As a note, the EU requirements for cookie banners actually have a few interesting requirements.

So they engineered the consent mechanism to be as high-friction as possible to say “no”, while the “yes, violate my privacy” choice is always a single click.

A consent dialog needs to offer a "decline" option that's at least as easy to access as the "agree" option. If they try to coerce you to give consent simply to avoid tedium, then that consent mechanism is in violation of GDPR.

Also a fun tidbit;
Ended up sharing a table at a speakers dinner in 2019 with a guy who worked for the same advertisement company that caused the Target scandal (among others). He had some interesting things to share about how such things happen, and also how the advertisement industry works internally.
It's got a remarkable amount of parallels to high-frequency trading.

That is a great write up! Well written and explained! But ... was the clickbait title and picture necessary? x3