Hacker News new | comments | show | ask | jobs | submit login
FBI director: Cover up your webcam (thehill.com)
332 points by grej on Sept 15, 2016 | hide | past | web | favorite | 289 comments

From all they ways I can be spied, the webcam is the one that concerns me the least.

At the end, all they will see is a bearded man staring to the front. May they be able to see me naked? Well, probably, but I honestly don't think that they will make a lot of money by selling my naked pictures... My wife tells me that I still look good, but I suspect that she is being nice to me.

What would scare more is that they manage to capture what is on my screen, or install a keylogger, or activate the microphones to hear my conversations, or that they access my hard disks and steal data, including my private keys.

Hey, but putting a sticker on your webcam is a way to show how 1337 your are!

I prefer not to have to bother removing stickers every time I want to do a Skype call.

You're displaying a common trope I see sometimes with security:

> "because this particular thing does affect me personally, it doesn't matter. And because it doesn't matter to me it doesn't matter at all"

Blackmailing people with pictures taken from webcams is not theoretical. It happens[0] and it's good advice to tape up your cam. It may not affect you personally, but it may affect your wife, daughter, or sister in a much more sinister way. Believe it or not this kind of thing can ruin someone's life.

[0] http://www.computerweekly.com/news/2240209018/US-teen-hacker...

I know someone whose camera and microphone were taken over. A window showed on her computer where the person watching her chatted with her and told her things that he only knew because he was watching her. It scared her to death and made her cry.

Beyond blackmail, it is probably close to the psychological equivalent of a stranger just suddenly appearing in your home watching you.

I think that every electronic camera and mic device should have a hard switch/button that physically disables both the camera and mic. Having to use tape or a cover does not keep you from being spied on; it only eliminates the visual spying. The attacker can still listen.

Smartphones represent a bigger security risk in that regard. Front facing rear facing, mic all ones personal data, pictures and so on.

Hardly. You put your phone on the desk and it's going to show the ceiling. In contrast to this, people do all kinds of weird things in front of laptops. I've even heard once of someone who allegedly masturbated (!) in front of a laptop. Of course, that must have been an extreme outlier ...

Remote code execution on a cell phone is thousands of times harder than a PC. If you have a RCE for the newest iOS software then there's people who are ready to pay you millions.

An up-to-date Nexus or iPhone is about the most secure thing you own.

Yes. They should have a switch.

This should definitely be a concern, but I feel like most people don't even realize that anything like that could happen. There is lots a news about webcams, baby monitors, etc. being hacked, but barely any warnings about making sure you keep your phone protected and secure, too.

Not trying to be flippant, but just pull the USB cable out. Just takes a second, even if it's plugged into the back of your computer (I do it all the time with my keyboard if I'm working on my laptop that day).

That doesn't work with cameras integrated in laptops.

That's...a really good point. Talk about a massive blind spot on my part :)

> "This particular thing doesn't matter because I don't need it. And because I don't need it, nobody needs it at all"

This is all that I hate about stackoverflow.

You don't know SO rage until you get a case of a small, inconsequential problem which is of vital importance to you. After heaps of searching someone else has posted the same issue on SO. Then reposted a while later with "Don't worry, fixed".

As always, releavant: https://xkcd.com/979/

Also the mandatory upvoted comment 'why are you using vb6'.

"You should just tell the client that you'll rewrite everything from scratch in Rust rather than making this two-line fix."

That's just a bot someone made. It scrapes SO, constructs a model of question text and generates new questions from the model. Then, after a random number of days it posts that "Don't worry, fixed" you've seen.

What would be the point of that?

What he's describing is something that also happened (with far greater, more rage-inducing frequency) on tech forums before SO existed.

I believe it is a joke.

Oops. Thanks. I had a fear I was just missing a joke, but I have seen bots used on forums for no immediately obvious/spammy reason and I've also seen people genuinely imagine strange motives for relatively explicable things.

This is probably one of the reasons jokes are very much discouraged on HN. They pollute the conversation and add confusion. I too didn't notice that it was meant to be a joke.

It's a joke. I thought it was obvious, I'd have laughed if someone else had made it and I didn't think it's polluting anything, not tucked away in this side-thread-ish.

I've been using React for my last few projects (not by choice) and have found this a lot. Maybe because its newer, maybe because it doesn't play nice with other front-end things. SO rage indeed.

Plus I don't buy the "Doesn't affect me"-angle. In general, people abusing vectors like this are dang smart (or know someone who knows someone who's smart. doesn't matter). There's a reason why my webcam isn't plugged in unless I explicitly use it.

What about recognizing keys, credit card details or important information in letters on the desk? Some simple image recognition for these, and a large dragnet-style attack with this seems quite lucrative from a minute or two of thought.

All the author did was say it wasn't a concern for them. Nowhere did they say it didn't matter.

> Hey, but putting a sticker on your webcam is a way to show how 1337 your are!

This was a little bit more.

He's clearly a man.

> He's clearly a man.

What is the point of this comment? Even if you had some way to know (EDIT: which you (https://news.ycombinator.com/item?id=12506075) point out is the case), why should it matter, especially since no-one else in this thread seems to have brought up gender?

Using “them” when you already clearly know the gender is bad style stemming from political-correctness zealots.

> all they will see is a bearded man staring to the front

I don't think he was saying that it's not important at all. His point was that there are plenty more security risks that deserve more attention.

In particular, he was calling attention to all the people that cover up their camera and proudly exclaim "Done! Safe at last", while oblivious to all the other hacks and malware that could already be infecting their computer.

Maybe it's just me, but I didn't take away that the commenter felt it is unimportant and he humourously explained why. He also explained that the other things were of greater concern.

More importantly, there's the fact that the level of access required to take over a webcam implies the ability to do all sorts of other things.

What I took away was that if his system was compromised, an open webcam wouldn't likely be the chosen vector for ruining his life.

Completely this.

As someone who was profiled and eventually experienced an attempted-blackmailed by a company in India (employer details gained among other things) - everything seems inconsequential ("I've done nothing wrong"), until it is used, abused (and lies added to) to threaten you.

It doesn't matter whether things are true or not. What matters is, when someone gains details about you, the story and lies they can spin. The cost, distress, and difficulty in trying to resolve and take control of the story can be incredible.

Your personal details should remain just that.

Don't be complacent.

> experienced an attempted-blackmailed by a company in India

Is this a well-known thing? I haven't heard of it before. Is there some sort of common pattern that such attacks follow? (E.g. most phishing attacks seem to be categorizable, following a number of set patterns, because the people who do them basically try to run the same attack against a lot of people at once to get one or two victims. Is this similar, or is it a matter of individual targeting?)

Would you mind sharing any more details about the attempted blackmail?

Nice try, blackmailer.

It's not just blackmail that I worry about.

A hypothetical, ruthless hacker manages to install malware on a person's computer. Hell they could target certain zip codes. All the information is on the Internet. Hell, they could get a picture of your home. (By the way, Google will blure out you home, if you ask. It tends to reappear, although they claim its permanent. If your house has been sold recently, a thief/criminal has easy access to interior layout through Zillow, and the like.)

They watch you through your cams. A lot can be deduced with that information--valuable information that could be sold.

Maybe I've watched too many movies, or crime shows, but I just picture certain questions being asked, "Does the home look like its worth robbing?" "Are there hostages we could take?" "What times do they leave, we need to install our cams because they might find our malware?" "Do they have a safe, or do they seem like they have money/valuables in the house, bedroom?" "Are they doing anything illegial themselfs?" They could develop psychological profiles for people?

I hate to think like this, but certain people think nothing of doing some horrid crimes. A hacker overseas gains some valuable information, and makes a phone call to the Triads, or Russian mob? Your life becomes a statistic.

It sounds far fetched, but just what if? (And am I going to cover my cams? No, because I don't have a life, and I'm poor.)

this happens a lot through low tech means. they'll just case a house and note the owners' movements until they recognize a pattern.

the only real solution to this is good insurance and good luck.

But that at least requires some human investment of time and movement. Someone has to case your house and sit there for however long it takes, risking discovery, boredom, opportunity cost, etc.

Wholesale information theft is another level. Someone in a different state or country has access not only to me, but potentially hundreds of people's details, without ever leaving their home. And then they can leverage a whole community that is doing the same. This is how "The Fappening" occurred. This sort of crowdsourced stalking would be impossible pre-internet.

Surely it's at least as much human effort to compromise a specific webcam, identify the house it's tied to, monitor it extensively, and then rob/assault the owners?

Obviously there are other reasons to worry about webcam access, but "they could spy on me to set up a robbery" is exceedingly low on my list since it just recreates a pattern that doesn't involve a computer.

I think it's more about the mass dissemination of that information. We've seen how easy it is to "Dox" someone without much information. One person might not be able to glean much, but what happens if 4Chan gets a hold of that data and has decided they don't like me?

Knowing your neighbors doesn't hurt, either. I like to think that if my neighbors noticed something untoward happening at my house, they would sound the alert.

This is all true, but wouldn't somebody who has the technical skills to pull this all of, be able to pull in a legal income far in excess of what burglary is likely to yield?

A lot of trojans are like off-the-shelf kits that anyone can grab. The technical skills amount to convincing someone to run an executable (email, malicious USB keys, poorly managed advertising networks, etc) and then clicking a few buttons in a GUI to connect to them and do what you will.

For the slightly more technical, you've got frameworks like metasploit which can perform network attacks, but even that is getting much more like a kit these days. Port scan for services, fingerprint them, check database for known vulnerabilities, automatically attempt to exploit known vulnerabilities, deploy payload (the trojan).

A typical drug dealer would make more money working at McDonald's, so why don't they? People are weird.

Once you've been convicted of something, or even arrested really, you have few legal options to support yourself.

> A typical drug dealer would make more money working at McDonald's, so why don't they?

I think a substantial share of those drug dealers who aren't working formal-economy jobs as well are also drug addicts that would not be able to keep such jobs particularly well even if they weren't drug dealers, and/or convicts that wouldn't be likely to be offered such jobs if they chose to pursue them.

> Blackmailing people with pictures taken from webcams

How can one blackmail a person with webcam pictures where the person just stares into a screen?

If you mean NSFW pics I don't think they're done with a computer's webcam cam. Nowadays, people use phones for that use case.

It's not only pics of people staring into a screen.

There was a case about 5-6 years ago when a guy recorded and streamed his secretly gay roomate having sex in the dorm. The gay roomate committed suicide later.

Work computers can be taken home or to business trips where things can happen in the hotel after the deal is struck.

>where things can happen in the hotel after the deal is struck.

Serious question: what happens when a deal is struck? They go out to drink? They go back to their hotels? They have sex with their coworkers?

Serious answer: whatever happens is none of your or FBI's business ;)

I'm not naked when I'm using the computer. When I am naked my laptop is closed and most likely in my bag. I guess a lot of people keep their laptop open on their nightstand or something?

Open all night on a table/desk certainly isn't rare. If you're in a dorm room or a studio apartment that can mean "staring straight at the bed".

A lot of people mastubates in front of their computer.

If society wasn't so prudish about naked bodies, it'd be less of a problem. It's one of those shoot the hostage situations. We could defuse a lot of our concerns if we'd relax our self imposed constraints and it would give us more time to worry about the things which matter more.

I know that what the webcam captures is probably the least important thing a hacker can get but I do it because it is visible.

Protecting your privacy should NOT be weird and a sticker over your webcam is a very visible way of showing that to the public. When people ask why I do it, its a good opportunity to educate them on the capabilities of the US government, other nation-state actors, and hackers in general. If they don't believe me and haven't heard of Snowden its simple to show them images of Zuckerberg, the FBI director, and other in tech with taped over webcams to convince them.

John Oliver also did a special last year that showed that a lot of people don't really care about the government getting most of their personal information on their computer. But when they think that the government is getting naked pictures of them and their family they're a lot more interested and upset. Bringing up the fact that the government can see them nude in conversation scares a lot more people and they are more inclined to become more privacy conscious.

If you use one of the bookmark post-it notes, it makes it easy to remove the sticker and put it back when you're done with your video conversation.

> its a good opportunity to educate them

Am I the only one to receive disarming responses when trying to educate anybody over this matter? The vast majority of people (and when I say "vast majority" I mean everybody but two or three people tops, so far) I tried to explain things to don't care. All they have to say are things like "Where is your tinfoil hat?", "This is conspiracy theory", "If they want to spy us there's nothing we can do" and the never old "I have nothing to fear because I have nothing to hide."

Even when you provide material from authoritative sources you still risk being told "Bullshit, go figure who wrote this".

My laptop is black and I keep a piece of black electrical tape over it so it's mostly unnoticeable if you aren't close enough. I do this to avoid giving explanations because from my experience it is pointless.

"I have nothing to fear because I have nothing to hide."

The best comeback to this is usually asking if they have drapes/shades for their windows at home. I think I read that in a CCC guide to talking about privacy/security somewhere. At least that has lead to somewhat interesting discussions and the occasional moment of "you might have a point".

"I have nothing to fear because I have nothing to hide."

Cool. Now, can I have your wallet/purse? Also, get naked. I want to see what you're hiding under your clothes.

And you can forward your medical record, along with your business emails to me as well.

Because you have nothing to hide....

I like, "Mind if I read your text messages? Hand me your phone"

I agree. It's more of a statement than a meaningful security measure.

There should be a term for this.

Maybe something like 'security theatre'.

"Security theater" is an established term, but usually refers to useless security measures implemented by organizations (companies or governments) to soothe the public (their employees/citizens/guests), rather than to actions of individuals onto themselves.

Right. Sorry, it was sort of a joke. I've been told I'm not very good at them.

That webcam might have a microphone. Your laptop has one too. Neither have a little LED to tell if they're on (the one on most cameras isn't hard wired to the sensor. You can sometimes turn it off in the drivers). There's a microphone in your phone, in your tablet, your PS4 controller, your land line (why do you still have one of those?!), that USB gaming headset you left plugged in, your fitbit, your overpriced voice activated IoT refrigerator (Your out of milk; here are some Amazon ads for milk), and your watch.

The potential to listen to audio on unpatched, compromised devices, is a huge attack vector! And yet we tape up cameras.

The potential for burglars to get in through windows is a huge attack vector. And yet we lock our door.

We never used to tape up cameras, now we do. Perhaps one day we will cover microphones or disable them even though we don't now.

I suspect most people who currently tape over their camera would do the same for their microphone if it was as easy. But there's no easy, quick way to do it that allows to re-enable it when needed.

You just rip the mic/cam pair out with pliers and use an independent usb webcam when you actually need it.

Worked like a charm.

Of interesting note: ThinkPads have (had?) independent mute, volume and microphone buttons with LEDs to indicate volume or microphone muting. It's clearly at least partially software or driver driven, because with Windows 10 microphone muting is no longer functional.

The warm and fuzzy feeling that discovery gave me is why my daily driver is still on Win7 since I almost always have both audio directions muted.

The warm and fuzzy feeling should have gone away immediately upon discovering that it was not a hardware mute, but instead a software-defined feature... no?

I mean, if you can turn the LED off through software, it's really no better than the little menu bar icon that every other laptop has. If it were done all in hardware, that would be cool.

MSI laptops too. They have an Fn+Fkey, but when you use it, it disconnects the camera from the USB bus. It disappears from your device listings in lsusb/linux, or device manager on windows.

Surely that leaves open the possibility Windows7 was always in control and if hacked, could lie to you?

The fact that Windows10 breaks it surely suggests it's a software feature?

Yes, but....

There's a difference between "I can turn this off as long as the driver is properly installed and has not been hacked" and "I can't turn this off." While the second statement is abstractly true for both, the bar for some software silently and invisibly turning on the microphone is quite a bit higher if it also requires replacing or hacking the audio hardware drivers.

Why does everyone strip down in front of thier computers?

When I'm done using my laptop I close it.

...do I have to spell it out for you?

Please spell it out for me. Seems being 0001 1001 years old hasn't opened up my mind to such basic concepts. Also, what about the front camera on my phone?

Watching porn?

Also, the camera on your phone rarely points out towards the whole room.

Oops. I use a dock. Mine always does.

Ah, yeah, edge-cases :)

I don't use a laptop if I can avoid it. My personal workstation is right across from my bed, and it's powered 24/7 since it's acting as a file-server and game-server.

Given how everything is angled, I suppose a webcam infiltrator would have a perfect view of me sleeping.

My room has 30 deg C in summer, which is a big incentive to be less than fully clothed.

> Why does everyone strip down in front of thier computers?

Personally, I only use my laptop when I am away from my office. And my office happens to be my bedroom.

> If you use one of the bookmark post-it notes, it makes it easy to remove the sticker and put it back when you're done with your video conversation.

My mother learned to do this from the IT Security team at her company. And I learned to do that from her. It simply never occurred to me that the Facetime camera, hidden on the MBP, can be turned on at anytime without the status light being activated. I keep a small box of those post-its in my go bag and share them liberally.

Ditto this. I use the EFF webcam stickers. Probably nobody cares about watching my bearded face staring at a computer, true. To me though, it's a visible and constant reminder to keep privacy/security in the front of my mind.

I sympathize with your goals of raising awareness, but I think it is in general a bad idea to teach security measures which are only for show. If education is your goal, don't you risk teaching people the wrong threat model?

It's not. I do the same thing. And it works better then I expected. People do this in my office too now and thy come back with questions regarding security that go further then this. This happens also because they are being asked why they do this. It makes them think. They ask themselves why they put tape on their cam but "hide" their crappy passwords under the keyboard and so on.

It is creating general awareness.

This wouldn't work for me, as I store all my passwords on a Post-It note attached to my forehead.

Written backwards so you can read it in the mirror, right? They wouldn't be able to read it, since they get a non-mirrored image.

Unfortunately, I only use palindromic passwords made up of symmetric letters, so they're readable both directly and in the mirror.

Oh shit, my password's been leaked.

I love this. How did you generate it?

crunch 1 4 wuoxvnmWUIOHXVNM180 >> sillylist; while read name; do export name=$name; echo $(echo $name; echo $name|rev)|sed s/' '//g; i=$(($i+1)); done < sillylist

Bash isn't pretty but it does work.

HN's own r/shittyaskscience, I like it.

I would enjoy a sporadic "Shitty Ask HN" thread.

It's gotten to the point where I only feel totally comfortable using machines I've hardened myself.

My hardened laptop is an older Thinkpad laptop with LibreBoot to replace the BIOS, microphone and speakers and camera disconnected internally, removed the wireless cards, encrypted the partitions, and use Whonix as the OS. I've password protected the BIOS and it's set to boot only from the hard drive and I've also epoxied the screw heads in place as well as put globs of epoxy over all the ports other than USB in order to protect against hardware devices that can access memory through DMA vulnerabilities.

It was mostly an exercise in "how secure can I get". I'm not sure what else is possible.

If someone manufactured and sold a more modern hardened laptop, I would be interested in buying it.

You might be interested in something like ORWL[1], which is arguably the most secure consumer PC I've ever heard of. It has tamper-resistant features, full disk encryption, and a secure co-processor which does things like disable the USB data paths when the system locks.

Admittedly, though, it's not a laptop.

As far as laptops go, the librem 13[2], with Qubes OS and coreboot would be a pretty good bet.

If you haven't already, definitely take a look at Qubes OS[3]. It offers security by compartmentalizing different workspaces in different vm's managed by Xen so, in theory, even a kernel exploit isn't getting very far into the system.

[1] https://www.crowdsupply.com/design-shift/orwl [2] https://puri.sm/librem-13/ [3] https://www.qubes-os.org

I'd rather use my closed source safe operating system like Windows instead of having open source stuff with hearthbleed like stuff open for every hacker, thanks.

Can't tell if joking...

Makes sense, I guess it just depends on your comfort level with your computers & software.

1. Use Facebook

2. Use DropBox

3. Use Skype

4. Use Google services, always logged in

5. Use Windows 10

6. Use Google Chrome

7. Tape webcam ¯\_(ツ)_/¯

I think you've created a strawman here. It's about risk assessment and ease of implementation. Taping the webcam is easy to do, effective and easy to undo. It protects against a real, not theoretical attack. It has meaningful value. Not using Windows 10 might also have meaningful value and protect against real, not theoretical attacks, but would be difficult to do or undo.

I could also point out that you are more likely to slip in your shower and injure yourself than get struck by lightning, but I expect there are more people who know how to stay safe in a lightning storm than who have non-slip mats in their shower. You're also far more likely to get injured or killed driving your own car, but I expect many people avoid public transit out of fear, lack of convenience , etc.

No question our assessment of risk is poor, but that doesn't mean we shouldn't take what steps will fit into our lives.

I mean, I think it's a worthwhile comment even granting this. When people are worrying about the computer scare of the moment, they tend not to realize that the threat surface is so massive that they're certainly, inevitably vulnerable somewhere.

No security habit short of Ludditism was going to keep people safe from Heartbleed. And it does feel a little on the nose for Comey to be pushing a security 'story' that's conveniently removed from crucial steps like "update your software regularly". I was irritated to see him describe that as "caring about people's personal security" when his stance on all other tech topics is to make people give up security for access.

None of which makes taping up a webcam wrong, of course. It's easy, it's nontechnical, and it eliminates a whole (very real) class of threat at a single stroke. That's actually pretty good, and webcam spying/blackmail certainly does happen.

In fairness, however, he wasn't "pushing the story". Indeed the irony is pointed out during the story.

I work at a public library and occasionally teach computer classes. In one we cover security, but it's infuriatingly difficult. When you're working with people who have trouble with the mouse, or even with basic literacy (I mean reading literacy, not computer), it's hard to explain "attack surfaces" or "the cloud". It usually comes down to:

1. Understand the difference between identity and security. 2. Update your software regularly. 3. Use different passwords for different services and write them down (the number of people who don't know their password because they have email on their phone is... too high). 4. Be aware of who you are giving information to and why. Do they need that information? Is what they are offering worth providing it.

It's hard to cover much more than that.

That's what typically happens for people who have no grasp of data. They understand what a camera is, that it takes pictures and that they don't want something to be able to take pictures of them at any given time. They do not understand the whole clusterfuck of data that's drawn about them from every other service and how it can be put together to reconstruct details about them that they do not want others to know about.

The other issue with the webcam taping is that it is becoming less and less of a viable way to even keep yourself from being video recorded. For example, what about the cameras on your smart phone?

If we aren't there already, the direction of technology seems to me to be: "cameras all around, everywhere, 360 degrees all the time." Ubiquitus video/audio recording and real time processing.

So what are we left with in terms of privacy? I believe we can only hope to control how data is used in this aggregate sense to some extent or other. If even that.

> Ubiquitus video/audio recording and real time processing. ... So what are we left with in terms of privacy?

A new sense of what privacy is. It is increasingly rare that someone should have a sense of privacy or anonymity while in a public place.

It's reasonable to worry about government abuse of power from monopoly access to the full aggregation of surveillance data (even if that data was not originally intended as surveillance). Many people advocate for damming the flood of data, but this is futile. A more effective solution is to end the monopoly of access -- public aggregation of surveillance data. Twitch for everything.

Don't worry quite yet. Wait until we all have wearable cameras.

>May they be able to see me naked? Well, probably, but I honestly don't think that they will make a lot of money by selling my naked pictures...

We all do weird things or at least act slightly differently when we feel alone (being naked is one of those). Your records can be easily used to put a little pressure on you to do something little, not big. Why do you think you're so important to FBI CIA KGB? Regular fraudster will send you your photos and say that your boss/wife/friend will see it, and though there is 'nothing really wrong' on these, you'll pay or feel unprotected, or your party will.

That said, far too many people do have personally secret behavior like cheating, gambling, smoking, jerking off (oops, said it), having sex, private speech, strange comments that can be abused out of context (e.g. n-word while playing role in gta:sa). So many ways to get f-ed up.

Blue paint tape makes the on/off process at least a bit more bearable.

In fairness, you can still capture conversations from a webcam if your mark is speaking right in front of it, regardless of whether microphones are on.

Source? I'd hazard a guess that it's likely only marginally more accurate than lip reading?

Pretty cool. But I'll eat my hat if a regular webcam can pick up enough detail in regular lighting to do this. Plus 90% of the time the webcam will capture a users chest and the wall behind them, hardly useful for visual microphones.

Interesting technique. This requires 60fps 1280x720 video. People would surely notice the slowdown. I wonder if it's possible to improve on this?

The saying is "attacks only get better". Its likely that more can be done with less pixels but more software.

But hardware can also get better. Surely the next-gen of laptops have depth-sensing cameras too? Its becoming an integral part of game console motion detection, and normal smartphones will have them too e.g. hype I found by googling: https://3dprint.com/117809/depth-sensing-phone-cameras/

This was an interesting thing to see when it came out and keep people aware what is possible. Maybe there is even more possible using this technique.

But Nevertheless activating one of the many microphones around (mobile phones, phones, laptops, "echo" like devices, speech controlled televison) would concern me much more then.

The range of the human voice goes from 85hz to 255 Hz, and that means a webcam should record at about 500hz to be able to capture enough information to reconstruct voice with good quality.

Because webcams record at 60hz (max), they can only capture enough data to reconstruct sound at 30hz, way below the human voice range.

Webcams record faster than 60 Hz. Sound perturbs the recorded image every scanline, not just every frame. The techniques that reconstruct audio from video do it by looking not frame by frame, but line by line. 60 Hz times 720 vertical resolution is 43200 Hz and way more than enough data.

This, unless you are going to open up every device around you and physically isolate all audio recording equipment, I fail to see how covering your webcam is much more than security theatre?

It's not strictly about security. Some people like to close their curtains at night not because they think it makes them safer, but because that level of exhibitionism seems weird to them. It's the same principle.

I have a black laptop. I put a tiny piece of black electrical tape over it.

I do lots of calls, but I've never seen a good reason to use video except perhaps with one's SO.

GitLab is a remote only company with 100+ team members. Most of my calls are with video, the nonverbal language adds to the conversation for me. It's not 90% but I prefer video to audio if possible.

I do quite a bit of remote work, but I'm the opposite. I don't find it helpful in the slightest, I'd rather see someone's screen.

I worked for a remote company and I recall only having my camera enabled for the first week or so. After that it was off pretty much permanently. I didn't notice a difference with it on or off. It didn't seem to matter and everyone else did more or less the same thing.

When the FBI interrogate, they have people whose expertise is to use your entire body language including facial expressions, etc... to gather information.

Giving an attacker the ability to monitor your body language while they have full control of your computer is extremely dangerous as they have established a closed loop to interact with you without your consent or knowledge.

As the FBI also excell in this kind of subversive intelligence gathering, it figures they would be wary of being on the other end of it. An example is if a chinese, Russian, corporate spy had them on the other end without their knowledge.

Edit: Another topic is the issue of criminals who use extortion. This is far more common than you likely realize or aware of. Where we are the criminals and intelligence saboteurs/spies are alot more sophisticated, and use computer hacks as part of their planning to extort and blackmail their targets.

>>I prefer not to have to bother removing stickers every time I want to do a Skype call.

I solve that by never talking to anyone ;)

> but I honestly don't think that they will make a lot of money by selling my naked pictures

I'm thinking you might shell out a few bucks to keep someone from posting pics of you doing something embarrassing while naked.

On amazon there are cam blockers with a lid that allows you to block and unblock the cam.

When you're a person with access to the nation's secrets, it may matter.

Having a camera see your face? This seems unlikely. Invasive, disgusting and gross, yes.

Watching you - even bored, bearded, naked you - through your camera is the literal incarnation of 1984.

There are some covers that slide instead of stickers so it's still easy to use when needed.

"People who say they don't care about privacy because they have nothing to hide are like people who say they don't care about free speech because they have nothing to say."

- Edward Snowden

You make the common mistake of thinking that partial security is no better than no security because you can still get compromised.

Spoiler alert: It is.

Isn't this really just a sign of flawed hardware design?

In my opinion hardware should be designed so that the camera LED lamp should always be lit if the camera is used. If there is a malfunction with the LED, then the camera should also not work. Also there should be a hardware LED for when the microphone is being used which should work in the same fashion for laptops with built-in microphones.

In the webcam drivers I have looked at the LED is controlled independently of capturing, although drivers do enable the LED when the camera is used. This essentially means that hackers can record and disable the lamp.

I've been considering hacking together some piece of software that will continuously use the camera (/dev/video) in order to block it for other applications, and have it fail with visible alerts if unable to block the camera. Not sure if the same thing can be achieved for the audio recording devices due to multiplexing.

>If there is a malfunction with the LED, then the camera should also not work.

Many would argue that this is the more flawed design.

It seems like a "fail safe" to me. The current design is a bit closer to a "fail deadly" in that it creates a mode that's the worst-case from the user's perspective: the camera works but the indicator doesn't.

It is probably worse to have an unreliable indicator light than it is to not have any indicator light at all.

In my opinion hardware should be designed so that the camera LED lamp should always be lit if the camera is used.

That would only inform the user that the camera is on, and that isn't good enough. If the user is paying active attention to the computer then they can take action, but if they're not then they can't - noticing an LED has switched on when you're busy doing something else in the same room is quite unlikely. Even if you're actively using the computer you could miss it if you're focused on a task.

A hardware switch that disables the camera or a lens cover that blocks it entirely (eg tape) are the only safe options.

The hardware switch won't tell you that your computer has been hacked. The camera light will. And a lens cover won't protect your microphone or your personal data.

The issue is the camera being used to violate your privacy. A hardware switch that lets you physically disable the camera, or a a lens cover that stops it seeing anything, stops the possibility of that happening completely. You'd obviously need a second system in order to stop an attacker using your microphone.

All a light does is inform you that the camera is active. That is not a defence. It doesn't tell you that you've been hacked because an attacker might not access the camera (a mic and data are still accessible), and the camera light might activate if you haven't been hacked (eg any piece of software that you're using might result in the camera activating regardless of whether you want it to or not) which would lead to many false positives and as a consequence people would ignore the light.

A light is only information, and any amount of information won't stop an attack. Information is only available after you've been attacked, so you haven't stopped or mitigated the problem. A hardware solution that stops people accessing the camera mitigates the result of an attack before it happens. That's why it's much better. You just have to remember that blocking the camera only stops attacks that use the camera. You still need to be diligent about other attack surfaces.

I really don't understand this reasoning at all.

If you just block the camera you won't know that your computer is being hacked. The piece of tape isn't going to stop the hacker from doing much. Knowing my computer is hacked is far more important than stopping the attackers from seeing me.

If you have a false positive that is also very concerning and should be dealt with. At the very least I can put a piece of tape over the camera after the light turns on, if I believe it's a false positive.

At the very least I can put a piece of tape over the camera after the light turns on

At which point it's already too late - the hacker has had access to your camera for some period of time, until you notice the light. If you're interested in stopping people seeing you then you've failed. Putting a hardware block on the camera (eg tape) before you're hacked means that the hacker won't ever get access to your camera to see you.

The hardware block is about stopping people accessing your camera. It has no effect on anything else.

Regardless of what you do with your camera you still have to defend against other ways you can be hacked.

>At which point it's already too late - the hacker has had access to your camera for some period of time, until you notice the light.

Yeah for like 10 seconds. Who cares? The problem with webcams is they can spy on you for days and weeks on end, and record your sensitive conversations.

Recording conversations has nothing to do with the camera. You might be thinking of the microphone. Should we put a little LED on that too?

Yes of course. It should be connected to both. You can't put a piece of tape over a microphone.

But the microphone is always on if you enable voice activation, e.g., "Okay Google", "Hey Siri", "Hey Cortana". That recognition is handled in software, so no "hacker proof" hardware indicator can distinguish between the use cases.

"Hey Siri" works on desktop devices: https://9to5mac.com/2016/07/15/how-to-enable-hands-free-hey-...

"Okay Google" was removed from desktop: http://www.theverge.com/2015/10/16/9553051/ok-google-removed...

Yes, and I have my own issues with unprompted voice activation for that exact reason.

I think that having the mic light always on when you enable voice activation, would go a long way to showing consumers the risks of it. It makes it visually obvious that you are being recorded.

If you are hacked, the camera light won't tell you. The camera light also won't protect your microphone or your personal data.

But the light won't tell you because of a flawed design. It should be trivial to design a webcam LED which can not be turned off while the camera is being used.

It should tell you. That's the whole point.

If I'm hacked and the attacker doesn't touch my camera, then it can't tell me.

That's the whole point.

But if they do touch your camera then you will know. If they don't touch your camera, then putting a piece of tape over it is pointless anyway.

Then a camera light that tells you when the camera is on, and a hardware switch that prevents image data from going to the computer.

Take it a step further - an auto-off hardware switch.

When you go to Skype you have to flip it before audio/video works - and then once the webcam is no longer "in use" it flips the hardware switch so that it can't be triggered (as the user is not going to want to re-trigger it, nor is likely to remember to do so)

Here's the problem with this solution - it assumes that everyone equates the LED being on all day long every day with "oh shit, I'm hacked". No, the average person is going to just say "Oh great, another thing's broken on my computer."

Your average computer has a lot of LEDs active anytime it's plugged into the wall (let alone running) - what protection will yet another LED offer to your average consumer?

"The head of the FBI on Wednesday defended putting a piece of tape over his personal laptop's webcam, claiming the security step was a common sense one that most should take."

One needs to ask why is the head of the FBI telling you this? Cui bono?

This is a red herring.

The FBI has no interest in filming you through your webcam.

They want to listen to your microphone, watch your screen, get the keys you've typed, see the websites you've visited, read the emails you've sent.

Watch you on video? Nah. This is a red herring.

That is the reason the head of the FBI tells you to cover your webcam.

I wish the The Last Psychiatrist would come back.

The FBI isn't telling you this so you could protect yourself from the government. They are telling you this because they know how easy it is for someone else to take control of the camera and make your life hard. So it is a common sense step for you to take if you're concerbed about security.

You took a pretty huge jump from that to the FBI listening to your mic.

I guess it's also in the interests of the US authorities that their country isn't subverted via normal citizens through blackmail.

Taking screenshots at exactly the same time when the observant is typing something into the very same laptop makes for undeniable evidence to the judge.

I do think the FBI has a track record of infringing privacy and bending the law, but the FBI isn't always the boogeyman. Here they are probably actually trying to do their job, which includes protecting citizens from blackmailers and other baddies.

It saves them bandwidth, too, doesn't it?

If you're so concerned about having your webcam subverted, it seems like the first step would be to insist on a hardware LED that can't be subverted in firmware. If nothing else, it would serve as a canary, indicating that your machine has been thoroughly compromised.

If it was on my radar I would much rather have an LED for microphone active (laptop and phone) than webcam - precisely because I can put a sticker on webcam.

Better still a hardware switch.

Maybe a toggle for enabling/disabling device driver for mic?

The Librem 13 comes with two hardware kill switches, microphone/camera and wireless/bluetooth. They raised $450k for their $1,400 laptop.


How can you tell if it can be subverted? Here's a paper about subverting the Apple Mac camera led indicator from userland:


If the LED were simply wired in series somehow with the mic power supply I imagine it would be easier to tell. The problem with the Mac LED indicator was that it was controlled by a microcontroller that was ultimately accessible via user land. It's harder to surreptitiously bypass a simple electrical circuit.

Sorry, but how do you tell the difference? I agree that the Mac LED indicator was poorly designed, but...

As a user, you can't. The hardware manufacturer has to tell you.

And who do we trust to do that? More importantly, is it even possible?

In terms of electronics it is fairly trivial and it can be inspected by eye (or microscope) if the manufacturer decides to not encapsulate everything on a chip (which presumably would be the point of such a feature).

Just have the only positive voltage rail going to the camera be the same one that is directly powering the LED. The firmware will be turning this rail on and off, hence turning the camera and the LED on and off simultaneously.

Idle though on possible attack vectors:

Convince the firmware to use a lower voltage, one that doesn't hit the breakover voltage on the LED but still powers the camera.

Strobe the line, get snapshots without the LED doing more than very faintly glowing.

I have a very hard time believing that the camera itself will not brownout in such a case.

LED activation voltage is less than what cameras typically require.

Neat ideas. It never even occurred to me that the power rail would be voltage-programmable, but of course it probably would.

Your second idea is even more scary and realistic.

Even if it was, most of the time when people are taking surveillance webcam photos (a hacker or a person trying to recover their stolen laptop) you can take the picture so quickly that they probably won't see the light.

Have you a source for that? My experience of laptop webcams is that they need at least a second or two after power on to initialize the camera. That'd be pretty noticeable if you're using the machine, at least.

I do! DEF CON 23 - Ken Westin - Confessions of a Professional Cyber Stalker


Specifically around the 18:00 mark. Also he does provide source examples that you can ruin your computer with if you want.

He gets into a lot of it, but shows quite a few examples including what I'm talking about. The people that he catches aren't necessarily savvy, but he does talk about taking pictures fast enough for the light not to be visible.


I said it then, and I say it now:

- Encryption is our webcam tape.

That tape cannot be thwarted by any remote attacker, legally warranted or not. It's perfect, unbreakable security from webcam visuals being exfiltrated, exactly the security features that Comey says we shouldn't be allowed to have for our data.

"What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity."

~ Philip Zimmermann, "Why I wrote PGP"


A brilliant point and a salient quote. Why must we continue to live, collectively, with our heads in the sand?

It's not perfect if your endpoints are compromised.

I know this thread will probably get politicized, but I see nothing wrong (or necessarily hypocritical; he's law enforcement, not IC) with his advice here.

It's not a bad thing to do, it's just hypocritical of him to value his own privacy but tell everyone else they need to give up theirs and let the FBI and NSA have access to everything they want to keep private.

He might be wrong (about wanting to able to snoop), but it isn't hypocritical. He is saying protect yourself from illegal hacking by bad actors, but submit to legal snooping by the government. Again, he might be wrong about wanting various legal means to snoop on people, but not hypocritical.

Similarly Hilary advocates for banning encryption yet makes her staffers using Signal application to encrypt their correspondence.

Our government is full of hypocrites.

>Similarly Hilary advocates for banning encryption

Does she? Her tech platform seemed pretty supportive of Apple's stance on encryption: http://appleinsider.com/articles/16/06/29/hillary-clintons-t...

It's really hard to say what she supports. She changes her opinion so often trying to appease everyone, but is clear that she wants government to be able to decrypt communication: https://www.techdirt.com/articles/20151220/08101633141/hilla...

That's much worse and far more hypocritical than Comey's remark.

Typical mind fallacy here, I think. I don't imagine the directory of the FBI gives one whit about "privacy." Instead, picture them spending all day thinking about "national security." Citizens have to tell the government everything—because doing so enhances national security. The government must not reveal anything to its citizens—because doing so would compromise national security. Pretty straightforward.

Perhaps he's not concerned about the FBI and NSA viewing him in the buff (seems to be a recurring theme here - am I the only person who uses his computer fully clothed?) but rather the Russians/Chinese/enemy.

Why would you be concerned about the FBI or the NSA knowing about the content of your digital communiques if you have nothing to hide? Even the most ardent supporter of personal freedoms will admit that the government observing you over a network is the same as taking pictures of you with a telephoto lens on a busy street. The truth is the same: there are too many people and you aren't special enough to deserve personal surveillance.

Are we really still building a brick wall between "nothing to hide" and "prefer to keep personal"? I'm asking this as far away from the legal and moral realms as possible; do people just not even deserve the basic benefit of having aspects of their day-to-day kept to themselves, even if it might not be inherently and/or objectively wrong?

Because that's the question I hear being begged when the "you have nothing to hide" counterpoint is brought up. You've got nothing to hide, so let me just look anyway. Sure it's none of my business, and I have no actionable legal right to it, but it's not illegal so why don't you want me to see it?

You're probably trolling, but...

The reason why we don't give broad general search powers to the government (or at least, in theory don't give the government broad general search powers) is because the government can prosecute people, and given enough information they can find a reason to prosecute anyone. Which then fully opens the floodgates to selective prosecution: anyone who's disliked by someone in power will simply be prosecuted and likely convicted and jailed, because everyone will have done something that an all-seeing government can prosecute for.

Cardinal Richelieu is alleged to have said that, given seven lines written by the most honest of men, he could find something in them to create a capital offense and have the man hanged. I'd rather not live in a society where anyone has that kind of power.

This is a very weak analogy.

What the NSA is doing right now, and what the FBI would like access to, is in no way similar to taking pictures of you on a busy street.

What the NSA has is every intersection wired up with cameras, recording 24 hours a day, and all of it indexed with facial recognition and license plate readers.

No organization should have that much information or reach at their fingertips, no matter how virtuous the mission or the people working there.

> Even the most ardent supporter of personal freedoms will admit that the government observing you over a network is the same as taking pictures of you with a telephoto lens on a busy street.

Is it? If i'm having a 1 to 1 conversation with someone online then that is a private conversation. There monitoring my traffic is more like opening the letters I would be sending that person.

More fundamentally though, the meat space public/private divide does not map at all to the cyber space one, all analogies and laws to apply one to the other are flawed.

> there are too many people

Oh please. They can probably harvest the lot. It'll be some algorithm that deems you worthy or otherwise or gets you on an "of interest" list. Let's keep "personal surveillance" for '50s spy movies and Banksy murals.

More generally, what about the chilling effect on legal and legitimate conversation?

It'll be some algorithm that deems you worthy or otherwise or gets you on an "of interest" list.

...or your association with "Occupy" or some other political protest movement that someone in power disagrees with, or that your wife bullied some politician's wife for two weeks in school, or that your interfering neighbour with a petty dislike of how you landscape your garden works as a government clerk and can access your data.

There are many reasons why some individual might want to know private things about some other individual. When individuals with some tiny (or vast) power want to wield it over anyone else, especially when they can do it with little oversight, it's very tempting.

That "the government" has access to my private information does not mean it's blind and faceless. It's made up of people with complex motivations.

The FBI is part of the intelligence community.

[1] https://www.cia.gov/about-cia/eo12333.html#1.7

The webcam cover up is interesting to me because it's the only "weird privacy thing" I've seen regular, non-technical people do. A good amount of people at my university, most of which use social media liberally and don't care about encryption, cover their camera up.

It actually seems less weird to me in a university setting. Most university students live in small quarters, so they're more likely to have a computer in front of them while they're nude, using drugs, having private conversations or doing other private things.

They're also around lots of new people of varying levels of maturity who could have a decent chance of getting physical or network access to their computer, much more than neighbors in the rest of the world.

A creepy stalker or blackmailer spying on a university student through a webcam sadly doesn't seem that farfetched, especially for women.

This is only idle speculation but:

A web cam resembles an eye staring at you all the time. This makes people feel weird, like something is staring at them. The threat to privacy is right in their face and on a gut level.

That's the reason so many people cover them even when they won't take other basic online privacy precautions.

Also just in general, people understand what a camera does. It's much harder to understand the implications of abstract "data" going off onto the internet.

I think university aged women would be the most logical person to cover up their camera.

It's not weird at all. Women should definitely always do that, because they use their laptop everywhere, e.g. in bed, and there are plenty of viruses and trojans that activate the webcam for sextortion and stalking purposes.

This is like the coal burning power plant telling you to make sure to sort your recyclables into appropriate containers, to make the environment cleaner.

Also people enjoy and feel good about accomplishing small things. Putting a sticker on your laptop is a small easy task. Do it and they feel more "secure" in an instant.

Every electronic communication device (laptop, mobile, tablet, etc) should have 1 hardware switch per sensor (camera, mic, motion/acceleration, etc) which disables the sensor.

Why manufacturers still haven't introduced this is beyond me.

>Why manufacturers still haven't introduced this is beyond me.

Expense and lack of demand.

Some older laptops used to feature hardware kill switches for the wifi (this was prior to the advent of a camera in every laptop). The old Dell D820 model was one such laptop. Eventually they were dropped all around because from the makers point of view, the presence of the switch had no effect on the sales of the laptops.

Anything you add to the BOM (Bill of Materials) for the device raises the final net cost, and there is still enough competition in the laptop/phone space that keeping the costs down is necessary to compete. Additionally, twenty-five cents per unit does not sound like much, until of course you multiply that by 10+ million units built (where a twenty-five cents difference per unit amounts to $2.5+ million difference in the end). So if having the switch or not having the switch made no difference in sales, the maker could either raise their profit, or lower their price (or more likely split the difference) by dropping the switches.

The lack of demand is that not enough purchasers are telling manufacturers they want hardware on/off switches (the purchasers do this by buying only laptops with them, and by not buying laptops without them [which may be difficult to bootstrap now, given that almost no laptop has a hardware on/off switch anymore]).

I've found many of those supposedly 'hardware' wifi kill switches were software controlled (When I installed Linux on an old Dell, it completely ignored the state of the wifi switch).

I want a switch that physically cuts power to a device, but no... :(

Here's a linux-running laptop that has 2 hardware switches:


Wow, interesting, I didn't know about this.

No business incentive. Too few people know that they need to care about their privacy.

I guess this is just as good place as any to bring this up. In current OS X, you cannot disable your mic. You can turn down the input volume, but never disable. All malware needs to do is raise the input volume and it can listen to you to its hearts content.

And its worse with your iPhone.

Can someone confirm if this is actually true? Sounds too far fetched that you cannot disable the mic (i.e not muting, I assume?).

Just look around on the internet, you'll find the same thing. I researched this a few weeks ago and was amazed.

You basically have to disable the audio driver in OSX to disable it, and doing that, means you can't play audio at all. And even that isn't enough, it technically can be hijacked at an even lower level.

I was looking for a way to cover the mics and webcam integrated in my laptop which doesn't require a tape. So, I grabbed a couple of those magnets stripes usually found on fridges and then , using a scissor, made two little rectangular stripes and a larger one. Next, I glued the little stripes on the laptop, near close the mics. The nice thing is that the large stripe covers both, the mics and webcam. For me, it's an easy way to cover/uncover fast.

I keep mine covered because I work remotely a lot and I don't want to accidentally shirtless video chat someone from bed when I meant to make a different type of call.

It was unusually hot and I actually did that myself just the other day - embarrassing!

I use a MacBook Pro as my daily driver, but I recently purchased a Lenovo ThinkPad to play around with. Sometimes I forget how awesome it is to have a repairable and modular computer.

I didn't want the webcam or microphone in the ThinkPad… so I took 30 minutes and removed it. Easy as that.

Well,to be fair you could just open the MacBook Pro and unplug the ribbon for the webcam. iFixit will have instructions. Removing it entirely granted is another matter, involving opening the screen, but you'd have to do the same on any modern laptop with an integrated camera wouldn't you?

For my mac I just used a knife to open screen and shoved black paper strip before camera.

I experimented a bit with an Apple laptop microphone, and it took 2 layers of electrical tape to block the mic. There doesn't appear to be any way to block an iPhone mic without blocking the speaker, too, and I'm not confident that it could be blocked at all.

But what about his computer's built-in mic? Unless he's pantomiming all sensitive info...

It's pretty sad that he used the word "authority" in this sentence: You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”

It's relatively common to have access to private security cameras. Some are even google indexed.

The software included relies on the users protect the web interface. Obviously, this is the vulnerability. Especially with things like default passwords.

Here's an article about it: http://www.networkworld.com/article/2844283/microsoft-subnet...

A lot of these cameras are controllable and have speakers.

People now do live video streams of pranking people through this means.

Pictures: http://imgur.com/a/0WImd

Back in the day, SGI workstations had a hardware shutter. I still think it's a good idea.

My Asus 1015PEM netbook from 6 years ago has a physical screen that slides over the camera; sliding the screen also turns on the camera. Why don't more laptops have this feature if this is such a 'big deal'?

The hacker news readership is focussed on startups and technology. It's a career, a business and in some cases an interest in technology.

So privacy as a social good may not be the primary perspective and it often devolves into how this affects readers personally rather than the society they live in or side tracks into technology nuances.

Technology is enabling new negative possibilities but it does not follow that technologists can make a difference. There is no ethical code of conduct. Like everyone else they are another cog in the wheel and software engineers may not have an interest or priority on privacy, social and political issues.

There are a large number of folks working in the nsa, gchq, google, facebook, palantir, hardware vendors and elsewhere actively enabling this.

Like technology itself politics, liberty, privacy and the evolution of modern system from the time of feudalism requires interest and priority. From this perspective the need to tape up your webcam may have completely different ramnifications.

I agree with what most people are saying on here, but I believe there's a bigger picture to it.

Let's say that your computer has been completely 'pwned', and that you are currently reading an article with an ad for Cow Porn, or whatever, on the right hand hand side of the site. The hacker can write some code to check what your eyes, and eyebrows, did when you looked at the ad. If it peaked your interest, the hacker can maliciously add more 'Cow Porn' ads to sites you visit - via swapping out the regular ones.

Now one day you get curious and click on it, and boom they take a screen shot and try to blackmail you.

This is obviously quite outlandish but think about purposefully planting posts, lets say on reddit, by switching out posts. They then look at your head movements, and, or, eye movements then boom, you're added to some list that you wouldn't have be added to if it weren't for your eye movements.

I have never covered my Webcam because I trust the light to come on if the camera turns on. Is it possible to bypass that led?

This is what I find ridiculous. Is there any real value in NOT hardwiring the camera power to the LED? Consumers should demand that the camera light not be under software control and that it always reflect the true power state of the camera. Something similar should be done with the microphone. There is no excuse for a situation where I have to put tape on my camera.

> There is no excuse for a situation where I have to put tape on my camera.

And yet, we happen to live in a world where practically no customer has the needed expertise to verify for themselves if the LED reflects the true state of the camera or not, and if they had it they'd not care any less. A world where corporations misuse technology to betray customer's confidence and break the law, and when those get caught, get away with no more than a slap in the hand (as in the VW emission control hack case).

So, what are you going to do about it? Throw a tantrum because you exist in Earth instead of Heaven, or work out a solution that you can implement yourself without need of consensus from the ignorant masses or permission from their corrupt leadership?

In addition to the attacks that others have mentioned here, I've also heard folks comment previously on the possibility of turning on the camera very briefly, just long enough for a single still shot. If it was done fast enough, the brief flicker of the LED might not be noticeable.

(Like you, I had always assumed that the power for the webcam was literally in series with the LED, so that disabling the LED would render the camera inoperable. That seemed like the obvious way to do it if you wanted to provide a truly reliable signal. But evidently that's not the case.)

Perhaps you mean in parallel. An LED is driven by 20 mA, whereas a camera requires more like 200 mA, so it's not feasible to wire them in series - either the LED will burn out or the camera won't power up.

Yeah, I was pretty sure I was being a little sloppy by using the term "series" (for shame, physics prof, for shame!), but I was hoping to evoke the general sense of "if current doesn't flow through the LED for any reason, the camera can't turn on." Honestly, I'm not 100% certain offhand of a way to wire that (which is why I didn't want to be specific earlier, despite using a specific term: shoulda added some weasel words :) ). Do the LED and the camera run off of the same voltage? (If not, then parallel wiring won't work, either.)

>I had always assumed that the power for the webcam was literally in series with the LED

If I were tasked with making a webcam circuit, I'd make sure the light and the sensor were always powered together. So I (naively) assumed that's how everyone would do it.

Maybe you could add a capacitor to keep the LED going for a bit longer after the power cuts. The power off dimming might be aesthetically pleasing too.

I'd had exactly that thought. (Of course, the danger is that it might also lead to the LED taking a few moments to light up.)

From a user perspective it is hard to know whether the webcam LED is software controlled. If it is software controlled, e.g. by the webcam driver, it is prone to manipulation and could remain off while the webcam is recording.

Of course, there are many cameras that do not even have an activity indiator (LED), e.g. stand-alone cameras, or simply your phone front and back camera. I find it a good habit to cover all cameras, regardless of wether they have an indicator.

Unless the camera and light are on the same circuit, it is possible to bypass the light via some software change.

If the light goes on, then it's too late.

Yes, LEDs are just connected by gpio. It is cheaper than doing something like parallel or serial led connections (i.e. on the power wire) since the chips come with a few extra gpio balls.

It's trivial simple to do so.

What about the cameras in your phone and the microphones in everything? Security theater isn't security.

I'm about to die laughing at the hoops people are jumping through in the comments to claim they've never pulled up some porn and enjoyed themselves in front of their laptop. Ever. EVER


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact