we have routers that you can monitor traffic on

Most traffic is encrypted with HTTPS unless you can root every single device you own

we have microphone use indicators on mobile, and I would imagine it would be pretty clear if an app was uploading audio with even very basic monitoring tools.

Complicated smartphone OS, firmware, drivers might have bugs allow overrides of visual indicators.

Companies have also been known to secretly eavesdrop and not tell users before (Apple + Siri https://www.courthousenews.com/judge-approves-95-million-app...)

How confident or certain are you of what CSME or PSP or some code in TrustZone is doing? How certain are you that not a single piece of software on your machine, be it in the kernel, userland, drivers, is performing some type of surreptitious communication with CSME or PSP or program running in TrustZone?

Do you know for sure whether PSP or CSME has ever done DMA, or fingerprinted stack/heap allocation patterns and timing, or inspected the contents of your disk (after FDE was done being decrypted, of course), to evaluate whether common packet capture software is installed, or even whether it's currently running?

Detecting spyware is one thing. Detecting surreptitious nation-state spyware that behaves differently when it's being observed is a different challenge entirely.

I recall there were quite a few experiments where people use certain keywords heavily just to get closely related ads later on. I can totally relate my experience with it as well. Of course it is inconclusive - but if there is an incentive, management of big companies will venture into it. And chinese management is no different from western ones to that matter.