Is it safe to use a second hand laptop after reinstalling ubuntu on it

Short Answer

YES

Long Answer

YES, but...

A laptop with Ubuntu 14.04 installed by the previous owner is on average safer than one with Windows installed on it. Windows was well known for having "worms", "viruses" and "Trojans". These days Windows is better but the historical events are still at the back of most peoples' minds. This history naturally affects the thinking of many (but not all) new users to Linux / Ubuntu as well. I think it's important to point out how less likely viruses are.

There are some Linux binary programs that can capture your keystrokes. A previous owner could have such a program installed and another program to transmit your recorded keystrokes to an Internet address. The fact you erased the hard drive and installed Ubuntu 16.04 should have eradicated it.

Thinks to remember:

  • As I mentioned in comments below your question, unless an ex-spouse or the NSA sold you the used laptop you shouldn't worry all that much.
  • If an owner setup the machine to spy on you and you purchased the machine then that means the machine is your property. Any data collected by the previous owner makes them guilty of willful trespass. Also the police could consider charging them with the intent to commit fraud, blackmail or theft (via on-line banking). Most people would not take this risk.

General points about keyloggers:

  • Employers can legally use them to spy on employees because the employers own the computers
  • High school principals have been known to spy on students in bedrooms by remotely activating webcams to the school's laptop the student is using.
  • Libraries who charge say $12 for a yearly library card probably could not use keyloggers but recently my city library made library cards free so I guess they probably could legally do it.
  • If you live in a shared home or other people have access to your computer at work you may want to install your own keylogger on your own computer to see if others are accessing it when you are away.

In the comment section of your question, myself and others were guilty of hi-jacking your question with talk about BIOS and ROM chip reprogramming. That is extremely unlikely unless you are the owner of a bitcoin exchange that the US Federal Reserve or US Treasury was keen to eradicate. However that would also mean you wouldn't be buying a used computer in the first place.


In a comment @JörgWMittag writes that you should always ask "What is your threat model?" In other words: Who is the opponent and what info do you want to keep from them? What is it worth to them?

If you are afraid of a Government-level opponent, and they think you are worth the effort, nothing is safe. You can do whatever you want, it will not be safe.

However, if you are just an average person worrying about other average people, reinstalling the OS should be more than enough.

One worry is that even you make the software safe, the hardware or firmware might be compromised. However, this would be expensive for the attacker and therefore highly improbable.

Do you know the seller? If they are just some random person on eBay, they are not going to care enough about you to do anything.

You might worry a bit if you know the seller AND they have a grudge against you AND they are good with computer hardware.

If you have more specific questions they should probably go on Security SE.


Pretty much yes, but…

Unfortunately, unsupervised direct physical access to a computer pretty much voids all security since, theoretically, an attacker with physical access can do anything they want with the machine including tampering with it to compromise all software running on it in the future. This is very hard to to detect. However, it's similarly hard to pull off in the first place and thus takes a very dedicated attacker. Even for those it would be far simpler to try other attack vectors first.

Conclusion: You're safe unless you somehow attracted the attention of a very dedicated and resourceful attacker.