[patcheudor]

"Data control by large corporations and government agencies is a tangible concern. Our Symple PC represents another, environmentally intelligent and privacy-aware path. It is one of the most planet-friendly PCs in the world. The case is made from recycled ABS plastic, the parts are recycled..."

Hold on, hold on. They are directly marketing this solution to call centers, non-profits, etc., claiming it's "privacy-conscious" yet it utilizes recycled components which by their nature are from unknown sources. There is no chain of custody for recycled components. As such, do they have a lab which is verifying the firmware of any of those recycled components haven't been tampered with in a way which will result in a breach of privacy? If they do, that's cool but I'd think it would add significantly to the cost. This has been a major challenge in the re-use space for years as it's possible to tamper with firmware on motherboards, hard-drives, and network cards in a way which breaches privacy, independent of the operating system. I get the whole reuse thing, it's cool, but I'd be very cautious about making binding claims as to either the privacy or security of devices using recycled components which can be re-flashed.

[Shank]

No offense, but tampering with firmware on motherboards, hard drives, and network cards to breach privacy sounds more like NSA/EquationGroup/TAO, not parts recycling centers. Unless you're implying that we should be checking every component for NSA tampering, I'd need some solid statistics to back up the idea that firmware backdoors are suddenly commonplace from refurbished/recycled computer parts.

[patcheudor]

NSA/EquationGroup is just in the news right now. There have been growing concerns about UEFI for years as well as a lack of reporting. Note this from Dick Wilkins UEFI report:

"Examples come from Intel, Microsoft, Mitre, NIST, Linux distros and others. Some are public and some are available only under NDA via direct communications with the involved companies."

Is it likely to be seen in the wild often? Likely not, but that's not the point. If it's seen more than once, then you have a problem if you build an entire business selling "trusted platforms" based on recycled equipment. At that point, expect your claims to be busted. What happens the first time someone actually finds a confirmed trojan in a firmware component of a product they sell? It doesn't matter if it is legitimate or a plant, it will reverberate through the news cycle like Lenovo-Superfish and the damage will be done.

This isn't to say this business model is a bust. Just be very cautious about claiming it supports privacy. There are plenty of educational scenarios where hardware which has been compromised would be of no issue.

http://www.uefi.org/sites/default/files/resources/2014_UEFI_...

[tbob22]

Any time I buy a used board I check the board carefully for any kind of modification or odd looking solder joints and re-flash the bios/uefi with the latest version.

Of course something could still be modified, but so could a board direct from amazon or newegg I suppose.