A threat model that includes the government is an unsustainable one, and never relevant to your friends
we just happen to visit the same 4 sites
And there wouldn’t be any problem changing it to “using the same 4 decentralized services.” Open source decentralized services are a better foundation to start with, than closed source centralized services.
and they monetize it better than no one else […] and they create better apps than any decentralized app we could come up with.
Sounds like you’re stuck between a rock and a hard place then. You cannot defeat a global passive adversary, and you apparently can’t defeat giant corporations for some reason, so you might as well give up.
You forget that your friends are the most important aspect of privacy. If you have no friends, building any protocol of any kind is meaningless. The absolute most important concern is building applications your friends want to use. Remember that corporations having a first-mover advantage does not mean that their applications are actually any good.
trust […] right to access content […] bad actors
This is meaningless because you are no longer under control of your own content once you release it outside of your node. Your friends can easily strip any DRM you attempt to add.