Of course, getting data uploads past little snitch is an exercise in triviality. For instance, using DNS tunneling. Sending requests to unrelated servers, ideally on AWS or some other cloud, so you have no idea at all who's behind the server and the firewall can't realistically block it, where the info can be retrieved by another party.