@evan @jessamyn
I would look for what their funding model appears to be. That is a huge ball of wax, but I think many people understand the heuristics by now.
e.g.
If it is VC funded, then it will eventually sell your personal information.
If it is open source but also has a main hosted instance, I would look to how the main developers are funded and how the main instance is paid for.
If it is built as part of some federated and distributed protocol, like ActivityPub, I would likely trust.