If this true, there is possibly a side channel one could run against object storage to determine if someone else in the content-addressable-store has the same files.
Like when it was easy to file share on dropbox by having the correct hashes. A GUID could summon a 1GB file.
A couple of comments across the thread have made similar points, but if I were implementing this, the "client metadata" like the incoming sha256 etc would be implemented a layer higher than the actual byte storage, so the byte storage could be compressed without any impact on that sort of thing.
Like when it was easy to file share on dropbox by having the correct hashes. A GUID could summon a 1GB file.