Modern OSes are too much complex, and the Open Source ones, of course, can be inspected but because of their complexity, it would take too much time (really) to be inspected by each single person. But unless you compiled everything yourself, you cannot know that the code you are running is the code that you are inspecting, even though it may be published in the distro's official repos.

Other problem is that you can't be sure that the compiler isn't malicious.

All of it is just on the software level. If we think about the lower level, since, maybe, Pentium III our computers have CPU backdoors (the same occurs with modems), SSDs are too much difficult, if not impossible, to be completely erased and it's tendency among modern computers and "gadget" shit.

Your ISP records everything, and your VPN (if you pay one) can betray you, who knows?

So why try harder? There are improvements on the other side of the force or privact is just a hoax? Snowden even talked about Debian being created by the authorities and some people say that agencies can break every piece of encrypted software and if they can't now, they will be in the future because things are getting collected by their servers and one day or another they will break the encryptions and read, see, hear what you don't wanted them to read/ see/ hear.