honest question: is there any realistic mechanism that will make them accountable if let's say they just train on 100% of repos without regards to opt-ins? I operate under the premise these tech companies can do whatever they want and there's very little oversight.
No, there isn't. You're relying on PMs or engineers who still care will see it happening and call it out. Other than that, it can become evidence in some future lawsuit. But the damage to you would've already been don.
