Isn't there already thousands of ways for exfiltrating data that must be whitelisted by corporate firewalls? office365/gsuite, for instance. Not to mention the classics like dns.