[fuckyouriotshit]

> The large advertising brokers are handling petabytes of cookie tracking data per day.

Citation needed.

Also, you don't need a copy of every single byte that a tracking company collects; summaries are more than enough to be useful to track individuals across the internet.

> The volume of the data makes it basically impossible to exfiltrate.

An attacker doesn't need to try to exfiltrate a large fraction of collected data; only the data that's likely to be interesting to them.

See Facebook/Cambridge Analytica [1] for an example of just how incompetent a technically-sophisticated company can be when it comes to protecting their users' (and their own!) data from potential adversaries.

[1] In particular, the comments from Alex Stamos, the CSO who said “We have the threat profile of a [...] defense contractor, but we run our corporate networks [...] like a college campus" (from https://www.cnbc.com/2017/10/19/facebook-security-chief-alex... )