Use EICAR test strings as your password.

If they store your password in plain text the AV will lock the user database.

If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.

Not exactly what you're looking for, but Ad-Nauseum is a nice way to inject a ton of garbage into the data corps collect.

Send a copy of the receipt for your donation to the open source project that most closely aims to be their alternative. Explain why you're angry in 3 sentences and do so like you are condescendingly speaking to a five year old.

If you send back one of those reply mail envelopes it costs them money. Stuff those envelopes with junk and send them back.

I'm skeptical that anything legal will work for very long because they will quickly work to make said legal action illegal.

Maybe pirate your media and donate the money to open source alternatives

Use AI to generate false info to feed into their database

Use bots to apply for the open positions to waste time. Reject them all for not enough pay.

Post public info of the CEO class

Piracy

Give fake data when using all services.

Start and join boycott groups.

Use their social media against them. Eg post their dirty laundry as a comment on their post.

If a company is publicly traded, then all leaked individuals are given 50.1% controlling stock in the company, split among the victims with new stocks created for them, with unclaimed stocks held in a trust controlled by anyone that did respond to claim stocks. They can sell the stocks, or drive the company into the ground out of spite. Maybe even both.

Companies not publicly traded have 3 months to make all code used, trademarked material, and patents open source in perpetuity, and 1 year to convert their corporate structure into a non-profit.

Regardless of the size of the company, the CEO, CTO, and board must eat their weight in fried bugs. They get to pick the type of bug from a list of 5 options, and any seasoning they want. Live streams of the bug eating will be monetized and the proceeds given to orphans, under the title of "It's not a bug, its a feature."

Stop using as many services as possible. It might not be funny but, I mean, what if you went to a music store and bought used CDs instead of using Spotify? Do all of that you can.

Make your data useless or wrong.

More passively, there's probably an oddly large amount of John Does born on January 1, 2000 ;)

More offensively, anti-image-gen data poisoning such as Nightshade exists. It's well-defended against IIRC so hopefully someone can Cunningham's Law correct me. And this is also more solo of a movement (as opposed to gaining mass support for something)

As others have said, the best instances of direct action are illegal.

Don't use their services.

Edit: whoops, I missed the "il" part in "not illegal". Anyway you should definitely not do the following. Allegedly doing the following would be arson, and society frowns upon such things.

Easy:

1. Identify company
2. Wait until it's a weekend night. We're not after the wage slaves after all.
3. Mix polystyrene and gasoline. Remember that gasoline can melt some plastics, so if using a plastic container for mixing do a test first. You do not want napalm all over the place.
4. Fill the gooey substance in glass bottles.
5. Cap the bottles. (see #7)
6. Drive to the company.
7. Open bottles and put wicks in them. (important not to do this earlier. Driving with open gasoline containers in your car will make you drowsy and is a fire hazard)
8. If you haven't already got gloves on, put them on and wipe down the bottles - you may have to leave some at some point.
9. Have accomplices trigger fire alarms all over the local fire department's district. Either automatic fire alarms will be discarded for a bit or the marshall will be tied up investigating.
10. Light a wick, throw the bottle at the company, try to get it to break a window.
11. If you're out of bottles or you see blue lights cheese it. Otherwise go back a step and repeat it.

I think the most effective method is to do some sort of organized boycott. We all know well enough how sheisty these companies are. Time to start encouraging each other to quit them en masse.

The fake name generator might be useful. There are also temporary email services for when a site account requires a confirmed email.

Start Self hosting. Keeping my data at home is how I'm sticking it to the man these days.

Do not use actual names, birthdays, phone numbers, addresses, email addresses, etc. There's no reason they need to know that info and I love/hate seeing physical mail and email show up with my made up info. Doesn't work when paying for stuff though.

Report bugs that don't actually exist. Keep reporting the same bug from different emails. Works especially well for apps.

What we're talking about can easily be devalued, among other things.

luigi had an idea

If anyone has one specifically for airlines, I'd love to hear it! Got plenty of time to read the comments with my cancelled flight

If someone stoles the data then the corp can't be trusted. Punishment: erase ALL records from ALL of their databases and forbid that corp to take data for at least one year. The time would depend on the severity of the leak. If the leak if catastrophic, 10 years minimum.

Sign someone up for Scientology