There's two types of "data under your control" at play here.
The first (and for most users, more important) is about not giving away your data to marketing companies. Switching to Fastmail accomplishes that (probably?).
The second is about securing your data from governments/state actors. That battle seems kind of futile to me. Even if I were running everything on my own server in my own basement, with my own ISP, I'm almost certainly not qualified to sysadmin a machine that needs to be secure against the NSA.
I did take me a while to realize that Google long since made the pivot from tech company (the search engine that started it all) to ad company (where they make their money). After you look at the profit numbers, it really isn't all that interesting how they spin what they're doing -- or what they do to maintain a customer base that buys ads (such as creating a smart phone platform to stay relevant).
I'm not actively going out looking for other direct marketing companies in order to give them my data -- why would I do so with Google?
If I run an ad campaign, and tell Google to show my ad to a specific demographic of users, then I know that anyone who clicked on that link is (most likely) in that demographic.
In Gmail, clicking the "Why the ad?" link pops up this message:
"This ad is based on emails from your mailbox and information from your Google account. Ads Settings puts you in control of the ads you see."
So clearly they are using your Gmail information for marketing purposes. Are they selling it directly? No. But it seems dishonest to me to claim that they aren't selling it just because there is a middleman (Google) between the marketer and Gmail user.
But that doesn't mean that they give or sell your data to other companies. In fact, that would be incredibly stupid, each bit of data you can sell only once, while as space, you can sell every day.
Is there really such a major difference between you giving your data to your email provider who then sells it to other companies or you giving data to your email provider who then uses it very much the same way these other companies would do?
One major difference is that data is sold tends to get a life on its own. Company A sells to B, B to C, etc. Before you know it, your e-mail address/phone number is in the hands of many companies.
Google is different in this regard. Since they don't sell raw data, it's easier to opt-out (remove data via the Dashboard[1], delete your account, etc.).
Fair enough, that is indeed a – possibly major – difference, although Google department A sharing data with department B, which gives stuff to department C could be argued to be similar, as the size of these departments easily match those of other companies.
You probably couldn't resist intrusion if you were under an active investigation, but hosting your own mail server would certainly help to partially mitigate the mass surveillance dragnets that are logging all traffic en masse from popular mail providers.
On the one hand your argument makes a lot of sense to me, but on the other hand using an email provider that is not one of the popular ones might in itself make you seem more suspicious.
And intercepting your email correspondence, no matter the provider, might be so trivial to the intelligence agencies at this point that they might be doing so already anyways. It's not unlikely that they'd be 'scanning' Fastmail email more intently than gmail, precisely because of the kinds of people that have security concerns.
> "... using an email provider that is not one of the popular ones might in itself make you seem more suspicious."
This kind of thinking is dangerous and scares me more than the dragnets themselves. There should be nothing suspicious about a citizen exercising their ability to choose from providers. As an analogy, I find it on par with thinking that hippies/minorities/whatever are somehow subversive just because they don't fit your idea of normal.
I can understand that this kind of thinking scares you, because it scares me too. I don't want to live in a world where hippies are monitored because they deviate from the norm, and I don't want to live in a world where trying to protect your privacy in itself can make you suspicious.
And yet hippies were monitored, and yet it's plausible that protecting your privacy does make you suspicious.
So I understand that this is scary, but I don't really understand why you consider this kind of thinking dangerous. If it's true, or if there's a good chance that it's true, then shouldn't that knowledge be acted upon, or at least considered, however scary?
Or am I misunderstanding you and are you just stating that in general you hate this situation?
Paying for email service might be a good idea for a lot of reasons, but people have an extremely absurd sense that they're "fighting the man". You know - by paying in US dollars, to a US company, using US banks....
EDIT: Something I did just see is that Fastmail gives you sieve scripting. Since going from hosting my own inbound email to Gmail, I've really missed having a good email sorting language.
I'm answering the specific points made about FastMail with the whether they are correct or not.
We don't have an account with a US bank, though we do have an account in USD, and we're an Australian company, not a US company.
Other than that, our main datacentre is in the USA, and obviously if every US bank decided not to allow transactions to our accounts, we would be in trouble. That would be true regardless of whether we billed in USD or AUD.
Same here, I think Fastmail should definitely consider hosting their servers in various locations and allow their customers to choose where they want their primary storage to be.
The first (and for most users, more important) is about not giving away your data to marketing companies. Switching to Fastmail accomplishes that (probably?).
The second is about securing your data from governments/state actors. That battle seems kind of futile to me. Even if I were running everything on my own server in my own basement, with my own ISP, I'm almost certainly not qualified to sysadmin a machine that needs to be secure against the NSA.