Good points. Some thoughts.
A big part of this series was really a nudge to vendors like MikroTik to do 2.5GbE, to Netgear to make cheaper 2.5GbE, and so forth. The difference between what it costs for Realtek switch chips that are tens of dollars and switches we saw in 2022 for $500 was crazy.
On a lifetime NBD replacement warranty, just remember that I said on a call with a well-known network vendor that offers a lifetime warranty something like "you offer the lifetime warranty because the AFR is like 0.5% or something small like that." The response I got was something along the lines of that being way too high of an estimate. It is nice as insurance, but if you are paying even a 10% premium for it, you are overpaying.
On the whole backdoor side, sure. It is possible. Just to give you an idea, since late Q2/ early Q3, we have been sitting switches on networks hoping to capture unsanctioned phone home traffic and not telling folks we had the project running because we did not want to tip off that it was happening. In the video, I said we sniffed for 7 days, but I see that as a lower bound for the switches to get reviewed. Really, we have had 40+ switches with >120 days each, so after over 5000 days of uptime. I am not sure any other review site has done anything similar. I thought it would be a remarkable piece if we found something, but we did not.
Realistically, these devices do not have the processing power to break encryption at 2.5Gbps per port or 30Gbps+ across the switch. If the switches did some sort of port mirroring to a WAN address, it would be computationally doable but very easy to spot.
If you do not want to use switches from some brands, that is great. That is why we have many brands represented. Remember, Netgear can buy the same Realtek switch chips and produce switches in volume, and if there is demand to do so at a price point, they can make similar switches for you.
Now, of course, there could be something in firmware that activates after a decade, and we will not see it. There can be some kind of push notification that can get through firewalls turning something on at a later date. Also, state actors have more resources and personnel than we do.
The goal is to get to everything we can.