It seems like a site could navigator.share({origin: location.origin, id: my_id_for_this_user}), and the (user-chosen) recipient could use that information to join its own user ID with the source origin's user ID. I believe this is an acceptable risk given that it requires both sides of the transfer to write code to accomplish the transfer (https://w3cping.github.io/privacy-threat-model/#model-cross-site-recognition) and that the user has to pick the recipient, but it'd still be good to mention it in the privacy considerations.
It seems like a site could
navigator.share({origin: location.origin, id: my_id_for_this_user}), and the (user-chosen) recipient could use that information to join its own user ID with the source origin's user ID. I believe this is an acceptable risk given that it requires both sides of the transfer to write code to accomplish the transfer (https://w3cping.github.io/privacy-threat-model/#model-cross-site-recognition) and that the user has to pick the recipient, but it'd still be good to mention it in the privacy considerations.