Oddbean new post about login | logout @b5b38449 @cf0cb6c4 As someone working in security research, I am confident saying that as long as you install your own OS on the device, the chance of catching any sort of malware persisting through that OS install is zero. Getting scammed on ebay or the device being lost in shipping are more serious risks by many orders of magnitude.
@7f73a7d1 @cf0cb6c4 Famous last words. As someone working in security research, you must have heard of attacks on the Intel Management Engine that allow malware persistence. Dunno about you, but that keeps me up at night. Speaking of which, old computers with Intel CPUs also have unpatched vulnerabilities in the aforementioned Management Engine that can be exploited by anyone capable of sending a packet to the machine.
@b5b38449 @cf0cb6c4 You can turn off the network functions of IME on all Thinkpad models going back to ~2010. While I agree that IME should not exist and that it's a security nightmare in a purely academic sense, practically, you'd only ever have to even consider this type of attack if you're like, a human rights lawyer in Saudi Arabia or whatever. If you are, sure, be careful with used hardware. Everyone else, don't worry about it.