I’d go with state actors first.
When a particular social media platform is centralized, you can buy yourself a say percentage of stock and have sway over it (cough tencent), or have a useful idiot ruin the platform (cough musk), or another useful idiot to run propaganda you like anyway (cough truth social, cough fox news, cough newsmax…), or yet another that will sell out it’s host country’s citizens for cold hard cash (cough facebook).
But when that social media platform is decentralized? Well, then you’d need to figure out how to poison the well early on to stave off adoption. The Saudi Arabias, UAEs, Chinas definitely don’t like the idea of lemmy, and it’ll be way harder for them to control if critical mass is hit.
Depending on where you live, and where your service resides, this could be tricky.
In the US, for instance, if you've chosen a provider in Australia, then a FVEY agreement could be in place to share that data. This gets around the technicality that intel gathering is not occurring on US soil and is not being done by the gov.
And again with the US, if you've chosen a country that's not amiable to sharing user data, the US could very well be justifying that country as a target for pilfering data anyway.
So, that would leave choosing a service provider within the US, which should need to go through the FISA courts for any access to citizen data, but who knows after the Snowden revelations.
I guess that's the state of privacy if you've got a nation state that's targeted you for surveillance. Only way around it I can think of is data to be encrypted in transit and at rest, and only you control the keys. But that's not something that's going to happen with something like mainstream email anyway, too inconvenient for most folks (and you also don't know if your recipients are security conscious either).