Security is not a checkbox. Without even identifying what your risks are, how can you expect to manage risk?
While I may not "like" Facebook, how is looking at pictures of my dog's breeder's puppies a security risk?
A lot of people will forgo any effort to secure their privacy because they'll say, "I have nothing to hide." Essentially, they'll acquiesce in apathy because they don't see how it matters if "someone" can somehow read their email which is mostly junk and spam anyway. They probably even have several different accounts and don't think that they would use any of them for "secure" communications -- at least not until they needed "something" and nothing else occurred to them.
Ditching invasive tech is a good idea when you can do it, but more "secure" alternatives are usually a hassle that most people aren't willing to deal with. They will gladly trade their privacy and information security for a little convenience.
If you really want to repel the invaders, the first thing to get rid of is your cell phone. How many people are willing to do that? I ditched mine 3 years ago and haven't looked back.
Most people are wrapped up enough in their smart phone that they don't even use email anymore. If they do, they've given it all to yahoo or gmail. I ditched webmail providers years ago on principle.
I helped one person switch from Whatsapp to Signal. Signal, fwiw, depends on both ends having signal for end-to-end encryption. However, if the other party does not have Signal, you can still send and receive unsecured SMS via the Signal app.
The principled solution is to use hardware you own and control (no web-based, cloud-hosted, or SaS), an operating system and applications that are free (as in freedom and liberty) software.
