between platforms.

Data Transfer Project uses existing industry-standard infrastructure and authorization mechanisms, such as OAuth and REST, to access data into a common (canonical) format and re-upload it to new services.

"The DTP is powered by an ecosystem of adapters (Data Adapters and Authentication Adapters) that convert a range of proprietary formats into a small number of canonical formats (Data Models) useful for transferring data," the DTP describes.
Google Data Portability and Data Transfer Project (DTP)

Here are some simple use-case examples DTP developers shared to describe the use of this new platform:
  • Trying out a new service — A user discovers a new photo printing service offering beautiful and innovative photo book formats, but their photos are stored in their social media account. With DTP, they'd visit a site or app offered by photo printing service and initiate a transfer directly from their social media account to the photo book service.
  • Leaving a service — A user does not agree with the privacy policy of their music service, and want to stop using it immediately but do not want to lose the playlists he/she has created. Using this open-source software, one could use the export functionality of the original provider to save a copy of one's playlist to the cloud. This enables the user to import the playlists to a new provider, or multiple providers, once he/she decide on a new service.
  • Backing up your data — A user in a low-bandwidth area has been working with an architect on graphics and drawings for a new house. At the end of the project, they want to transfer all their files from a shared storage system to the user's cloud storage service. They can simply go to the cloud storage Data Transfer Project User Interface (UI) and move hundreds of large files directly, without straining their bandwidth.
Cybersecurity

So far, the DTP project has developed adapters for seven different service providers—Google, Microsoft, Twitter, Instagram, Flickr, Remember the Milk, and SmugMug—across five different types of consumer data, including photos, mail, tasks, contacts, and calendar.

Data Transfer Project — Security and Privacy

Data Transfer Project — Security and Privacy
For security and privacy, the "responsibility is shared among all the participants" as described in the above-shown table.

The Data Transfer Project system design ensures that all credentials and user data remain encrypted both in transit and at rest, for which it uses "a form of perfect forward secrecy where a new unique key is generated for each transfer," ensuring that admins do not have access to the encryption key.

The DTP protocol also supports "data minimization" that allows users to selectively transfer minimum required data from one service to another that is needed to successfully provide their service.

The system also requires participating services, both the source account and the destination account, to generate alerts to notify the user that a data transfer has been initiated in an effort to prevent unauthorized data transfer.

Besides this, DTP also supports:
  • rate limiting the number and frequency of transfers for a given user,
  • authorization token revocation, in case a token is leaked,
  • minimal scopes for authentication tokens.
The DTP is still an underdevelopment project, which is "not quite ready for everyone to use yet," though the existing code for the project has been made available on GitHub, along with a white paper [PDF] describing its scope.

In its blog post, Microsoft called for more companies to sign onto the new effort, adding that "portability and interoperability are central to cloud innovation and competition."
"For people on slow or low bandwidth connections, service-to-service portability will be especially important where infrastructure constraints and expense make importing and exporting data to or from the user's system impractical if not nearly impossible," Microsoft said.
However, it should be noted that the Data Transfer Project could have some serious implications for smaller service providers participating in the project, making it easier for their customers to leave and join services from popular brands with lucrative offers or free services.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.