Fine is just the warning. Noncompliance can get the company kicked out of France/EU.

How about 345m? https://www.theguardian.com/technology/2023/sep/15/tiktok-fined-345m-for-breaking-eu-data-law-on-childrens-accounts

To be fair, GDPR fines can go up to 2% of worldwide revenue. Meta was hit by a $1.3G fine just this year, which for 2022 fiscal year ($116.6G) accounts for 1.1% of their revenue.

But yeah. Most fines are mostly just the cost of business for those billionaire companies, and the ones that may not be, the army of lawyers they pay a fortune to have on payroll to fight tooth and nail against them, that must logically be cheaper than what those fines really end up costing them, should give a hint.

What stop? They are going to get a fine of $5m euros. Wow. End of that dark pattern. /s

A bigger question is why Android even allows this. This is not possible on iOS and shouldn’t be possible to begin with.

Google is every bit responsible.

I can imagine that spammers nowadays can write a simple script that drops everything from the + to the @, so while that may work for some spammers, others will just use your normal email address. I've resorted to creating a catchall for my personal domain. Also not ideal, but it'll hopefully take them a while to figure that one out for everyone using their own domain.

A better tip is to buy a domain with an email forwarder configured. I have an infinite number of emails and I can see who's selling my data by checking what the email user is set to, since I usually sign up with an address related to the service I'm using.

Some apps let you create an email account first then link socials/OAuth providers on top, so there's that. But other times it's indeed a good solution. Unless the site uses validation that doesn't allow for subaddress extension.