Call me crazy, but I feel like at this point everybody should have their own SSL certificates & MITM proxy setups so they can easily see all traffic from all their devices and apps, and filter appropriately or extract data, etc. Both for outbound & inbound traffic.

This should be made easier and more accessible for everyone. We should be empowering the people and putting control back in people's hands.

This is both an excellent description of computational-detective-work, and also an excellent illustration of how it really wouldn't take much effort for these companies to give the author what he wants: his own data.

Given that, in both cases, the data is stored on someone elses' server, I wonder if a well-formed GDPR (rather than POST!) request might yield the data in a csv format with far less decompiling required.