If a manufacturer of ANY desktop or laptop hardware included a hidden auto-update function in a Linux driver or firmware, they would be quickly caught by someone using Wireshark. That was how now-common browser spyware was discovered when Chrome first launched with it. Once that happened, the maunfacturer would face decreased trust, rather like that of many users who will never install Chrome. Other users would block the server in the firewall, and some ultra-high security users airgap sensitive machines from all networks.

In all honesty, I suspect Wireshark and similar programs are the main reason we are not seeing concealed telemetry and even adware/spyware in drivers, firmware, and other places. As for what getting caught does to reputation, look what happened to Lenovo when ordinary Windows users caught them using hooks into Windows buried in their UEFI to reinstall all their spyware and crap when someone did a clean install of Windows. Linux was immune, but Lenovo's reputation was not.

I disagree that the decrease in trust and reputation would be significant.

Manufacturers get caught all the time doing such with their Windows drivers and proprietary software.
Acer put a backdoor in all their computers.
Lenovo did something similar, multiple times.
Mediatek "forgot" to disable remote administration in production builds of Android phone firmware.
Latest brouhaha is around a Chinese manufacturer of IP cameras which have P2P that can't be disabled except by modifying and re-flashing the firmware.

As far as I can see, people still buy Acer, Lenovo and Mediatek devices as well as Chinese IP cameras. And I have no reason to believe that it would be any different on Linux. Ask in any Linux forum, "Which high-end laptop should I buy?" and the answer is usually Lenovo.

Also, the detection in Wireshark was only possible because the manufacturers made no attempt to hide it. It has been demonstrated in Intel ME malware that undetectable exfiltration of data was possible through packet jitter (infiltration is of course possible in the same way).

Surely fewer people buy that shit than otherwise would be the case. Example: I doubt that any Chinese dissidents operating outside China would dare to install networked cameras made inside China no matter what was publicly known about them. This shit surely costs sales. Hell, Lenovo's decision to create UEFI hooks to reinstall Windows malware meant they were aware they had problems, someone there must be stupid or very, very malicious.

About the "Internet of things," where privacy counts ALL networked devices other than the computers and routers used to intentional communication are rejected or kept offline. Look at the community resistance to "smart meters" that can allow cops, marketers, and burglars to work out by electrical consumption when people are not home.

Would Nvidia really want to risk even 5% of gamers deciding that the machines used for gaming could not be trusted for sending email and therefore must be used for no other purpose? As for the link you cited, packet jitter is only useful to an attacker who can see your traffic and is allowed to read some data but not all data(like your ISP). if a Wireshark user simply treats ALL packets sent to Nvidia as presumed malicious, a packet jitter attack is useless for hiding. Nvidia would have to have a constantly shifting set of receiving servers, and that would require hooks in the OS to keep up with them. Too much trouble.

Luke
I maintain that the drop in reputation/sales is not significant. Asking which hardware to buy rarely brings up the backdoor topic, so it is not an important factor.

The "community resistance" you cited is artificially inflated by media. In Germany, we had our biggest publication "Bild" campaign against Google Street View and they got lots people to request pixellation of their homes. When Bing did the same later, there was no media campaign and almost nobody cared.

Also you can target users by location and IP range through ad networks quite easily to piggyback your covert communications channel on ad traffic.

Another excellent reason to block all ad networks all the time, with absolutely no whitelist for anyone. Ad networks have been proven malicious again and again. Right now an estimated 25% of users block ads, a figure that is sure to rise. With that rise will come decreasing usability of piggybacking on ad networks. Unfortunately, this is one more reason whitelisting even one site puts ALL your data and ALL your privacy at risk.

Community resistance does exist, and those the government most wants to spy on will be the first to reject the "Internet of Things." I know people in person who have refused smart meters. The same people that know to meet with cell phone batteries removed also will know to keep unnecessary networks shit OUT of their homes. That will be (hopefully) many political dissident houses, plus the homes of most of the drug dealers, nearly all of the terrorists, etc. This shit will be most useful for spying on the general public and useless against any kind of serious opposition. Not even Daesh is dumb enough to use that kind of stuff in a sensitive location.

Luke
Blocking ad networks will mean that you are going dark on a lot of Internet content today, and probably even more in the future. You may be willing to put up with that. But unless a better business model is found for sites that are currently ad-supported, I think the war between tools that block ads and those that block visitors using ad blockers will continue for some time.

How about ads served through regular CDNs on https connections? This will put an end to network side blocking unless your proxy MITMs all SSL connections. And every single ad which slips through is a potential targeted attack.

The community resistance exists, I don't dispute that. But the size of the actual resisting community versus those who are merely instigated by media can be seen in the Google/Bing story.

There is no website and no content anywhere on Earth I would put up with ads and trackers to access. Most of what I care about is amateur-produced and can be posted to Archive.org as easily as to Youtube.com for instance.

I am not on and don't want anything to do with Facebook, Google, Bing, etc. Over half of all monetized content is ALREADY dark on my machines and I am perfectly OK with that. BTW, just one instance of 3ed party content with code/tracking ability getting past my security will cause the offending site to be blocked in /etc/hosts. It would not take much of that to force me to replace all hardware, set up from scratch with new encryption keys and a new OS built locally from source. This expensie and hassle would force the nuisance of airgapping the video production machines from all networks, and limiting networked machines to whitelisted URL's only, with all other packets and all other connections blocked. No site even suspected of being ad-supported would make that whitelist, not one.

Before I would use ad-supported email I would run my own email server for my own use. Anyone who works with me understands you cannot Tweet to me, Facebook me, or call me on a cellphone. There will always be those of us who resist. Those whose resistance goes beyond computers need to also resist in cyberspace. Part of my job is promoting this resistance in heavy-duty anticapitalist communities that have already had people to go prison because of Facebook and Youtube.

My preference for the future of the Internet would be the replacement of the entire end-user cloud and all the social networks with peer-to-peer, distributed served equivalents like Diaspora, with all files move by an onion-routed, encrypted system modelled on Tor and Bitorrent, which do not play well together right now. Leeching could be discouraged by requiring that downloads equal uploads. With the phone companies shut down and the only network being direct peer to peer connections (as in Tunisia when the government tried to shut down the Internet), bandwidth would cost only time, not money as the hardware need only be obtained once. Without phone companies or central servers, there would be no need for paid anything but hardware. I would have no problem with seeing all paid games, paid movies, paid music, and paid reporting simply disappear, replaced entirely by their amateur-level, non-monetized equivalents.