[Shank]

No offense, but tampering with firmware on motherboards, hard drives, and network cards to breach privacy sounds more like NSA/EquationGroup/TAO, not parts recycling centers. Unless you're implying that we should be checking every component for NSA tampering, I'd need some solid statistics to back up the idea that firmware backdoors are suddenly commonplace from refurbished/recycled computer parts.

[patcheudor]

NSA/EquationGroup is just in the news right now. There have been growing concerns about UEFI for years as well as a lack of reporting. Note this from Dick Wilkins UEFI report:

"Examples come from Intel, Microsoft, Mitre, NIST, Linux distros and others. Some are public and some are available only under NDA via direct communications with the involved companies."

Is it likely to be seen in the wild often? Likely not, but that's not the point. If it's seen more than once, then you have a problem if you build an entire business selling "trusted platforms" based on recycled equipment. At that point, expect your claims to be busted. What happens the first time someone actually finds a confirmed trojan in a firmware component of a product they sell? It doesn't matter if it is legitimate or a plant, it will reverberate through the news cycle like Lenovo-Superfish and the damage will be done.

This isn't to say this business model is a bust. Just be very cautious about claiming it supports privacy. There are plenty of educational scenarios where hardware which has been compromised would be of no issue.

http://www.uefi.org/sites/default/files/resources/2014_UEFI_...

[tbob22]

Any time I buy a used board I check the board carefully for any kind of modification or odd looking solder joints and re-flash the bios/uefi with the latest version.

Of course something could still be modified, but so could a board direct from amazon or newegg I suppose.