@SuperDicq @lina >It is obviously better to run them in such a way that they can not access anything
But how do you know the proprietary malware doesn't have access? Manufacturers love backdooring their proprietary software (backdooring hardware is less popular as that is manufacturing physical evidence).

>this firmware is backed into the device on a read-only chip.
Software in usb keyboards is now often stored in r/w EEPROM within a microprocessor, but in almost all cases manufacturers usually never offer an update - thus it's equivalent to a circuit and the question is whether there's a malicious circuit.

The user could solder some wires up and replace the software (just like how the user could start re-wiring the keyboard), but the user may not have any interest in doing so, if the keyboard works as a keyboard, but even then, there isn't digital handcuffs preventing the user from replacing the software either - thus the users can in fact do so if they want to (there is no proprietary license forbidding reverse engineering and that level of hardware reverse engineering isn't forbiddingly hard).

There are also old keyboards available that use ROM and some PS/2 keyboards that just use circuits to generate the PS/2 signals from the button presses - but the functional result is still the same.