Another way they could activate it would be if they controlled your router.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.