That is one of the most difficult things in choosing a home in a decentralised network, and in a free-software project in which anyone is free to install and use – and even adapt – the software, it’s difficult to know how to improve that situation for prospective users.
One thing to consider is the length of time a pod has been running. PodUptime’s detailed view shows how long a pod has been running, and its uptime. If a pod has been going a long time there’s a better likelihood that anything bad about it will have become evident, and if its uptime is good, that shows it’s reliable.
But yes; if you’re using a pod run by someone else, you are trusting them with your data. Diaspora gives two freedoms here: the freedom to choose which pod to trust (which can be difficult, as you’ve all been saying), and the freedom to choose how much information about yourself you give. You don’t have to use your real name and you don’t even have to provide a real email address. So you can limit the data available to your podmin.
The ideal would be for pod installation and maintenance to be so simple that even non-technical users can run their own pod, just like installing and running any other app. But in spite of much work on this, there’s still a long way to go before that becomes a reality.
.it is indeed the top-level domain for Italy, but that doesn’t mean that is where the server is located. The server running hubzilla.it appears to be located in Germany (you’ll find a lot of nodes located there, because the country has some of the best privacy protections in law).
You can use Flagfox’s Geotool IP lookup to find where a domain’s server is located, and whois.com is useful for finding out information about the person who registered a domain.
One thing you can do is connect with the network by setting up a pod on a random pod and giving away the minimum information about yourself (fake name, fake email address), and then ask Diaspora’s community about their experiences with different pods. You can then make a more informed decision about a longer-term home for your data. But there will always be an element of trust when asking someone else to host your data for you.
Encryption of data on pods has been rejected because it would add to processor load so much that hosting a pod would be too expensive for most people, and even that wouldn’t stop a rogue podmin from accessing user data, as this comment from one of the project leaders explains.
Hope that helps somewhat.