Anybody that doesn’t know the code their device is running is a fool to trust it by default. Even knowing the code well, devices are compromised all the time. Yours seems like the lone sane opinion here.
We don't know the code of HN but we trust it because we can see the inputs, outputs, and trust the admins running it. A lot of people trust Google/Apple for the same reason to keep their devices secure but are aware that they might need to stay up-to-date and give up freedom [to install unverified apps] to achieve that security.
HN also does not have a microphone sitting here for me constantly listening for me to say "OK HN, post response". It is running as a pull HTTP connection in a sandboxed browser. I do not need to imply any trust in them provided they don't have some zero day exploit running to escape my browser and hijack my system.
Just as if my location/microphone were able to be physically turned off on my phone I would not have to trust that someone isn't always listening in on me. If I can't do that it is not unreasonable not to trust it. There have been plenty of instances of these things being abused.