What material harm or damage would you suffer if I snooped on all of your Internet browsing activity with the knowledge of who you are in real life and kept that information around forever to use for whatever purposes I so choose?
Straw man. That’s not analogous to what was being discussed. A better analogy is: HN can see my email because I gave it to them to login. I don’t need to request what HN is doing with my email, because I already know I gave it to them. Giving them my email doesn’t harm me. Using it to do something illegal might, but the GDPR wouldn’t be able to stop that.
You misunderstand how third-party cookies & tracking work. You also misunderstand the intent of the legislation if you think GDPR is about preventing 'illegal' things. It's about protecting individual citizens' sovereignty and privacy.