honestly, nothing to really report. this could be confirmation bias as i tend to avoid the problem actors( the facebooks, the fly-by-night vendors), but I have yet to see any egregious address-sharing in the last several years.
i still get quite a bit if spam from places that used to broadcast email addresses on their sites like early versions of the SETI distributed processing project
im using a bucketed approach so i dont use the +.. i add the vendor name into the email address so its always something like [email protected] for amazon (for example)