For your case of USB to Ethernet data is required so the only other way beyond hardware diagnostics and dumping firmware is to do extensive background checks on everyone working for your ISP, FTE's, contractors, executives and all the board members. Doing that without their knowledge is very expensive not to mention does not cover all the people in the shipping logistics path. Consumer hardware rarely has a full chain of custody with attestation.

There may be some fringe cases where a USB hub may help mitigate some threats such as over-voltage. Realistically at some point one has to either trust the device or avoid technology all together. There are communities of people that avoid technology so for what it's worth you would not be alone if pursuing that route.

If the concerns are related to organizations or governments snooping Microsoft Windows Recall, MacOS mediaanalysisd have negated the need for hardware snooping like the good ol' days of KeyGhost. One tiny update could in theory upload AI summaries. Incremental updates tend to stay out of the news.

You also did not say what OS you are running on your laptop. If it is any later version of MS Windows, then you have infinitely more to worry about from Microsoft OS level spyware/malware/adware provided in a future Microsoft OS update than from a USB<->Ethernet dongle a random ISP tech. guy happened to have.

> that sophisticated could very easily get baked into brand new hardware at the fab without anybody knowing.

While possible, this is unlikely baked into /every/ device. It would more likely be a /special run/ at the request of Spy agency X and targeted for a specific shipment to a particular target. If for no other reason than the fab is going to want to be paid extra for the /special service/ provided.