Re: Paranoid and competent
Paranoid? It's not paranoia if they really are out to get you, as the saying goes. Competent, well, as I mention way down the thread, anonymous Linux tools -- TAILS, TENS, Kodachi, a host of "pentest" systems like Kali and Parrot -- have become much easier to use than they were even five years ago. TOR seems faster now, and the privacy-oriented VPNs seem more reliable too.
But you're right, IMHO, in that Windows 10 is insecure by design. Stock Android too, though I haven't explored the successor to ParanoidAndroid (I am doubtful).
Of course, if a nation-state really, really wants to own you, it will. Full stop. If the nation-state lusting after your a** is the one you live in, you're sunk. If it is a foreign power, they may find it harder to use physical means -- breaking and entering to install discreet hardware, for example.
And yes, Intel and AMD chipsets have intrinsic vulnerabilities which potentially defeat any OS-based security. Probably ARM chipsets too, though I haven't researched that.
So for me, the thing is: If you want to minimize surveillance, you do the best you can. Run an amnesiac OS from a thumb drive, use TOR Dns or DNSCrypt, use TOR itself, use a security-oriented VPN, use browser privacy tools (Privacy Badger, Ghostery, CanvasBlocker, and so forth -- too many to list). As it turns out, it doesn't take as much competence as it would seem, because the tools have gotten so much easier to use. Of course, the opposition -- the A-hole Team -- have upped their game as well, I'm sure.
Your mileage will vary.