On topic / off topic:
This has me thinking about the current state of user replaceable internals.
I wonder to what extent the structure of corporate laptop fleet management ( ie. Lease and return less the ssd because... security) dictated which components could and couldn't be soldered down, versus a happy coincidence of potential gains, as the ssd has the least to gain by being soldered? But even if it did, would the requirements of Big Inc. have prevented that?
And for those that do solder their storage, have there been ramifications in accessing this market? Do companies with strict policies on data loss risks have black lists for devices with soldered storage? I'm guessing it's hard to use apple as a comparison point here because it was never really welcome in corporate fleets.
> By embedding telemetry capabilities directly within the firmware, we ensure that device health and usage data is captured the moment it is collected. This data is stored securely on HP SSD drives, leveraging hardware-based security measures to protect against unauthorized access or manipulation.
What I see are more technological affordances for closed firmware behavior of the device, increasing complexity, and providing additional opportunity for, and cover for, secret surveillance, backdoors, and other malware.
The used laptop market is very healthy already, and sellers already make money doing their own n-point tests before selling. Some use turn-key diagnostics software packages that work with the state of the laptop as it is (and drive SMART data). It's worked fine, AFAIK.
I've personally bought and used ~40 used laptops, mostly from random sellers on eBay, and not knowing the laptop's dating history hasn't been a barrier. The only significant, rare problems have been dirt and strange odors, which presumably aren't sensed and recorded in this "telemetry".
> > What I see are more technological affordances for closed firmware behavior of the device, increasing complexity, and providing additional opportunity for, and cover for, secret surveillance, backdoors, and other malware.
All this surveillance just in case you want to have an easier time selling a laptop. I'd rather have this time spent building a better laptop that sells itself because it's a battery swap and a CPU re-paste away from feeling like new.
I think the reason is that, on laptops, the cosmetic has such a high correlation with what you can expect wrong with the device - people don't take their laptops in for "body work".
Also these devices in the second-hand market are probably 80+% < $1,000 and let's be real - getting a bad $400 computer is kinda whatever in the dramas of life. Just get another.
This is true for normal business and consumer laptops, but rugged machines (eg Panasonic Toughbooks) often go to the surplus market after living very hard lives. There is a thriving “refurbishment” industry putting lipstick on these pigs.
If you see a Toughbook on eBay that has been painted black, for example, that was done to hide the battle damage.
SMART used to be one of those "data is stored securely on X, leveraging hardware-based security measures to protect against unauthorized access or manipulation". Nowadays its trivial to wipe and is the basis of "refurbished new old stock" Amazon HDD SCAM where product turns out to be pulls from server farms with over 20K hours on them with wiped SMART showing zero hours no defects. Its faster to wipe smart than scan the drive, and more lucrative to sell as new old stock than admit its a server pull.
For people outside the US (maybe?), CarFax has no meaning, so the analogy is a bit confusing.
The whole thing make no sense. They plan to store the report on the SSD (but not just any SSD, an HP SSD), so that the telemetry is retained between operating system install. I'll give them points for doing on device data collection, but what if I replace the SSD? Maybe they don't plan on making that user replaceable, but that would work against what they are trying to do here.
Honestly if HP cared they would make the device more easily serviceable by the end users, and upgradable. Even that doesn't matter a great deal, beyond having companies slow down their upgrade cycle slightly, there's no real gain. Right now I'm looking at used laptops, but the local refurb place have apparently scraped all their laptops that are unable to run Windows 11. Without the software companies putting in a bigger effort to keep old devices viable for longer I don't really see who's suppose to buy all these old HP computers.
They are taking a sku without telemetry, and quietly swapping in a machine with extensive telemetry and hardware locks that they can drive after you have taken possession.
I have also heard of people swapping parts with rental cars, including tires. And apparently some rental agencies will mark their tires to make sure you didn’t swap them.
This is likely just something that corporate users would care about. Companies often lease PCs from IT service providers rather than own and maintain their own hardware. The owner of the hardware now has a metric they can point to for how "usable" a machine is after the initial lease. As a customer, I may not want to rent laptops that have been through who knows what sort of wear and tear no matter how cheap but if the owner can now show me actual data saying how used the laptop is, I may feel more comfortable paying less for used. It's like the odometer on a car, I'd never buy a used car that didn't have an odometer (even if such a thing existed). But with an odometer, I can get a general idea of how much use a car has had despite the age. Only a year old with 30k miles? Hell no. Three years old with only 10k? That car might as well be new.
I'm assuming since it writes to a vendor-reserved sector, replacing it would make the whole thing moot. The rental company wants to retain that data because it makes a used PC more valuable. Since the corporate renter doesn't own the PC, they would only be allowed to wipe the SSD (excluding this section), not remove and destroy it.
"Odometer" for HDDs and SSDs are already provided in SMART data that is more or less standatized and accessible using many tools. The data is not resettable by mortals similarly to car odometers.
Everyone should test their hard drives within the return window after purchase for these kinds of errors as it is a warning and failure condition, but there is no reason to buy a caution or warning status drive. The metrics are standardized somewhat but the interpretations of the values are vendor and model specific. I’ve used CrystalDiskInfo in the past but don’t know what the state of the art in this is at the moment and this isn’t a recommendation per se. I just have backed up a lot of hard drives, and when I have block or file level access issues, there are usually SMART errors, but not always on the vendor provided tools. Sometimes the third party tools are wrong, but I had a pretty large sample size of computers that had unknown problems which is not likely representative of most computers or computer users, but the tools were helpful as far as knowing more about the hardware to inform the user, so I can see where HP is coming from. I suspect some kind of gaming of the metrics but can’t prove this. It’s not a horrible idea, but I don’t love more failure modes. I’ve seen BitLocker issues from updating firmware without turning it off first, which is cautioned against as a possibility, but if this helps with those kinds of issues too, it will be sold as a feature for the corporate market to help with fleet management.
Also many companies want to destroy the SSD on selling old laptops. Paranoid about security and thinking they need Pentagon level security theatre. But companies should delete potential liabilities.
But I'd never allow an enterprise SSD to be reformatted. If some old data leaked from the business and the business was taken to court, the prosecution might argue it leaked from SSDs and you couldn't prove otherwise.
Cars in the US are cheaper so in some countries they are shipped, fixed, and sold. People pay to see the CarFax to see how bad the accident was. There's a big market for it outside the U.S. surprisingly. U.S. cars can be easily identified by their yellow indicator lights. You'll see the term "clean CarFax" a lot in online dealerships outside the U.S. Although I feel for PCs it's a bit silly
Carfax exists because of the possibility of buying a car with extensive damage that looks cosmetically ok. Additionally, the service records they collect indicate that a vehicle has undergone regular maintenance.
Computers, for the most part, aren't getting in major accidents and reentering the stream of commerce. Additionally, there's no significant mechanical maintenance required, except for blowing compressed air if the environment is dirty.
This, I think, is the part that confuses me. While there is a level of uncertainty, when buying used computer, the cost tends to magnitude smaller than a new car and even for fancish lappies likely sub 1k ( maybe that changes when we start accounting for gaming laptops, but those are unlikely to be corporate fleet, which I assume is the consideration here? ).
I initially though HP found some new way to fleece data out of its users, but looking at what is proposed, I don't see anything that obviously bad so I am lost here too.
And this is all before we get to how difficult HP has gotten to repair. My last HP ( consumer grade after which I swore no personal HP machines ever ) did everything short of soldering hdd to the board ( ridiculous placement, non-standard screws ).
The idea has some, limited merit, but I just don't see it being useful.
There’s plenty of models of business notebooks and thin and lights, many of which are preferred by a certain customer segment over cheaper options due to higher grade design, materials, etc that can breach the $1k mark in the used market if sold within the first year or two of manufacture.
I don’t know how much value it’d add, though it would be pretty interesting to see exactly how much of a Ship of Theseus that used laptop you just bought is, if this system tracks part serials and such. Could also be useful for sniffing out use of substandard/knockoff third party parts, which could be of legitimate interest to buyers (I wouldn’t necessarily trust a third party power handling module from AliExpress for example).
I was wondering the other day about something like this for retro computing hardware, including game consoles.
You can buy a device that looks perfectly good, but has rusty parts, leaking capacitors, shoddy/counterfeit replacement parts, and who knows what else. And if it wasn’t previously opened (they seemingly always are), you don’t know what was done to it.
I don’t think you can really solve that through tech, it’s really more of a record keeping issue. Which actually seems to be mostly how carfax works?
I’ve thought about fixing up consoles and selling them (more for cost recovery and to free up space than for profit), but I wonder about how to share information about the work and the risks in a way that the purchaser is likely to understand and appreciate.
Maintenance too. There was about a decade that I took my car to the repair place within walking distance of home for regular maintenance (oil, brakes, shocks, tires, etc). I took it somewhere else after moving, and they asked if I really hadn't done any maintenance in the past 10 years.
The other purpose of a CarFax is to validate or attempt to validate that the mileage reported is accurate or not. Is there an equivalent of mileage for a CPU or motherboard?
Seems like a horrible invasion of privacy for very little benefit.
The logs are stored on an SSD , which is literally the only part you need to replace when donating or reselling a PC. Any enterprise company should have a policy ensuring SSD destruction.
Most laptops will last a long time assuming they aren't abused. I guess the SSD wears out, but that's a 50$ part.
They should, but then it only takes one misconfigured, or misbehaving machine to cause a data breach that, depending on the industry, could be a big headache and cost. At scale, with many employees, the chances of this happening approach 1.
Physical destruction is cheap and effective insurance against this.
From reliability perspective an used SSD is not a bad idea. Average SSD that has seen typical business / home use will become obsolete long before it reaches its TBW rating, and many drives last way beyond that. Keyboard, screen or even the motherboard are more likely to give up before the SSD.
Having IT roll up into me, I've seen way, way more batteries fail than SSDs. Screen failure [and hinge failure] is far more common than SSDs failing. Keyboard/touchpads fail more often. Charging bricks/cables also fail somewhat more than SSDs. Beyond that, in the low end of the laptop re-use market, "just blindly always buy and install a new SSD" breaks the economics pretty badly.
Look at the SMART stats, format the drive, and install your OS. For people shopping laptops under $250, that seems like a better path than a new SSD.
I don't trust HP firmware to wake the laptop from sleep in one attempt, let alone trust them to securely store their telemetry (that they won't let me see directly).
> Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.
And in any event, I would tend to argue that the matter of reselling is secondary: The problem is that the affected disks are effectively unencrypted, and that's a problem regardless. If your disks are properly encrypted, then reselling them should be safe.
This is incorrect and not how Bitlocker operates at all. Bitlocker doesn't operate with self encrypted drives, instead the encryption happens on the OS level.
What's incorrect? The part of the official MS announcement that it's done in software now, or that it used to trust drive-level hardware encryption (as shown in the above vulnerability)?
Why take the risk? If you remove the drive when decommissioning a machine you now have 100% certainty that there is no possible data leak and it costs nothing but two minutes of labor.
If you care at all about data leaks, there's literally no reason to not destroy decomissioned frives and a lot of very real potential risks in not destroying it.
It may be "nicer" to a hypothetical second user, but you don't care about them and new drives are dirt cheap anyway.
There's a possibility that unencrypted data could be in a sector marked "bad" (if plaintext data was present before encryption was turned on). It's just not worth it. I always take my drives out and put a few holes on them on the drill press before disposing/donating computers.
> Any enterprise company should have a policy ensuring SSD destruction.
Counterpoint: enterprises shouldn't be incentivized to produce physical waste containing toxic components that are virtually only available from supply chains that abuse human rights and cause mass ecological devastation.
this idea that we should just shred perfectly working components because an asshole in a suit doesn't understand FDE (or just... wiping the drive) is bad for everybody in the log run.
that's one alternative. another is: the corporation is regulated against unnecessary waste, and they do their due diligence to ensure the drive is wiped before resale/donation.
trade secrets must take a backseat to human rights and toxic pollution from mines.
This feels to me like HP is trying to formalize a whole new business around second-hand hardware — not just selling off returns, but really building a controlled ecosystem for trade-ins, refurb, and resale. My guess is they want to keep that value in-house rather than letting third-party refurbishers or resellers capture it.
The Carfax reference stood out to me. It seems more like a feel-good marketing move than anything with real substance — just enough to trigger that association of “trusted, inspected, certified.” Not necessarily bad, but definitely more about perception than transparency.
Overall, I think they’re trying to rebrand “used hardware” into something safe, premium, and profitable — under the HP umbrella, of course.
I am surprised they are starting with Laptops. IMO, it makes more sense to start with servers. They are car-priced assets, and stand much more to gain from a multi-point inspection versus a laptop. They are also less likely to suffer from long term damage damage, such as water damage.
Slap another 5 years of hardware support on it and resell for 20% above the used market. Many small and medium size enterprises will happily take you up on that offer. For example, typical dell hardware support is 5-7 years, the systems are still usable for several years after hardware support ends.
There is difference of usage patterns between servers and laptops. Servers are most likely run nearly entire duration they are used or leased. Maybe not loaded, but is not massive difference.
On other hand laptops might spend significant time being turned off. Or their usage patterns might affect batteries. Like how deep they were drawn. In that sense getting more telemetry on laptops is much more useful.
HPE is very happy with off-lease server HW only being sold on ebay and appearing as sketchy as possible. The margins are really high on server HW - offering HW support on systems sold at 20% above the used market under their brand name would cannibalize their core business so it will never happen.
But in consumer space, margins are very low, and so there is money to be made reselling used HW at a premium, so they will try.
How many enterprises want to use two or three generation old second-hand leased servers?
As a homelabber I can see the sense, but as the IT guy at a small company it doesn't sound like a great deal.
If I were in a situation where I needed some physical machines, didn't care how old they are, and budget was an issue, I'd just go to eBay. Just get something cheap and own it outright without some corporation sticking their nose into the process.
I imagine the market segment willing to accept old and refurbed servers, yet requires some SLA from the vendor is not terribly large. Almost all businesses would be better served by owning last generation servers outright or simply using AWS.
Then again, we are talking about an industry that's happy paying tens of thousands of dollars in AWS bills for an application that can reasonably run on a single server from 2016. So there's no inherent logic at play.
Having access to fine-grained usage and health information for each device in their fleet can help IT managers decide which devices are sent to which users, as well as when maintenance is scheduled
Based only my own experience in large enterprises, the usual process is to EOL new laptops after about three years, regardless of condition. There's a whole sandwich of business and financial agreements built around this, so this 'fine-grained data' doesn't seem very useful (or necessary).
If HP really wanted to make an environmental impact, why not start an HP recycling/refurbishment program?
Right, but you have some laptops coming back from leaving workers. Laptops issued to interns. Windows laptops issued to people who come back and say they need Linux. Laptops loaned to people while their main laptop was being repaired. And of course the dreaded no-fault-found returns.
Of course you wouldn't want to be locked in to HP hardware only. And hopefully you've got an endpoint management tool which is gathering at least some of this data anyway...
"CarFax for used PCs" is a silly analogy; a used machine can quickly be assessed for its current condition, and a log of past repairs isn't really relevant, particularly when most repairs these days are just replacing the entire motherboard.
Old laptops are not particularly valuable because (a) they might be a lot slower than a new, base-model laptop at a quite affordable price, and (b) much of modern electronics has a design life of 3-5 years, and a used laptop will generally be at the end of that design life. Nobody really likes laptops which have random components fail and need replaced.
With that said, we happily use used laptops, some much older than 5 years. HP supplying a "Carfax" would have zero utility to us.
Yeah, with used vehicles there's a lot more at stake. Mainly: potential safety concerns and they can cost tens of thousands of dollars. Neither of those are true with used laptops, and in cases where it may be they're not putting used equipment into service. HP has invented a solution to a problem that doesn't exist.
> Indeed, this is the point. When that business is done with it you can buy it, know how well-used it is, and give it a second life
That is exactly what the dealers I referred to do.
The biggest thing HP seems to be adding here is a process for getting additional information that they control. Why should it need authorisation to read this information? The state of a piece of hardware should be openly and easily visible to its owner or possessor.
Carfax for Cars is also a bit of a joke. It is designed for people who don't know anything about cars and/or are too intimidated by the process to get a proper inspection done. So the analogy holds for laptops. This is for low-knowledge people who want some nebulous/vague reassurance that a particular laptop is still "good" even though used.
Other people noted this is a very bad privacy issue. Just thinking: since when laptop manufacturers encourage reuse instead of buying new? It would lower sales!
I belive user tracking is the real purpose of this tech. It would have the ability to track the user no matter what OS is installed. Windows does tracking, Google does tracking, all websites have tracking, and now they want a piece of the pie too. PCFax is just a disguise - an alterative purpose more acceptable to the public than what it really is.
And now, thinking ahead: what would be the next logical step for them? Ad popups directly from the firmware?
What exactly would this report reveal? Laptops that have some sort gremlin in them resulting in lots of repairs over time?
If I worked for an organization that deployed or sold large numbers of used PCs -- and that problem cropped up frequently enough to matter, I think my take away would be: "let's stop deploying/selling used HP laptops and switch to a more reliable brand," not "let's try to use this fancy reporting to identify them before they get deployed."
Just imagine for a moment what this would look like in reality...
"I was going to take your original offer of $220 for this here used HP laptop, but after looking at the high number of writes to the SSD on PCFax, I can't do better than $180."
What a bizarre initiative. CarFax was started in the 80's to combat odometer fraud. Cars need CarFax because they're expensive and have thousands of moving parts
I work in the refurb division of an e-waste recycling company. This comes off as somewhat disingenuous coming from HP, whose laptops constitute about 90% of the BIOS passworded systems we get. We can't do anything with a laptop that we can't adjust the boot order or disable secure boot on, and the value of completely disassembling, de-soldering, and flashing the BIOS chip of a laptop that would only go for ~$100 is dubious. (We've tried everything short of that.) This is particularly painful when I just today went though a lot of over 100 HP Elitebooks with 8th and 10th gen i5 CPUs. (That's plenty usable for most people.) I could sell these for $100-150 each (~$15,000 total, of which I would get 10% commission on), but since they're all BIOS locked, they're worth little more than scrap. Take the RAM and SSD out and move on.
> When buying a used car, dealerships and individual buyers can access each car’s particular CarFax report, detailing the vehicle’s usage and maintenance history. Armed with this information, dealerships can perform the necessary fixes or upgrades before re-selling the car.
Dealerships in no way use those reports for that reason, nor do they contain the information that would be necessary to do so. They inspect the car to determine its mechanical condition, and query manufacturer databases to determine if recall repairs are necessary. CarFax reports are a marketing tool to assuage concerns that used-car buyers have about inadvertently purchasing a lemon.
About 8y ago we were looking at a used Mini Cooper. Car Fax reported no major problems. I went to the bank to get a loan. They reported 2 minor and 1 major accident that the car had been in that were NOT reported by Car Fax. Once we knew where to look we were able to see evidence of the damage & repairs to the car.
I think that if lending institutions don't trust Car Fax then we probably shouldn't either.
I think the main problem with old laptops being discarded is one of software & OS release cadence more than hardware relatability.
My accountant has used the same 4 apps since the turn of the century. Yet the industry has created a situation where they’ve needed to buy 10 new computers to keep up, even though they still just use email, spreadsheets, web, and a word processor. They’d happily be in XP if it were still on offer.
The only meaningful productivity boost from the hardware side of things for the overwhelming majority of knowledge workers over the period was the introduction of SSDs and wireless network cards.
Modern OS vendors could easily create lightweight versions optimized for older hardware with reduced telemetry and simplified UI layers, extending usable lifespans by years without compromising core functionality.
100% of the companies I work(ed) with have either a "destroy laptop" or "destroy data storage media" policy. I know 0 companies reselling their used computers with storage media included.
IT insurance usually requires you dispose of storage media through an accredited company as well, which is usually why this is done. We wanted to donate old laptops to charity but our insurance forbids it.
HP has 0 incentive to give old laptops new life if they don't profit from it. People who buy used laptops are already doing so. Yes, there are somes risks but if the computer boots up, perhaps run a few performance tests, then it's good. A used laptop is $100 - $500, not $2000 - $10000 and it most likely is not sold multiple times because after teh second owner, it's likely already too old, too slow, and not supported (Microsoft). I was a seller of used laptops.
Another reason HP is irrelevant. They pour money into stupid ideas no one is interested in. I'm curious what HP would think about the Acer C740 I recently reformatted and reflashed so I could directly into Linux. Would they "restore" it to its EOL state, undoing that work I did? My money is on yes because corporations don't know shit about PC building or optimal settings.
HP is literally the company that will charge a laptop battery to 100% by default for a little bit more runtime on a random product test but exponentially less longevity. All the shitty HP office laptops at my last job would without fail have a bloated battery within 3 years, often taking the touchpad and other components with it.
This is the sort of thing that gets developed for benevolent reasons, and then deployed as an excuse to outlaw any third-party servicing as dishonest log manipulation.
Every time I've tried to sell and/or give away my previous laptop, I discovered that nobody wants anything more than a few years old. A 6yo Acer laptop, that isn't running the latest windows, is basically worthless even in the eyes of charities. And a used laptop running linux, regardless of age, seems to be unwanted by everyone.
The images contain date of the example report - 2023. Can we assume that the current HP laptops already gather all that information and store them, and the new "feature" is just a new way of extracting money from something they are already doing?
The images contain date of the example report - 2023. Can we assume that the current HP laptops already gather all that information and store them, and the new "feature" is just a new way of extracting money from something they are already doing
On topic / off topic: This has me thinking about the current state of user replaceable internals.
I wonder to what extent the structure of corporate laptop fleet management ( ie. Lease and return less the ssd because... security) dictated which components could and couldn't be soldered down, versus a happy coincidence of potential gains, as the ssd has the least to gain by being soldered? But even if it did, would the requirements of Big Inc. have prevented that?
And for those that do solder their storage, have there been ramifications in accessing this market? Do companies with strict policies on data loss risks have black lists for devices with soldered storage? I'm guessing it's hard to use apple as a comparison point here because it was never really welcome in corporate fleets.
> By embedding telemetry capabilities directly within the firmware, we ensure that device health and usage data is captured the moment it is collected. This data is stored securely on HP SSD drives, leveraging hardware-based security measures to protect against unauthorized access or manipulation.
What I see are more technological affordances for closed firmware behavior of the device, increasing complexity, and providing additional opportunity for, and cover for, secret surveillance, backdoors, and other malware.
The used laptop market is very healthy already, and sellers already make money doing their own n-point tests before selling. Some use turn-key diagnostics software packages that work with the state of the laptop as it is (and drive SMART data). It's worked fine, AFAIK.
I've personally bought and used ~40 used laptops, mostly from random sellers on eBay, and not knowing the laptop's dating history hasn't been a barrier. The only significant, rare problems have been dirt and strange odors, which presumably aren't sensed and recorded in this "telemetry".
> > What I see are more technological affordances for closed firmware behavior of the device, increasing complexity, and providing additional opportunity for, and cover for, secret surveillance, backdoors, and other malware.
All this surveillance just in case you want to have an easier time selling a laptop. I'd rather have this time spent building a better laptop that sells itself because it's a battery swap and a CPU re-paste away from feeling like new.
I think the reason is that, on laptops, the cosmetic has such a high correlation with what you can expect wrong with the device - people don't take their laptops in for "body work".
Also these devices in the second-hand market are probably 80+% < $1,000 and let's be real - getting a bad $400 computer is kinda whatever in the dramas of life. Just get another.
(I've sold about 5k things on ebay btw).
This is true for normal business and consumer laptops, but rugged machines (eg Panasonic Toughbooks) often go to the surplus market after living very hard lives. There is a thriving “refurbishment” industry putting lipstick on these pigs.
If you see a Toughbook on eBay that has been painted black, for example, that was done to hide the battle damage.
you’re not the enterprise they’re going after. buying a used fleet is going to be a different exercise in risk mitigation
>and drive SMART data
SMART used to be one of those "data is stored securely on X, leveraging hardware-based security measures to protect against unauthorized access or manipulation". Nowadays its trivial to wipe and is the basis of "refurbished new old stock" Amazon HDD SCAM where product turns out to be pulls from server farms with over 20K hours on them with wiped SMART showing zero hours no defects. Its faster to wipe smart than scan the drive, and more lucrative to sell as new old stock than admit its a server pull.
For people outside the US (maybe?), CarFax has no meaning, so the analogy is a bit confusing.
The whole thing make no sense. They plan to store the report on the SSD (but not just any SSD, an HP SSD), so that the telemetry is retained between operating system install. I'll give them points for doing on device data collection, but what if I replace the SSD? Maybe they don't plan on making that user replaceable, but that would work against what they are trying to do here.
Honestly if HP cared they would make the device more easily serviceable by the end users, and upgradable. Even that doesn't matter a great deal, beyond having companies slow down their upgrade cycle slightly, there's no real gain. Right now I'm looking at used laptops, but the local refurb place have apparently scraped all their laptops that are unable to run Windows 11. Without the software companies putting in a bigger effort to keep old devices viable for longer I don't really see who's suppose to buy all these old HP computers.
This reminds me of an old story about Hertz and Ford Mustangs.
Goes something like this:
- Ford makes the original Mustang (which everyone loves)
- Ford makes different versions of the Mustang (some more powerful than others e.g. the Shelby)
- Hertz had a special custom Shelby model made for them
- You could rent that special model from Hertz
- So, people would buy a lower end Mustang, rent the higher end Mustang from Hertz, swap out the engines and return the Hertz Mustang
There is actually a lot of extra detail in this article if people are interested: https://www.motorcities.org/story-of-the-week/2024/rememberi...
This is actually what HP is doing.
They are taking a sku without telemetry, and quietly swapping in a machine with extensive telemetry and hardware locks that they can drive after you have taken possession.
I have also heard of people swapping parts with rental cars, including tires. And apparently some rental agencies will mark their tires to make sure you didn’t swap them.
the min-wage guy at uhaul isn't checking the inner dual all that carefully.
6x 22.5 tires cost a lot more than 3x of their biggest truck rental.
Rental companies are starting to run their vehicles through booths that scan the vehicle from every angle for automated inspections
https://www.uveye.com/rentals/
The current urban legend is swapping a junkyard 5.3 for the Chevrolet 6.0 in a U-Haul truck, rent one and switch them and return it.
I guess the joke is on you if you rent one and it already has a swapped engine.
Sometimes the early bird gets the worm, sometimes the second mouse gets the cheese.
"People" could really use a number attached to it.
https://www.hagerty.com/media/automotive-history/legends-of-...
So... 0.5? Thanks. :)
Didn't want to party-poop, but yeah, it's mostly mythical.
This is likely just something that corporate users would care about. Companies often lease PCs from IT service providers rather than own and maintain their own hardware. The owner of the hardware now has a metric they can point to for how "usable" a machine is after the initial lease. As a customer, I may not want to rent laptops that have been through who knows what sort of wear and tear no matter how cheap but if the owner can now show me actual data saying how used the laptop is, I may feel more comfortable paying less for used. It's like the odometer on a car, I'd never buy a used car that didn't have an odometer (even if such a thing existed). But with an odometer, I can get a general idea of how much use a car has had despite the age. Only a year old with 30k miles? Hell no. Three years old with only 10k? That car might as well be new.
I'm assuming since it writes to a vendor-reserved sector, replacing it would make the whole thing moot. The rental company wants to retain that data because it makes a used PC more valuable. Since the corporate renter doesn't own the PC, they would only be allowed to wipe the SSD (excluding this section), not remove and destroy it.
"Odometer" for HDDs and SSDs are already provided in SMART data that is more or less standatized and accessible using many tools. The data is not resettable by mortals similarly to car odometers.
Everyone should test their hard drives within the return window after purchase for these kinds of errors as it is a warning and failure condition, but there is no reason to buy a caution or warning status drive. The metrics are standardized somewhat but the interpretations of the values are vendor and model specific. I’ve used CrystalDiskInfo in the past but don’t know what the state of the art in this is at the moment and this isn’t a recommendation per se. I just have backed up a lot of hard drives, and when I have block or file level access issues, there are usually SMART errors, but not always on the vendor provided tools. Sometimes the third party tools are wrong, but I had a pretty large sample size of computers that had unknown problems which is not likely representative of most computers or computer users, but the tools were helpful as far as knowing more about the hardware to inform the user, so I can see where HP is coming from. I suspect some kind of gaming of the metrics but can’t prove this. It’s not a horrible idea, but I don’t love more failure modes. I’ve seen BitLocker issues from updating firmware without turning it off first, which is cautioned against as a possibility, but if this helps with those kinds of issues too, it will be sold as a feature for the corporate market to help with fleet management.
> but what if I replace the SSD?
Also many companies want to destroy the SSD on selling old laptops. Paranoid about security and thinking they need Pentagon level security theatre. But companies should delete potential liabilities.
But I'd never allow an enterprise SSD to be reformatted. If some old data leaked from the business and the business was taken to court, the prosecution might argue it leaked from SSDs and you couldn't prove otherwise.
Cars in the US are cheaper so in some countries they are shipped, fixed, and sold. People pay to see the CarFax to see how bad the accident was. There's a big market for it outside the U.S. surprisingly. U.S. cars can be easily identified by their yellow indicator lights. You'll see the term "clean CarFax" a lot in online dealerships outside the U.S. Although I feel for PCs it's a bit silly
>but what if I replace the SSD?
Im guessing the brilliant part of this strategy was copied from Apple - laptop wont work with non paired SSD. No SSD you buy new HP laptop.
I heard about Carfax in a comedy skit, but that was the only case I saw this word in many years.
Is there any value added here?
Carfax exists because of the possibility of buying a car with extensive damage that looks cosmetically ok. Additionally, the service records they collect indicate that a vehicle has undergone regular maintenance.
Computers, for the most part, aren't getting in major accidents and reentering the stream of commerce. Additionally, there's no significant mechanical maintenance required, except for blowing compressed air if the environment is dirty.
This, I think, is the part that confuses me. While there is a level of uncertainty, when buying used computer, the cost tends to magnitude smaller than a new car and even for fancish lappies likely sub 1k ( maybe that changes when we start accounting for gaming laptops, but those are unlikely to be corporate fleet, which I assume is the consideration here? ).
I initially though HP found some new way to fleece data out of its users, but looking at what is proposed, I don't see anything that obviously bad so I am lost here too.
And this is all before we get to how difficult HP has gotten to repair. My last HP ( consumer grade after which I swore no personal HP machines ever ) did everything short of soldering hdd to the board ( ridiculous placement, non-standard screws ).
The idea has some, limited merit, but I just don't see it being useful.
There’s plenty of models of business notebooks and thin and lights, many of which are preferred by a certain customer segment over cheaper options due to higher grade design, materials, etc that can breach the $1k mark in the used market if sold within the first year or two of manufacture.
I don’t know how much value it’d add, though it would be pretty interesting to see exactly how much of a Ship of Theseus that used laptop you just bought is, if this system tracks part serials and such. Could also be useful for sniffing out use of substandard/knockoff third party parts, which could be of legitimate interest to buyers (I wouldn’t necessarily trust a third party power handling module from AliExpress for example).
smaller consequences too.
There are lots of ways a dodgy car could kill me or someone else.
I was wondering the other day about something like this for retro computing hardware, including game consoles.
You can buy a device that looks perfectly good, but has rusty parts, leaking capacitors, shoddy/counterfeit replacement parts, and who knows what else. And if it wasn’t previously opened (they seemingly always are), you don’t know what was done to it.
I don’t think you can really solve that through tech, it’s really more of a record keeping issue. Which actually seems to be mostly how carfax works?
I’ve thought about fixing up consoles and selling them (more for cost recovery and to free up space than for profit), but I wonder about how to share information about the work and the risks in a way that the purchaser is likely to understand and appreciate.
AFAIK, at least some repairs done by non-dealers are never reported to Carfax, making it prone to false negatives.
Maintenance too. There was about a decade that I took my car to the repair place within walking distance of home for regular maintenance (oil, brakes, shocks, tires, etc). I took it somewhere else after moving, and they asked if I really hadn't done any maintenance in the past 10 years.
The other purpose of a CarFax is to validate or attempt to validate that the mileage reported is accurate or not. Is there an equivalent of mileage for a CPU or motherboard?
BIOS on Panasonic Toughbooks reports total power-on hours. This is independent of the HDD/SSD’s SMART reported runtime.
You can view this as a normal user, but it can’t be reset by mortals.
People aren't forging SMART drive diagnostics. These are <$100 components anyway.
SMART stats are cleared on secondhand or "refurbished" drives quite frequently
e.g. https://news.ycombinator.com/item?id=42864788
Seems like a horrible invasion of privacy for very little benefit.
The logs are stored on an SSD , which is literally the only part you need to replace when donating or reselling a PC. Any enterprise company should have a policy ensuring SSD destruction.
Most laptops will last a long time assuming they aren't abused. I guess the SSD wears out, but that's a 50$ part.
> Any enterprise company should have a policy ensuring SSD destruction.
Why? Drives should already be encrypted, at which point you just lose the key and it's unrecoverable.
They should, but then it only takes one misconfigured, or misbehaving machine to cause a data breach that, depending on the industry, could be a big headache and cost. At scale, with many employees, the chances of this happening approach 1.
Physical destruction is cheap and effective insurance against this.
Yeah my employer policy is no hard drives are ever left in retired equipment. They get pulled and crushed.
It's just easier.
You don't have to worry about IT forgetting to wipe a drive or something.
You have a policy that says we take the SSD out before sending it to the reseller/donating.
A used SSD is a bad idea anyway, everything else on a laptop can more or less work indefinitely
From reliability perspective an used SSD is not a bad idea. Average SSD that has seen typical business / home use will become obsolete long before it reaches its TBW rating, and many drives last way beyond that. Keyboard, screen or even the motherboard are more likely to give up before the SSD.
At least in my experience SSDs are literally the only part that tends to fail.
Using a used SSD( Refurbished assuming direct from manufacturer might be ok) feels like digging though someone else's stuff.
Maybe they cleaned it, maybe they left business docs or other sensitive data. The risk to reward is too great.
Having IT roll up into me, I've seen way, way more batteries fail than SSDs. Screen failure [and hinge failure] is far more common than SSDs failing. Keyboard/touchpads fail more often. Charging bricks/cables also fail somewhat more than SSDs. Beyond that, in the low end of the laptop re-use market, "just blindly always buy and install a new SSD" breaks the economics pretty badly.
Look at the SMART stats, format the drive, and install your OS. For people shopping laptops under $250, that seems like a better path than a new SSD.
What's the risk to you the user if it wasn't properly cleaned? Plug it in and format as the first thing you do if it worries you.
I wouldn't: https://www.bitdefender.com/en-us/blog/hotforsecurity/resear...
I don't trust HP firmware to wake the laptop from sleep in one attempt, let alone trust them to securely store their telemetry (that they won't let me see directly).
The problem was that
> BitLocker essentially trusts self-encrypted drives to do their job, and defaults to the drive”s hardware encryption.
But that was 2018; the result was that in 2019 https://support.microsoft.com/en-us/topic/september-24-2019-... happened:
> Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.
And in any event, I would tend to argue that the matter of reselling is secondary: The problem is that the affected disks are effectively unencrypted, and that's a problem regardless. If your disks are properly encrypted, then reselling them should be safe.
This is incorrect and not how Bitlocker operates at all. Bitlocker doesn't operate with self encrypted drives, instead the encryption happens on the OS level.
What's incorrect? The part of the official MS announcement that it's done in software now, or that it used to trust drive-level hardware encryption (as shown in the above vulnerability)?
Why take the risk? If you remove the drive when decommissioning a machine you now have 100% certainty that there is no possible data leak and it costs nothing but two minutes of labor.
If you care at all about data leaks, there's literally no reason to not destroy decomissioned frives and a lot of very real potential risks in not destroying it.
It may be "nicer" to a hypothetical second user, but you don't care about them and new drives are dirt cheap anyway.
There's a possibility that unencrypted data could be in a sector marked "bad" (if plaintext data was present before encryption was turned on). It's just not worth it. I always take my drives out and put a few holes on them on the drill press before disposing/donating computers.
> Any enterprise company should have a policy ensuring SSD destruction.
Counterpoint: enterprises shouldn't be incentivized to produce physical waste containing toxic components that are virtually only available from supply chains that abuse human rights and cause mass ecological devastation.
this idea that we should just shred perfectly working components because an asshole in a suit doesn't understand FDE (or just... wiping the drive) is bad for everybody in the log run.
Ok.
The alternative is corporations just trash the entire laptop. With the rise of soldered ssds( Apple for one) this is possible.
Maybe argue for better recycling ?
It only takes one half awake IT guy to forget to wipe a few drives to spook companies.
In my world if MegaCorp offloads used laptops to a non profit, and the non profit just has to throw in a cheap SSD, that's a win.
that's one alternative. another is: the corporation is regulated against unnecessary waste, and they do their due diligence to ensure the drive is wiped before resale/donation.
trade secrets must take a backseat to human rights and toxic pollution from mines.
>trade secrets must take a backseat to human rights and toxic pollution from mines.
Or personal medical information, which in some cases( STI status, etc) can ruin thousands of lives if leaked.
The solution is recycling the destroyed drives, not banning secure data destruction.
This feels to me like HP is trying to formalize a whole new business around second-hand hardware — not just selling off returns, but really building a controlled ecosystem for trade-ins, refurb, and resale. My guess is they want to keep that value in-house rather than letting third-party refurbishers or resellers capture it.
The Carfax reference stood out to me. It seems more like a feel-good marketing move than anything with real substance — just enough to trigger that association of “trusted, inspected, certified.” Not necessarily bad, but definitely more about perception than transparency.
Overall, I think they’re trying to rebrand “used hardware” into something safe, premium, and profitable — under the HP umbrella, of course.
Certified Pre-Owned programs.
I am surprised they are starting with Laptops. IMO, it makes more sense to start with servers. They are car-priced assets, and stand much more to gain from a multi-point inspection versus a laptop. They are also less likely to suffer from long term damage damage, such as water damage.
Slap another 5 years of hardware support on it and resell for 20% above the used market. Many small and medium size enterprises will happily take you up on that offer. For example, typical dell hardware support is 5-7 years, the systems are still usable for several years after hardware support ends.
There is difference of usage patterns between servers and laptops. Servers are most likely run nearly entire duration they are used or leased. Maybe not loaded, but is not massive difference.
On other hand laptops might spend significant time being turned off. Or their usage patterns might affect batteries. Like how deep they were drawn. In that sense getting more telemetry on laptops is much more useful.
HPE is very happy with off-lease server HW only being sold on ebay and appearing as sketchy as possible. The margins are really high on server HW - offering HW support on systems sold at 20% above the used market under their brand name would cannibalize their core business so it will never happen.
But in consumer space, margins are very low, and so there is money to be made reselling used HW at a premium, so they will try.
How many enterprises want to use two or three generation old second-hand leased servers?
As a homelabber I can see the sense, but as the IT guy at a small company it doesn't sound like a great deal.
If I were in a situation where I needed some physical machines, didn't care how old they are, and budget was an issue, I'd just go to eBay. Just get something cheap and own it outright without some corporation sticking their nose into the process.
I imagine the market segment willing to accept old and refurbed servers, yet requires some SLA from the vendor is not terribly large. Almost all businesses would be better served by owning last generation servers outright or simply using AWS.
Then again, we are talking about an industry that's happy paying tens of thousands of dollars in AWS bills for an application that can reasonably run on a single server from 2016. So there's no inherent logic at play.
Having access to fine-grained usage and health information for each device in their fleet can help IT managers decide which devices are sent to which users, as well as when maintenance is scheduled
Based only my own experience in large enterprises, the usual process is to EOL new laptops after about three years, regardless of condition. There's a whole sandwich of business and financial agreements built around this, so this 'fine-grained data' doesn't seem very useful (or necessary).
If HP really wanted to make an environmental impact, why not start an HP recycling/refurbishment program?
Right, but you have some laptops coming back from leaving workers. Laptops issued to interns. Windows laptops issued to people who come back and say they need Linux. Laptops loaned to people while their main laptop was being repaired. And of course the dreaded no-fault-found returns.
Of course you wouldn't want to be locked in to HP hardware only. And hopefully you've got an endpoint management tool which is gathering at least some of this data anyway...
"CarFax for used PCs" is a silly analogy; a used machine can quickly be assessed for its current condition, and a log of past repairs isn't really relevant, particularly when most repairs these days are just replacing the entire motherboard.
Old laptops are not particularly valuable because (a) they might be a lot slower than a new, base-model laptop at a quite affordable price, and (b) much of modern electronics has a design life of 3-5 years, and a used laptop will generally be at the end of that design life. Nobody really likes laptops which have random components fail and need replaced.
With that said, we happily use used laptops, some much older than 5 years. HP supplying a "Carfax" would have zero utility to us.
This is pretty clearly just an attempt to look like they are doing something about a perceived problem without actually doing something about it.
Yeah, with used vehicles there's a lot more at stake. Mainly: potential safety concerns and they can cost tens of thousands of dollars. Neither of those are true with used laptops, and in cases where it may be they're not putting used equipment into service. HP has invented a solution to a problem that doesn't exist.
I have used laptops for much longer too, and for a lot of tasks performance does not matter.
Desktops tend to be better when older though.
There are already dealer who sell second hand machines in reasonably dependable condition.
HP seems to be aiming to control (note the bits about preventing unauthorised access) rather than facilitating the market.
Whilst you may have used them, this is referring to an enterprise setting where devices are usually replaced at the end of the warranty.
Indeed, this is the point. When that business is done with it you can buy it, know how well-used it is, and give it a second life.
Knowing how well-used a laptop is barely matters. And I still need to examine and test it.
> Indeed, this is the point. When that business is done with it you can buy it, know how well-used it is, and give it a second life
That is exactly what the dealers I referred to do.
The biggest thing HP seems to be adding here is a process for getting additional information that they control. Why should it need authorisation to read this information? The state of a piece of hardware should be openly and easily visible to its owner or possessor.
Carfax for Cars is also a bit of a joke. It is designed for people who don't know anything about cars and/or are too intimidated by the process to get a proper inspection done. So the analogy holds for laptops. This is for low-knowledge people who want some nebulous/vague reassurance that a particular laptop is still "good" even though used.
Other people noted this is a very bad privacy issue. Just thinking: since when laptop manufacturers encourage reuse instead of buying new? It would lower sales!
I belive user tracking is the real purpose of this tech. It would have the ability to track the user no matter what OS is installed. Windows does tracking, Google does tracking, all websites have tracking, and now they want a piece of the pie too. PCFax is just a disguise - an alterative purpose more acceptable to the public than what it really is.
And now, thinking ahead: what would be the next logical step for them? Ad popups directly from the firmware?
>And now, thinking ahead: what would be the next logical step for them? Ad popups directly from the firmware?
Reports sent to 'someone', if you look up abortion clinics?
Careful with that axe, Eugene/ Eugenia..
What exactly would this report reveal? Laptops that have some sort gremlin in them resulting in lots of repairs over time?
If I worked for an organization that deployed or sold large numbers of used PCs -- and that problem cropped up frequently enough to matter, I think my take away would be: "let's stop deploying/selling used HP laptops and switch to a more reliable brand," not "let's try to use this fancy reporting to identify them before they get deployed."
Just imagine for a moment what this would look like in reality...
"I was going to take your original offer of $220 for this here used HP laptop, but after looking at the high number of writes to the SSD on PCFax, I can't do better than $180."
What a bizarre initiative. CarFax was started in the 80's to combat odometer fraud. Cars need CarFax because they're expensive and have thousands of moving parts
I work in the refurb division of an e-waste recycling company. This comes off as somewhat disingenuous coming from HP, whose laptops constitute about 90% of the BIOS passworded systems we get. We can't do anything with a laptop that we can't adjust the boot order or disable secure boot on, and the value of completely disassembling, de-soldering, and flashing the BIOS chip of a laptop that would only go for ~$100 is dubious. (We've tried everything short of that.) This is particularly painful when I just today went though a lot of over 100 HP Elitebooks with 8th and 10th gen i5 CPUs. (That's plenty usable for most people.) I could sell these for $100-150 each (~$15,000 total, of which I would get 10% commission on), but since they're all BIOS locked, they're worth little more than scrap. Take the RAM and SSD out and move on.
> When buying a used car, dealerships and individual buyers can access each car’s particular CarFax report, detailing the vehicle’s usage and maintenance history. Armed with this information, dealerships can perform the necessary fixes or upgrades before re-selling the car.
Dealerships in no way use those reports for that reason, nor do they contain the information that would be necessary to do so. They inspect the car to determine its mechanical condition, and query manufacturer databases to determine if recall repairs are necessary. CarFax reports are a marketing tool to assuage concerns that used-car buyers have about inadvertently purchasing a lemon.
About 8y ago we were looking at a used Mini Cooper. Car Fax reported no major problems. I went to the bank to get a loan. They reported 2 minor and 1 major accident that the car had been in that were NOT reported by Car Fax. Once we knew where to look we were able to see evidence of the damage & repairs to the car.
I think that if lending institutions don't trust Car Fax then we probably shouldn't either.
I think the main problem with old laptops being discarded is one of software & OS release cadence more than hardware relatability.
My accountant has used the same 4 apps since the turn of the century. Yet the industry has created a situation where they’ve needed to buy 10 new computers to keep up, even though they still just use email, spreadsheets, web, and a word processor. They’d happily be in XP if it were still on offer.
The only meaningful productivity boost from the hardware side of things for the overwhelming majority of knowledge workers over the period was the introduction of SSDs and wireless network cards.
Modern OS vendors could easily create lightweight versions optimized for older hardware with reduced telemetry and simplified UI layers, extending usable lifespans by years without compromising core functionality.
Nonsense. My last two desktop PCs lasted me 15 years. If they need a new laptop annually, they are the problem.
I'll trust that this is genuine when HP lets me connect 3rd party ink cartridges to their printers.
100% of the companies I work(ed) with have either a "destroy laptop" or "destroy data storage media" policy. I know 0 companies reselling their used computers with storage media included.
IT insurance usually requires you dispose of storage media through an accredited company as well, which is usually why this is done. We wanted to donate old laptops to charity but our insurance forbids it.
HP has 0 incentive to give old laptops new life if they don't profit from it. People who buy used laptops are already doing so. Yes, there are somes risks but if the computer boots up, perhaps run a few performance tests, then it's good. A used laptop is $100 - $500, not $2000 - $10000 and it most likely is not sold multiple times because after teh second owner, it's likely already too old, too slow, and not supported (Microsoft). I was a seller of used laptops.
Another reason HP is irrelevant. They pour money into stupid ideas no one is interested in. I'm curious what HP would think about the Acer C740 I recently reformatted and reflashed so I could directly into Linux. Would they "restore" it to its EOL state, undoing that work I did? My money is on yes because corporations don't know shit about PC building or optimal settings.
Wow HP is the last company I would expect to get this right.
HP laptops don't last 3 years these days. You're lucky to get past 1.
They haven't made anything good for years now.
HP is circling the drain! if they have to resort to rentseeking crap like this then they are already out of high ROI revenue streams.
HP is literally the company that will charge a laptop battery to 100% by default for a little bit more runtime on a random product test but exponentially less longevity. All the shitty HP office laptops at my last job would without fail have a bloated battery within 3 years, often taking the touchpad and other components with it.
Solution in search of a problem...
This is the sort of thing that gets developed for benevolent reasons, and then deployed as an excuse to outlaw any third-party servicing as dishonest log manipulation.
Every time I've tried to sell and/or give away my previous laptop, I discovered that nobody wants anything more than a few years old. A 6yo Acer laptop, that isn't running the latest windows, is basically worthless even in the eyes of charities. And a used laptop running linux, regardless of age, seems to be unwanted by everyone.
they sure know how to complicate simple stuff
The images contain date of the example report - 2023. Can we assume that the current HP laptops already gather all that information and store them, and the new "feature" is just a new way of extracting money from something they are already doing?
The images contain date of the example report - 2023. Can we assume that the current HP laptops already gather all that information and store them, and the new "feature" is just a new way of extracting money from something they are already doing
Isn't that caller eBay?