I found the hard drive light discussion interesting -- in that you hadn't ever heard of it before. This kind of data exfiltration has been around for at least 20 years, since that's when I started working on similar things in college. The best is to use the processor or GPU (in the old days it was the FPU) to do an intensive calculation causing either its power consumption or the fan to ramp up and then monitoring the power changes to the system (which can be from another room since circuits are typically shared across many outlets). You cycle these calculations to pass ones and zeros. With signal processing, error detection/correction, and a lot of time, you can slowly get data out without anyone noticing, and without using the network, which is easily monitored.
Also, having a new computer with new software is difficult to trust since you don't know what was installed on it at the factory (factories get infected), or along the way from the factory to you (third parties intercepting the hardware and installing their own chips or software), and even if you write your code to run on it, you can't trust that the compiler you're using, unless you wrote it from scratch too, isn't inserting malicious code into your program. You're left with decompiling your program to check it for unexpected routines, which means that you have to trust your decompiling tool! The circle of trust, in these situations, is very small indeed.
All of this is very unlikely for the average user/hacker, but not out of the realm of possibility for nations.