I see where you're coming from, but I disagree. If we see it as a dilemma between:
* trust giant unaccountable organisations
* do things yourself, because you're the only one you can trust
we won't solve the issue, because there are too many things that every individual would have to understand, execute correctly , and do so with perfect OpSec.
We need to work out the social bit, as well as the technical. How do we make it practical for individuals to delegate trust to smaller organisations, so that they can switch between them if they show signs of abusing that trust? This needs social innovation as much as technical - how do we bootstrap trustworthiness for small organisations? How do we do it fast enough that the next move is to an ecology of small organisations, not just to the next Facebook/Play Store?
Agree completely. A solution would probably need to involve:
1. The alternatives being relatively easy to setup and use. This has already happened with some FOSS software.
2. Social norms changing around them (ie, it's "cool" / "normal" / "expected" to use privacy and ownership preserving alternatives). Basically has not happened at all.
3. Laws prohibiting, or limiting to a significant degree, the extent of the abuse that can be inflicted, changing the incentives. GDPR, whatever you think of its execution or effectiveness, is at least proof this kind of thing can be done.
The latter two are both very difficult problems, but I don't see any other way out.