[smt1]

I think you can assume all sorts of analog/physical/digital/information theoretic fingerprinting probably has been used to capture huge volumes of data and microtarget people w/o them knowing (especially in any web browsers or phones).

Though until the CCPA/GDPR, it was probably fairly legally nebulus. Still waiting for a privacy act in the US. Since it was a wide variety of actors, we may never know who captured what how.

I think companies like Apple who tend to make margin on the hardware and not the information probably are to be commended by pushing a lot of privacy/extra scrutiny requirements through the platforms they control (iOS, mac, webkit, etc).