First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
> First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on.
I have made this point several times throughout this thread, so I apologize for repeating myself:
Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera.
At the very least, I need a citation or an official statement. Because clearly, this has not always been the case [1]:
We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops.
[..] our investigation of the iSight revealed that it is designed around a microprocessor and a separate image sensor with an indicator LED sitting between them such that whenever the image sensor is transmitting images to the microcontroller, a hardware interlock illuminates the LED. We show how to reprogram the microcontroller with arbitrary, new firmware. This in turn enables us to reconfigure the image sensor, allowing us to bypass the hardware interlock and disable the LED.
[..] iSight webcam [was] found in previous generation Apple products including the iMac G5 and early Intel-based iMacs,MacBooks, and MacBook Pros until roughly 2008
Whatever reason Apple had to design the camera system this way back in 2008, is probably still a valid reason (cost, hardware simplicity, spacial constraints etc.). It means Apple and others have incentives to build camera systems that are easier to compromise. It's enough for me to worry.
So is trust. You can’t possibly audit the source of every piece of software that touches your life, even if all of it were open source. Hell, things like Heartbleed or Shellshock sat in OpenSSL / Bash for 5-10 years.
If you don't trust an open-source program due to the possibility of e.g. Heartbleed, then it's only reasonable to trust closed-source software (e.g. the majority of macOS, including in all likelihood the parts of it controlling the camera) even less.
What if only the camera is allowed to shut itself down and never responds to such requests if they happen weithin the first one second after it has been powered on
You could connect the led to a capacitor, which would be charged when camera is connected to power, and would discharge powering the led for a few more seconds after power is disconnected.
But yeah, I wouldn’t trust a led, because I can’t reverse engineer the circuit that’s in my particular device.
It is extremely unlikely (in the human terms - not possible) that LED would break in such a way that it transmits the power and not emit light at the same time.
Of course the LED can be installed in a parallel connection on the circuit, but I read the op statement as it is not the case.
"Let's devise a way to purposefully burn the LED in such a way that current can go through." We have to keep in mind that not everything has to be by accident :) I have no idea how likely it is to be possible, though, you've got a point.
Why did you read that it's not the case? I read the opposite. That if the LED broke, you'd notice it because your camera would be on and the light would be off.
I would bet on the LED being parallel - otherwise sending more current through it will burn more power, generate more heat, and likely cause it to wear faster.
I think the point though is that it's not software controlled in any way: powering on the camera lights up the LED, and there's no way to bypass that with only software. Or at least that's the claim.
The problem is that the average user has no way to verify this and also the light doesn't prevent the camera from turning on, it merely notifies you that the camera is on.
A manual, physical barrier, especially an aftermarket one, solves those issues. Personally, I use electrical tape.
> ”the light doesn't prevent the camera from turning on, it merely notifies you that the camera is on.”
No, but the OS prevents the camera from turning on without permission from the user.
(There have been bugs/compromises to this in the past, but at the browser level - you still had to give camera permission to the browser)
Besides, if you’ve got some compromised or surreptitious software on your MacBook trying to secretly take photos, you probably have much bigger security problems to worry about than just what it can see through the camera.
Without worrying about malware, several times I've clicked on some Skype like program while trying to make a voice call only to find it trying to transmit ugly video of me.
Valid point. I have to admit I'm a bit "video call vain" as well. I like to make sure my hair doesn't look too crazy and my room doesn't look too messy before getting on zoom/skype/etc. But one thing the last few months has taught me is that many of my friends/colleagues/family really don't care about these things!
Yeah, I'm not even worried about malware, I'm more worried about joining a call with video on by mistake using a legit program.
I mean, the thing is that I never want to use video on calls, basically. Waste of bandwidth and no worry about broadcasting the wrong thing by mistake.
You’re focused on the wrong part of the chain here. As the camera system is only as weak as it’s weakest link, if Apple indeed made a circuit connected to the LED (and I fully trust you on that), then the weakest link is elsewhere: company provided laptops are often altered prior to be given to an employee. I know of colonies who install software to track messages etc. What’s to say the same companies don’t alter the circuit board to modify the LED behavior?
There is a risk/reward/effort to look at, putting a small piece of tape is low risk / low effort / high reward (if your company actually angers laptops).
If they take the efford to alter the circuit they might as well place a camera somewhere else, listen to all your network traffic, install a (hardware) keylogger and what not.
I think you are taking this too far.
People who fear to be tracked buy a laptop in a random store and don't use a provided one.
What about company laptops,where you're much more likely to be targeted based on your job, not your personality.
Snowden already showed us the depths that governments will go to, to compromise their victims with hardware swaps and worse. And it's already been 7 years. They're even better at it now.
> What’s to say the same companies don’t alter the circuit board
The realities of modifying hardware. Is it possible? Sure. Is a company going to do it routinely at scale? Highly unlikely, because unlike software modifications, this would be pretty expensive. Are you aware of any companies that routinely do _hardware_ modifications on employee Macbooks?
Not aware of any that do that for laptops but I know 2 personally that do that for phones. They have a collection of devices (phones) trash to go, so it’s not as unscalable as I initially thought because they re-use the devices.
So I’m assuming if some do it for phones, must be some doing it in laptops.
Again. It’s all about probabilities. 1/ What’s the likelihood of the company doing that? Close to none.
2/ what would be the severity of the issue if they were doing that for me? Very high.
3/ what’s the effort level to prevent that? Very little.
Why do I even have to trust Apple and physics here? Why can't Apple just provide a physical lid for the camera to disable it. Why even take that chance.
I happen to have (collecting dust somewhere...) one of those old Firewire webcams Apple made. It has a physical shutter you can open and close by rotating the front. It's about as beautiful and elegant as it gets.
If Apple still cared about beautiful and elegant products, it could surely find a way to incorporate a miniaturized version of that in a Macbook.
I trust you absolutely and toally on this. Why wouldn't I?
But if you had your entire net worth riding on it, would you trust yourself to be infallibly correct or would you trust something along the lines of a post-it note to be completely sure? You know, if your life depended on it on every single possible model of apple laptop in all circumstances imaginable? (Do we include if your laptop was interecepted and altered by a hostile agent? Because we know that happens too...)
Devil's advocate: If our threat model includes your laptop being tampered with by an evil maid competent enough to imperceptibly modify the camera LED circuit, couldn't they just install a separate camera elsewhere (maybe in one of the speakers)?
Or they put you to sleep in a way where you have no memory and place the bug inside your body. You can go on like that forever. So leave your doors unlocked because you can't ever be 'safe' right? Obviously not.
There's a scale from dead easy to more difficult to very dificult. Easier to get you is a bigger problem. Cheap & easy to prevent - well why wouldn't you? It's asymetric.
Wouldn't you feel hilariously stupid if someone modified your camera circuit when interecepting your laptop and you actually didn't stick a post-it over it to thwart their dastardly plans.
The point here is making the kind of claims made about LEDs and camera circuits is really, really easy when telling other people what is not a risk. When you carry that risk - ie "all possible models and other threat vectors" suddenly you should not be so sure anymore. A physical cover is better, easier, cheaper and basically infallible for what it is advertised to do. Asymetric payoffs are worth noting. A genunine plausible risk scenarios are all you need to take a /trivial/ mitigation step.
Apple making trivial mitigation steps harder is really, really, really stupid. In fact, beyond merely stupid, it's unwittignly and incompetently user-hostile. (Unless you think they're design process has been infiltrated by the NSA or something, which I guess is at least possible, but I think it unlikely in the face of utterly incompetent idiocy - which Apple do display from time to time).
Please, share the circuit for the LED. To take a picture, it takes 4ms - a human eye would not even register that LED turning on.
I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
Unless there is an option to send higher voltage to the camera (control the VRM) and increase the current through the LED wear it off quickly for instance. The statement is incredible condescending, esp. given no link to actual schematics.
In the past, this was exactly how it was done. Here's an article on the FBI doing it with an Apple webcam six years ago [0].
Should be noted that was after Apple went to the effort of making a hardware delay to try and force the LED to turn on first, but it was still worked around.
It doesn't have to be milliseconds. Most of people don't sit and stare on the camera all day. I have multiple displays and turning camera for a second when I am looking at another display - or even the laptop one but concentrating on something on the screen, especially the lower part - would slip my attention very easily. Or I might notice something off with peripheral sight, but it is very inexact and while I turn my head to bring it into the field of sight where I have a good resolution, it could be already gone. Of course, the cover has none of these problems. If it's covered, then it's covered.
You mean current, right? And it'd have current limit circuit, at a resistor but likely a slow start circuit entirely? Unless you share the schematics, it's an empty argument.
This used to be a thing, where you’d flash the LED briefly and hope the user didn’t notice. But new Macs prevent this by having a minimum duration the light will remain on.
FWIW I tried using the command line utility isightcapture on my 2019 macbook, and the LED turned on for 4-5 seconds and I got a dialog asking if I wanted to allow access to the camera. So this seems to be true.
I still have a camera cover though
> You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
You make multiple assumptions here
1) You assume that the during the time that passes between the LED breaking and the user noticing, there was not a single attack or a single blunder that caused the camera to turn on and record/capture something that was unintended.
2) You assume that the LED breaks deterministically. The LED can break randomly. Maybe it lights up when nothing is being recorded resulting in a false positive. The user has no way of differentiating between a false positive and a true positive which can result in unintended captures.
3) Similarly the LED can break in a way where it sometimes doesn't light up when something is being recorded even though power is always sent to the LED when the camera is on resulting in a false negative. Again, the user has no idea of differentiating between a false negative and a true negative.
> If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
In order to accept this argument I need to trust that you, an internet rando I know nothing about, are telling the truth AND that it'll remain so for any future Apple models. I think no matter how confident you're in your assessment of the current Apple hardware, you can't in good faith argue that they will not change course in the future for whatever reason.
Also, again, they already messed it up once in the past. It won't be hard to imagine that they will do it again some time in the future or already doing so.
This is admittedly a bit of a movie plot threat, but could an evil maid attack rewire this, then later malware takes advantage of the rewiring?
IMHO layers of security are good.
On my end I worry about the risks of constantly just leaving my Mac, which has filevault enabled, simply protected by a screensaver. Is that less secure than if I put it to sleep? And presumably turning it off completely is safest?
How do I make informed choices about how much "locking" to do when I step away?
These are all things I think about reading an article like this, and I'd love to hear other's thoughts.
Yet Dell and some other laptop manufacturers started to include a physical privacy slider right in the hardware. Considering Apple stance on privacy, I hope they consider this at some point.
I think the third point is especially strong argument for having the cover. It gives you a second physical layer of security rather than possibly a button you might automatically click away and it gives you the opportunity to join the call first and then decide to actually share (e.g. if the setting is more formal than expected or if the other side isn’t sharing).
Relying on the light going on after the fact is a much weaker protection, the user may have opted in to always letting an app use a camera and between the 15 or so UIs that the conference apps have the user might miss that it actually turns the camera on unless the button is clicked.
Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
> Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
That doesn’t help for the attack that many people are using here, which is if the software on your machine is compromised.
I didn’t refer to that concern, that’s a different discussion - in a corporate setting the policies might help avoid that by limiting what can be installed.
where they don’t help is accidentally activating the camera and only realizing afterwards. That’s a UX issue with so many different video conference technologies that all behave slightly differently.
I had to switch on my camera for a video call for the first time yesterday. (I can usually get around it and do audio only)
Removed the piece of electrical tape I had over the camera to find the image was completely blurry from the glue. Good to know if it ever falls off and I don't have tape to replace immediately.
Many high-end camera stores sell Gaffers tape. It is used extensively in the film industry exactly because it almost always leaves no residue. And what it does leave (in my experience) comes off very easily.
Our company's video conferencing software has multiple "modes" for a conference call, which the moderator could configure. Hardly anyone ever changed the mode, but at one point while trying to configure something unrelated I ended up switching modes in the middle of the conference call. To my horror the software immediately turned on everyone's camera.
Luckily the strain of streaming 40 video feeds to everyone 40 participants pretty much locked up the call, but for a brief moment I was able to enable approximately 40 cameras from people who were just sitting in their houses, who knows how dressed or what was going on behind them (I tried not to look).
I'm pretty sure we can apply Hanlon's Razor here and assume it was just an innocent bug: it's not hard to see how joe programmer might have overlooked the default settings when the mode is changed during some completely unrelated refactor. But whatever the case, as long as video conferencing remains lucrative vendors will continue to pack features into the software, and as long as they keep adding features, they will continue to create additional edge cases to trigger these incidents.
> First, you have to trust Apple that the indicator _really_ can't be disabled.
I'm not disagreeing with your other points nor am I saying that this isn't the case nor am I a fan of any apple products... However designed circuits to implement such functionality is quite common.
I wonder if the TrueTone sensor (which is most likely similar to a 1-pixel "camera") can be used to determine if the user is near the laptop, then only turn the camera on when you think they're not paying attention.
This one is one of the most solid points. Remember Tim Apple saying "When we work on making our devices accessible by the blind, I don't consider the bloody ROI."?
Not to mention the CIA had an exploit for Samsung TVs that recorded audio even when the TV seems to be turned off[1]. It is better to have peace of mind by blocking the camera physically.
> Kenneth White, a security researcher and cryptographer, told The Intercept that smart TVs are a "historically pretty easy target," and that there is "zero chance" that the CIA targeted only Samsung.
I agree, the official statement is comparing pears and apples. A led gives you no control.
The real alternative to a cover would be a physical on/off button next to the camera which would physically connect/disconnect the camera behind the hood.
I also thought about another point recently. Many companies hand out Apple laptops with pre-installed software to their employees. It's not entirely unrealistic to imagine that some of the pre-installed software is intended to spy on the employees to make sure they don't use company hardware to do anything weird and takes screenshots and camera shots occasionally.
In this kind of situations you'll see the LED and you'll know what's happening and you'd much prefer to have a physical cover on your webcam.
Any points like "but the LED is directly fed from the power line" are moot.
(1) With a mechanical shutter, the state of blocking can be trivially and reliably inspected. With electrical control, this is not the case.
(2) A mechanical shutter works by making it physically impossible for the camera to see anything, while powered or not. With any electrical control, this is nit the case.
So, either you use a mechanical shutter, or all bets are off.
You have to use some operating system at the end of the day, and vulnerabilities can impact any of them. You might as well trust Apple as much as the next company, since all of them are liable for millions of lines of code, and it's likely they all presently have undiscovered vulnerabilities.
Not sure what you are asking? As far as I can tell, hackers hack like fish swim. We just do. For a multitude of reasons.
For many people, me included, if you wanted to give me a bunch of money to do something and I bit, not that I would nowadays, that could actually lead to a loss of motivation.
As for vulnerabilities, many open source projects responds to them much quicker that industry. Say for pride in their work. as one motivation.
Pride can be fleeting. There's certainly advantages and disadvantages to depending on security patches from a paid organization and from volunteers. Regardless of which OS you use, you will need one that regularly patches its vulnerabilities.
They trust the physics, simplicity and verifiability of a cover more than they trust the invulnerability of Apple's black-box software & hardware implementation.
there are ways to get over other forms of trust, for example: use being pseudoanonymous. There is no way around video, unless you happen to wear a mask.
I used to work at Discord. There's a reason virtually every Trust and Safety (the division that handles online harassment cases) Associate has a physical covering over their webcam.
Regardless of how bad actors are accessing these photos, its eminently obvious that people are getting webcam photos of them taken without their knowledge.
I was very skeptical of the camera covers, but then through conversations with some of my co-workers, I realized that they weren't being used because people were worried about spies secretly turning on the camera. It was 90% of the time just peace of mind that their camera was actually off, instead of having to find the sometimes hard to see options in video chat programs etc.
Exactly this. I use one for these reasons, in descending order of practical concern:
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
>Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Not to mention apps that do it "right" like Hangouts that enable the camera for you to preview your video feed before you're actually live. Could be pretty confusing/concerning for someone who isn't used to an app (and when it broadcasts you or not) and sees the light come on. A cover takes that whole thought worry-pitfall out of the possibilities.
Tape? I bought 10 little plastic sliding cover things on Ali Express for <£2. Unless you're on a 100% China boycott (which I assume wouldn't permit a MacBook anyway) I don't see a reason not to use them. They're fine, permanent, had for 3 years and not fallen off or anything.
Same on all counts, though I went a step further and wired in a microminiature slide switch to completely power off the camera. That way applications see "no camera" unless I go out of my way to power it on. I painted the "on" side of the switch in retroreflective paint so I can see when it's on at a glance too, whether the camera is in use or not. This was on a thinkpad though, I doubt macos would tolerate a disappearing camera.
It totally does, internally the camera is just connected over USB. (I can tell you it copes with a disappearing camera because mine disappeared a while ago and never came back)
Sadly no pictures of the insides. I'll give you a description though. I cut a trace on the camera module (should have cut the cable instead on second thought) and soldered in two bits of enamel wire that go to a slide switch. Clipped a little bit of plastic off the lid so the switch was accessible, blind-drilled two tiny holes in the lid for the alignment pegs of the switch to go into, and glued it in place. I then did the painting with a very fine brush under a microscope. The wires are routed around the camera module and the switch is to the left of the camera, in order not to interfere with the little LED on the right of the camera that illuminates the work area. The outside looks like this (I didn't bother cleaning up the cut-off plastic edge): https://imgur.com/a/UpB1dJn
I've actually been on calls when the person did not want to show their webcam (and I had never seen them face to face) and did not notice they were showing their webcam due to having several screens.
I don't trust their implementation of a hardware link that is both reliable and truly un-exposed to software because I don't have the expertise or time to interpret their implementation, and even if I did, I don't trust that nothing about it will become vulnerable in any MacBook model going forward into the future. I don't think point 3 is moot in any practical sense.
The only way to physically get electricity to the camera unit, to be able to get any data from it is to pass that electricity through the indicator LED.
Multiple teardowns have confirmed that it's a hardware path that software cannot modify.
Right, so as time progresses news comes out about said hardware being hacked. I think you've validated his point. 5 years from now we will see how today's cameras have been hacked.
This was a known weakness back then, not some amazing breakthrough, and unless the vendors are actively lying about the hardware there's no way for someone to “hack” the power connection without a soldering iron.
This should really be the standard for laptop webcams. The T480 webcam cover is flush with the bezel and you barely even notice it because it's so subtle. One of my favorite features.
Yeah, I have the X1 Carbon and there is nothing that is ever going to make me as comfortable as a little piece of plastic that sldies in front of the lens of the camera.
Current cheap ones have them- my daughter has one for college. She had to use it for remote college for the pandemic- but it was the first time we used the webcam on that computer. We used an external webcam a few times because we thought the internal one was broken, but the door was just closed...
Support for this kind of thing is entirely voluntary. You can short the mic pin to ground (or connect an external mic), and it will disable the onboard mic by default because that's what is expected, but there's nothing physically stopping the audio controller from reading from the onboard mic anyway.
No it's not. It's meant for any port, but this model has it's own port so you don't need to keep plugging and unplugging it. You can leave it in and daisy chain by plugging your headset or speaker into it rather than directly.
I quite often accidentally turn on the camera without intending (usually because an app automatically turns it on) to. Having a cover prevents me from being embarrassed by an unexpected exposure.
I've always used a sticker (black dot-shaped) or a piece of post-it note. Post-it is really convenient but it's ugly.
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
The UI pattern of a button with a crossed-out camera/mic always makes me think twice: is it a status indication that my camera is off, or is the button's action to turn off my camera (meaning my camera is on)?
I cover my camera to avoid that 5s mental dance at the start of every meeting.
Yeah, I started using to LARP, but it's actually huge for peace of mind. When I'm in meetings and I want to make sure that nobody can see make butt naked, I place the webcam cover. The person caught peeing on a zoom VC[1] would never have happened with a webcam cover.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
I have the same with my headset. It has a physical mute button for the microphone, which I engage as soon as I'm done talking in Teams or similar. It's a dumb switch, so instant and with no annoying woman telling me I muted. Being a dumb switch it's also tactile, so I can tell by feel if I'm muted or not.
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
The Huawei Mate book X Pro has a key on the keyboard that when pressed flicks up a camera. When it is down it shows a black hole inside the keyboard. When it is up it shows a great angle directly up your nose and typing when in a video call shows your hands really clearly. But it is still an interesting way to do it.
On my work laptop, my employer could conceivably turn the camera on to monitor me in some way. I don't think they would, but still I put tape over the camera because I don't want them to be able to do that.
I never really understood the point of camera covers.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
Now I'm old enough that there's money in the bank accounts I access online, and I can afford a home big enough that the room I use my computer in isn't the room I get dressed in and have sex in, absolutely.
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Per OPs comment - it isn’t about a compromised system for me at all at least. If I’m in a video conference at 6am in my pjs I’m just a button click away from everybody seeing me. Camera cover let’s me know I can’t accidentally do this (and it has saved me on multiple occasions).
None of the proposed solutions do anything to actually stop the camera from taking a picture of you. Sure, you'll see the indicator light up for 3 seconds. But the attacker still got what they needed.
Camera covers have nothing to do with identifying compromise. They are strictly for preventing compromise. This is exactly opposite what a camera indicator light does, and thus the indicator should not be considered a "workaround" for not being able to install a camera cover.
Newer Thinkpads are the only laptops I've seen which bring their own camera shutters. Thinking how often you see people putting tape over their camera, it's quite astonishing build in shutters aren't more common. It's a tiny piece of plastic, costing nothing.
Now what I want is a hardware microphone switch, where the off state actually connects to a noise generator.
This could be solved in software at the OS-level with a permission dialog that popped up every time the camera was asked to be activated (as opposed to an ongoing website permission). Which would be overly annoying for most, but appreciated by a privacy-conscious minority.
But unless Apple ever did that (doubtful), once you see the green light it's already too late.
It does make me wonder if something like that could ever be done with a kernel extension or similar?
Personally I think a hardware switch that disabled the mic and camera is the best route. Engineers would have to be honest in actually connecting the switch directly to the camera rather than resorting to some firmware tom-foolery. Then you could wire the indicator to the switch as a visual reminder that your camera is attached to your PC.
The HP Spectre x360 line has had physical kill switches to the camera for some time now. I think since the 2018 version. Still waiting for the microphone switch though.
But only one switch for both camera and mic; I am sitting right in front of one. Better than nothing but not always what you want. Same for for bluetooth and wireless which I find even more unpractical.
It would be annoying as hell. I find annoying having to open the settings to grant the camera permission, if every time I have to make a call I have to give permission to the camera, no way.
Apart from that, I would be absolutely amazed if there isn't at least one failure mode of the led itself that allows the camera to turn on despite no light being emitted. Probably too rare for most people to worry about, but still.
I really get why people want a cover, and I think Apple are being a bit disingenuous trying to convince people they don't need one.
It's fine they warn about the danger of cracking the screen, but that entire "we protect your privacy spiel" was rather terrible, and also quite misleading as you so clearly pointed out!
This seems like a pretty mild warning for folks who might stick a bulky cover on their camera and press down / pack their laptop tightly and now have wedged part of the screen open with the cover.
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
> I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
My wife uses a tiny speck of Blu Tak. It’s soft so just gets squashed flat when the lid closes and it’s designed to be infinitely reusable and come off things without leaving a mark. She just pulls it off and sticks it a few cm to the side of the camera when she wants to use it. She’s been doing it for 3+ years (same piece) and it’s genius.
I’ve got some a lot older than that that’s still sticky. I have no idea what wizardry it’s made of but it’s incredible stuff. Probably involves actual magic (aka Materials Science, the closest thing we have to real magic). I use it every day to hold wires in place while soldering, or temporarily positioning components to decide on layouts, etc etc.
It does not have to be a bulky cover. I used an extremely low profile webcam cover on my 2015 MBP for 3 years. I put a similar one on my 16" MBP, and it destroyed the screen after a couple weeks.
Specifically, this is the webcam cover I was using:
I've been using this exact same cover on 3 different MBPs (yes I use 3 MBPs simultaneously, a 2016 13", a 2019 13", and 2019 15") for almost a year and haven't noticed anything even remotely close to it damaging the screen on any of them.
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
I used this on the 2016 for years, but even though it's incredibly thin, it is too thick for the 2020. Would love to find a replacement if anyone has a suggestion.
I've been using the same tiny square of black electrical tape for nearly 2 years without issue, just slides across when needed, the tackiness hasn't noticeably degraded in that time, it's barely noticeable to outsiders unless they really look for it and it hasn't let me down yet. When it does let me down, it basically zero cost to replace and it definitely won't crack my screen either :)
Ahh, thanks for the link. The webcam covers I'd seen in the past were just removable plastic stickers, and I was having a hard time visualizing what counts as "thin".
One of the photos shows them be about as thick as a credit card.
But it's also a sign about Apple not doing a good wrt. making their premium products robust.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS:
Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera
to switch off the indicator without stopping using the camera...
>Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
I consider the piece of tape over my laptop camera like face masks. It may not be perfect nor pretty, but it's damn effective, and I feel better having it on.
For the whole damage from using a camera cover thing, I simply bought as low a profile one as I could find and used a few small felt pads in the top 2 screen corners and next to the camera just outside the width of where the touch pad is (keeps pressure off the pad so the sensor doesn't crack).
I had a laptop that just was a pain to pick at with your fingers to open... I just shoved a bunch of paper in there for a while before I went with your solution, some little rubber clear grippy pads in the corners to get it to stand away from the body just a bit.
I use 3M blue multi-surface masking tape on all my devices. I've had a piece on my surface laptop screen for several months now and it is still leaving no residue after removal. I also like to cover the microphone cutouts if feasible (these are directly adjacent the webcam on my laptop).
This happened to me. Twice. I bought a 16" mbp when it was released because the keyboard of the previous mbp gave me carpal tunnel. I immediately added a camera cover like I always had done on macs. My screen stopped working a few days later, but mbp still worked on my external monitor. I took it in and they replaced the display for free via applecare.
Once I got my mbp back, I added the camera cover again (stupidly). The next day I opened my mbp, and had a line down the center of my screen. That is when I realized what had happened. I then told Apple exactly what I think happened. And to their credit, the replaced it (again) for free.
Over the next weeks, I received 3 different calls from Apple staff, with seemingly increased responsibilities. They all asked detailed questions investigating what I thought happened and in what sequence.
We had to issue an internal notice to our 16" recipients after the first cases started coming in a few months ago. The second most common damage is pressure from pinching the screen to the bottom case during a one-handed pickup. A good squeeze walking between meetings is enough to crack it.
The latest MBPs are exceedingly fragile, can't run two displays from separate TB controllers without throttling, and have had more DOA batteries than any series I've ever encountered to date. This isn't even getting into other models.
How powerless is their QA that they'd let Operations dictate design unchecked? It feels like externalising their expenses taken a leap too far.
My company provides a ~1.2mm thick plastic cover with a little slider inside. I didn't even trust it enough to be used on a thinkpad, much less a macbook
What I do now is either ripping off a small piece of the sticky top of sticky notes (keep the remainder for later reuse) or a piece of washi tape.
Yeah looking at the thickness of most camera covers, I always thought "hmm this might damage the display if I close it". Well looks like this support article proves my point. I always used sticky notes or other stuff. Now thought I've got a standalone webcam that can tilt up and down so I just tilt up so it's facing my ceiling.
I look forward to getting extorted by hackers threatening to tell the world what my ceiling looks like.
You mean the small plastic strips? I mix 3 colors on top of each other and snip off the non-adhesive end. Works great, even looks ok, with minimal raised surface.
If you're going to cover it, use a sticker, like the EFF stickers here[0]. They're reusable, so you can move it to the side for meetings. I used a hard plastic MongoDB-branded sliding camera cover on a couple laptops[1], and its presence appears to have contributed to backlight bleed like this[2].
Came here to say this. Have been using the EFF stickers for years and everyone always asks about them vs the kludgey plastic ones everyone wedges in there that Apple is making note of. I've used them in the past on my phones as well, but given the advent of multiple front facing cameras this has become more of a pain. I purchased some of this sticker material a while ago with the intent to try and laser cut some specific designs. This was a good reminder!
That's the part that I was struggling to figure out. I ended up purchasing some reusable vinyl window stick material from a hobby shop, but have yet to test it.
I've used the same EFF sticker for about 5 years now. They are great and whenever it stops sticking, I just rinse it off under warm water and let it dry. Good as new again.
The glue used for those varies, so you may end up with sticky glue on your webcam after removing the sticker (maybe that's good though if it falls off by accident)
Apple is completely missing the point. Primary reason to cover cameras is to avoid anything being recorded by accident, not just to stop hackers RATing you. Now with everyone working remote this has become even more important as it's super easy to get into the video conference with wrong settings and end up in an embarrassing situation. Activity LED doesn't help with this, when you see it damage is already done and Youtube is full of zoom bloopers to prove this. Of course, preventing hackers accessing your camera is just an extra feature. So I'll keep my cover on regardless what Apple says. I use just a piece of regular paper so it's not entirely blocking the light, light sensors work just fine, and also it's very thin so laptop shuts down normally without any problems.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on.
Has anyone torn down the hardware and verified this lately?
It should not be a complicated feature at all. Just ensure you have the same voltage applied to your LED circuit as your camera circuit, and enforce that by having them on the same wire...
Important distinction. If your microphone is compromised, your web cam might be triggered to turn on just long enough to take a photo, or the camera could turn on only when the mic is quiet and there are indications the person is not engaged with the computer.
Note that this is not only about security. Sometimes a user simply makes a mistake, or have an app configured the wrong way, and accidentally turn on their cameras without intending to. Nothing has been compromised, everything is secure, but they still suffered an unexpected exposure. A camera cover will prevent many of these situations.
Should be a tiny mechanical device in addition to the light and it should only unlock with touch id. Same for microphone. Honestly, I want the same thing for phones too. The ease by which we are monitored is too damn high.
Yeah, light can turn on when one is looking away from the computer or sleeping and could potentially be spied on. A cover is a non spying guarantee, at least the visual part, spies can listen on the mic though
I’m not an electrical engineer so forgive me if this is a dumb question. Is it possible to wire it in such a way where the power actually travels through the LED, so if the LED ever stopped functioning or lost connection the webcam would literally receive no power?
Yes it's possible, as LEDs are indeed diodes, but done naively it would be a very bright LED, and it would tend to flicker as the current draw from the camera varies. It would be a hassle in general.
The LED could still always fail short, and then you're back to having a broken indicator again.
It's not that simple, what voltage and current need to held on that wire to light the LED and the camera? It's not uncommmon to find a situation where a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports. It's non-trivial to prove this is or isn't happening.
No, I think it is that simple. The camera module likely needs either 3.3v or 5v. The LED can also be powered at either 3.3 or 5v by simply using a series resistor. You just hook the camera and LED to the supply in parallel.
> a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports.
What does this mean? The data lines of camera modules are generally differential pair, and it is highly unlikely that significant power is being drawn from them.
All I'm saying is that I have literally worked with systems that have drawn power over differential pairs and it's fucked with our power measurements. So don't rule it out.
They also claim that if you add a (MFI-compliant) case to the iPad, and close it, that this similarly disconnects the microphone. The simplest mechanism to do this sounds complicated enough that it reduces my confidence in the mechanism. The point of half the comments in this thread is that a hardware interlock mechanism needs to be dead simple. This sounds like a step in the wrong direction.
I believe the one for iPad is a bit confusing, as I think it has software invoked. Namely, when a case closes and iPad goes to sleep I think the OS tells the hardware to physically disconnect. (You’ll notice the wording is a bit different for Macs.)
The whole point of this thread is that Apple is telling us to not rely on dead simple devices (camera covers, tape, etc.), and instead to trust their internal mechanism that they claim can't be beat. If people take them at face value, but the mechanism is in fact complex enough to admit an exploitable vulnerability, that's a net loss of security, and is a step in the wrong direction.
But you are talking about microphones which you cannot simply cover.
I admit, muffling them is better than nothing – but in the case of microphones Apple doesn’t even advise you not to cover them.
Either way, this is just an effect of common covers seemingly breaking screens. Which sucks. However, depending on your risk profile the re-assurance of a hardware solution that lights up the LED might be plenty for you.
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
I'm not sure I follow. If the LED burns out you're implying the camera would no longer work? I imagine they'd replace the whole camera module. I saw one for an older model on ifixit for $30. I'd probably try and snag one scrap. I'm not sure how often it comes up.
If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances.
Doesn't this sound like an engineering oversight and not a user error? Why are camera covers not just part of the design? My phone camera physically retracts when not in use.
> Why are camera covers not just part of the design?
I guess Apple are going to say that they'd rather focus on the security of the OS and computer to prevent unauthorised software from being able to access the camera than on a mostly cosmetic doodad.
Above in the thread it has been noted that camera covers are not only about security. But also about preventing accidental exposure, e.g. when you accidentally click the wrong button in a meeting app, or if your app is misconfigured to start with the camera on, forget to close an app, etc. Camera covers helps prevent you from these potential embarrassments.
I use curtains, but only to isolate the light in the morning.
This is a tech forum. I'm much more embarrassed not being able to use Zoom for the first time, rather than a distributed team see me laying on a couch for a brief moment.
What? Why are you saying this? What does this have to do with anything? Are you just tying to be right or something? Are you trying to win an argument? Like why do you even care about my own sense of embarrassment? Why should I care if you personally don’t feel embarrassed in situations where I might? What are you trying to proof? Who are you trying to be?
A simple built-in camera cover is not a cosmetic doodad. And physical covers cannot be remotely hacked, unlike the active camera light which has been overridden multiple times.
If we're talking about focusing on security, then the choice should be clear.
The other comment says there are dozens in this thread...I haven't seen anything specific mentioned. But, I remember reading something a year or two ago[1] that's not solidly sourced (it'd be great if Apple posted something on their website like they did about microphones [2])
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
"You know the camera was on" is not the same as "the camera can't see anything because the cover was on", the same way as notifying the user of a security failure is not the same as preventing it in the first place.
Reminds me of the whole "you're holding it wrong" antenna event. Where Apple's design failed and they tried to blame it on the users.
The desired user experience is peace of mind from a physical barrier; no amount of LED bulb hidden behind the flush surface is going to solve for that.
It's also like the keyboard keys. User experience has taken a back seat to Apple's product design goals as they pertain to their bottom line. Products users love are expensive to build and maintain, so Apple won't make them. When you can't grow profits selling more devices, you start to cut corners on the ones you _are_ selling.
Design covers user experience, and user experience includes people feeling safe and trusting their product. I think this goes rather as different prioritising. So it is a matter of product management, not design. Not that I agree with this camera choice, but Apple has been pretty successful with their strategy so far of simplifying to the extreme - removing ports and options, so I don't see them changing course much.
People forget because you have to train yourself to remember, and outside of intelligence agency personnel, no one is doing that.
Camera covers are just another example of security for show. Having a camera cover on a pc without a hard wired camera indicator like Macs have means you will never know how many of those times you were filmed after forgetting to slide your camera cover over.
People forget because you have to train yourself to remember, and outside of intelligence agency personnel, no one is doing that
I'm sorry, do you mean to say that only intelligence agency personnel are capable of remembering a simple habit such as sliding a camera cover? Not too long ago we were all using flip phones, many with extendable antennas, and no one was having trouble remembering to flip open their phone and extend the antenna before using it.
And as the sister comment said, no one suggested removing the LED indicator.
Your argument to not having a cover is that some people will occasionally forget to use it. That's preposterous, and I can't imagine applying that argument with a straight face to something like seatbelts or gun safety mechanisms.
> The LED indicator is all you need as long as its hardwired like Apple's is.
An LED indicator does nothing to stop someone from snooping.
A camera cover does nothing to stop snooping, because it’s unlikely to be used. You have four calls a day, are you always going to remember to close that cover? People also have to train themselves to wear seatbelts, but it’s the law so it made that easier.
A LED indicator makes snooping obvious, exposing them immediately. Someone snooping your spy camera needs to record hours upon hours of recording to find anything they can use to blackmail you with.
A camera cover does nothing to stop snooping, because it’s unlikely to be used.
You still haven't switched tactics despite me demonstrating how it's an invalid argument. Not only do you have zero data to support this conjecture, but he camera cover is not there for the people who don't use it. It's there for the people who do use it.
It was a long time before seatbelts were legally mandated. That didn't stop the safety-conscious folk from wanting and using them.
I have friends now who never wear their seatbelt. Two years ago my oldest friend whom I've known since I was five was killed in an accident because he forgot to wear his seatbelt. Is the answer to take seatbelts back out because some people won't use them? Of course not. The answer is more seatbelt awareness campaigns from auto manufacturers.
The LED indicator is a bit like police, who respond to burglaries after they've happened, while a camera cover is the deadbolt which prevents the crime in the first place. Do you leave your house unlocked at night, too?
You clearly are arguing for argument's sake, and have no interest in actually considering what I am saying, just repeating the same tired points over and over again. I'm done here.
I don't think anyone suggested removing the LED camera indicator if a camera cover is added. They serve different functions, even though there is an intersection. The camera LED indicates whether the camera is powered on or off, when the LED functions correctly. The cover guarantees that the camera cannot capture video when closed.
The LED is an instant indicator of being hacked, well before they can collect anything embarrassing. Unless you are a 24/7 nudist with a privacy fetish.
Yes, and what is a short term mitigation technique if the camera is hacked? Covering it with something so that you can work with the computer until it is secure again without video being recorded.
Per the other sub-thread, the light and cover has different functions, and one cannot replicate the other. Depending on your needs, you might want the light and/or the cover.
Don't put keys on your car, because people forget their keys.
You can't use the fact that some people are not using something properly to say something does not make sense.
It's a bit unfair to say that a single moving part is "a lot more moving parts". I can almost guarantee you that my phone will outlive its usefulness before the camera stops working based on current market trends.
Regardless, it's a feature I wanted and the engineering team catered to this desire, so I don't see how this is an oversight. Engineering is about trade-offs.
I'd rather not have something so needless as an edge to edge screen, and thus not worry about the notch at all. I really don't see the value proposition of an edge-to-edge screen being that significant.
That's fine if the value proposition is not right for you, and that's why we have such a breadth of phones available today. One person's aesthetic preferences are not always the only way to do things. I think the only thing we should all be able to agree upon is that rounded screen edges make it extremely difficult to design a good phone case which protects from all angles.
> and that's why we have such a breadth of phones available today
We really don't. Apple came up with the notch, everyone copies it and obsesses about edge-to-edge display, managing to implement it to very varying degrees of success.
> I think the only thing we should all be able to agree upon is that rounded screen edges make it extremely difficult to design a good phone case which protects from all angles.
I forget which phone I had with a display that went to the vertical edges, which were curved slightly. Damn thing was almost impossible to hold without it thinking I was trying to actually touch the screen on the edge. The best case I could find stopped that from happening, with a slight trade-off that I couldn't touch anything right on the edge of the screen (very rarely ever needed that)
We have dozens of flagship models, and hundreds of models in use today.
The notch is a pretty stupid design decision and I'm not obsessing over it. I have this phone now because I went through four Google Pixels this year just trying to get one that wasn't defected out of the box. My current phone was a cheap sub-$400 flagship model with support from Paranoid Android meaning it has a much extended lifespan. It's not because I obsessed over an edge to edge display.
I didn't know about the touch-sensitive issue bc I've never purchased a phone with rounded screen edges. That sounds very frustrating.
I am convinced they were ordered at some point to include cameras. They definitely drive up the cost of laptops, especially earlier on when webcams were more expensive. There were so few practical uses in the early days and so few people actually use them today that I am surprised few laptop manufacturers don't allow for security.
I do calls with client teams multiple times per week. Developers, ops, project managers, etc. I would peg the number at 5%. I say 5% because on one recent call with 20 people there was one person using a camera.
Additional of all the people I know - friends, family, parents, children, etc., only one of those people use the camera on their laptop. Some use facetime on their phone. But even for the mac users, it's a complete rarity.
Unfortunately, they're not even as good as phone front cameras because laptop screens are so thin. So people who do a lot of video chatting typically set up an external webcam or even a real camera in video mode.
The camera quality is pretty obvious just by making Webex calls on a laptop. I don’t actually know if getting extra equipment is popular, just seen howto articles recently on dpreview.
Fujifilm and Canon have added webcam support to their DSLRs though, which is interesting.
I've never understood physical covers, then again I am never in a compromising position in front of my laptop.
Any malware that can take pictures can record keystrokes. I want no cover so I can see the activity light because knowing the webcam is on is more important than it being on.
The (pennsylvania?) school district webcam spying scandal got kicked off because a boy noticed his webcam light coming on. If it had been covered would he have noticed?
No, the school district wouldn't have had pictures of him, but they still would have screengrabs, audio, and keystrokes and he likely never would have noticed.
Take all of the pictures of my double chin that you want.
I want to know that my webcam is coming on without my authorization so I can root out the spyware that is keylogging.
Passwords > Pics
If you're the type whose life will be ruined by pictures taken by your webcam, by all means cover it up. I'm too old and hairy to be blackmailed with nudie pics.
Having my passwords leak would seriously cramp my style, though.
And no, nobody is going to waste a zero-day that can reprogram a webcam controller to disable the light (if possible and often it is not) on a nudie-pics malware. They are going to use it to make actual money.
I don't understand why people have window curtains and close them at night. If you have them closed then you can't see the person spying on you outside. Door locks are more important.
This is what you sound like. The things can be used in conjunction with one another. It is not an or scenario, you can have both. You can also have covers which don't cover the indicator. You use different deterrent mechanisms for different threats. It is as simple as that.
I live in Los Angeles. If there's bright lights outside, it means the guy down the street is being an asshole again (he keeps rearranging his outdoor sensor light to point out at different parts of the street) or someone kicked a neighbor's garden lights (why do people even have these?)
Except to use your metaphor, software control of a webcam is like closing the blinds and putting a physical cover over the lens is like covering a window in aluminum foil in addition to closing the blinds.
For me it's not about blackmail, it's about making sure the camera isn't accidentality enabled unexpectedly during a meeting.
The worst that would happen is I'd look kinda unprofessional slurping up some noodles, but having the camera covered allows me to be confident I'm not presenting unless I intend to.
We've been 100% Microsoft Teams since March so I'd say that in several hundred calls and conferences since then I've never activated the webcam without intent.
It doesn’t matter how often this happens, it matters that it can happen. It is much nicer to have a cover and not worry, then to always remember “did I remember to deactivate the camera?”
People are suggesting just using tape, but the issue is when you want to un-cover it frequently (which is probably more common now than a few months ago). For a couple dollars you can get a thin, nice-looking little plastic cover that you can actually slide out of the way when you need to use it. Most of these are thin enough not to be a problem, but they vary, and even the really thin ones usually don't quite let your Macbook close all the way, potentially putting pressure on a narrow point.
TBH the thing I’ve noticed is just how fast people stopped turning cameras on during Webex.
Before the nearly everyone at my company what was WFH or was joining from their laptop rather than a video conferencing room had their camera on.
Within like a week of the lockdown people stopped and I can imagine why you stopped dressing, stopped shaving heck I can hear bedsheets on some of the calls I attend.
That's some pretty broad-strokes-painting. I'm still on a video call every week, and I'm not in as many meetings as most of my coworkers. I'm also in two separate weekly online roleplaying game groups and we use cameras for those because it's much less fun without the added expressiveness.
That's definitely a "YMMV" situation. There are a few people at my org who always have their cameras off, and occasionally I'll keep mine off as well, but in the meetings I'm in, 80% of people have their cameras on.
That might vary by team. My team/org still uses cameras a lot as it makes it easier to empathize and be empathized with. Especially if we're trying to be persuasive, a human face is easier to emotionally connect with than a voice.
We had specific guidance to not have cameras on because of the bandwidth load on the VPN. For cost reasons, they've also turned off access from the 800 number to dial in to meetings.
Something I noticed specifically with webex is that the latency isn't nearly as bad in audio-only mode. Not as good as Mumble or Discord, but you can actually have a decent phone call.
I'd recommend gaffer's tape instead: https://en.wikipedia.org/wiki/Gaffer_tape. It's similar to electrical tape but it's designed to leave no residue when peeled off.
Tangentially related: I have an HP notebook that has a physical webcam switch near the USB ports and microSD slot. This switch is not wired to the webcam in any way. It's a USB HID device. You need to install software drivers to make that switch function as a control of the webcam. That is insane.
Looking at the comments here, I guess I'm the only one who finds sadness that Apple even has to publish this document.
Some of those novelty and promotional camera covers are really quite thick. And it just seems like common sense to me that you wouldn't close a laptop with one of those things on. Just like I wouldn't close my laptop with a pen or a ham sandwich tucked into it.
But I guess Apple has had enough complaints that they had to issue something. I can only hope that the department that writes these things was shaking its head the whole time.
It's quite similar to the one I've been using on my 2018 15" MBP for the past two years. Can you give more information on the cause of the problem?
Did you close the macbook very firmly and it broke?
I also used one on a 15" MBP (albeit 2015 model) for a long time with no trouble. I don't recall closing the lid particularly hard when it broke, though I may have.
The small leather adhesive dot I use on mine is extremely compressed and dented by the case, and that’s a 2017 MBP, so I’m kind of shocked people are using hard plastic ones at all.
A person I with used to work for the UK’s Atomic Weapons Establishment. Apparently their former employer’s preferred method of disabling the camera on a MacBook was to break the lens using a nail and hammer...
I'll put tape over the camera. Apple can't reasonably provide guarantees about the camera. I have reasonable doubt they can't provide privacy around that camera with the current designs.
This is true even if the indicator light only powers on when the camera is on. That is not enough guarantee.
This is also true even if the indicator stays on for several seconds after the camera was in use. I might not notice that indicator so there is no guarantee from that either.
Even with hardware keys, encryption and everything else, none of it beats a cover over the camera. A sliding or moving physical cover always wins. That is the guarantee. But Apple will not allow or tolerate that. Because they emphasize design over function.
So, close your device with a cover over the camera with a thin piece of tape. Its up to Apple to make that possible without damage.
Any other answer is interesting but not a guarantee. There is always some caveat to the suggestions. But an actual sliding or otherwise physical cover always wins.
Perhaps we might even address the microphone issue...
> "Designed to protect your privacy, Mac notebooks have a camera indicator light to let you know when the camera is on. ... Published Date: July 02, 2020"
I expect you are probably correct, but it doesn't really matter. If you don't want to be filmed, the correct engineering approach is not to have a camera pointed at you 24/7. It is a bit like the gun rule of not pointing a gun at things you don't want to shoot - sure, the trigger should be enough of a control, but accidents happen.
If you spend your entire life with a camera pointed at your face, your face (and activity) will be accidentality filmed by that camera sooner or later. Indicator or otherwise. The indicator light is a good idea but I'm still spiritually on the side of the tape people.
Indeed, I'm a little surprised Apple didn't follow the Thinkpad approach of simply having a sliding piece with an aperture that extremely obviously blocks the camera. Surely Apple can't seriously think their users would be confused by this and complain... I don't think my desktop computer's webcam is likely to get hacked either but I'm still going to unplug it when I'm not using it.
I can see Jony Ive's head exploding: "Sullying my perfect, smooth, invented-new-aluminum-machining-technology-to-make-it-possible masterpiece with some latch?! Why don't you go work for Dell."
It's not irrelevant, it's information that allows any reasonable person to conclude that Apple implemented a solution before and has since decided to exchange that simple and effective failsafe for a marginally thinner product. I can't physically control whether I have a naked camera pointed at me all day but hey, at least my laptop can fit into a manilla envelope, right? Right? Totally worth it.
It’s irrelevant to bring up iSight’s shutter because they are totally different products. It was literally hundreds of times larger than the cameras we’re talking about here; so it makes no sense to expect a shutter on these just because iSight had them more than a decade ago. That’s like saying that a racecar should have folding seats because a minivan might have it and they are both vehicles.
A peace of plastic in front of the camera is really simple to understand and trust - the rest you need to know about tech and trust someone did it correctly.
I'm pretty confident after the 2008 camera exploit they engineered the camera to wire the active light directly to the camera power source, which I think is what you're talking about with #3. #1 and #2 seem kind of irrelevant to me. Unless it manually operated (in that case, why not use a physical switch?) it behaves the same as the green indicator light, relies on #3, and after its turned on it's already capturing.
I wonder, do the ThinkPads with that feature have a thicker lid than Apple laptops? I suspect they be thicker anyway because of the touchscreen, which would then provide a few millimeters more room for a shutter. But I'm completely speculating.
I have a new X1 Carbon, and I don't have a MacBook to compare but I can't imagine needing my laptop to be lighter or thinner. It easily fits into any bag and I can carry it with one hand with no worry.
I will gladly trade a millimeter of thickness for increased functionality. It's the same thing where apple will ruthlessly optimize for thickness to the point where they can't cool the CPUs. They literally prefer form over function, as if the tool I use all day every day is an art piece.
It is the mentality not the thinking. In china no one trust anyone really. Hence security strangely is no 1 priority. Hence the cover is in Lenovo portable, but not apple. You are guilty somehow somewhere and to be checked out, and vice visa.
Like fish said to be the final species to discover water, one mainlander comes to hk and surprise to see us so relax about security. What the law even assume people are innocent until proved otherwise ...
the mentality of hermit in One of the largest population of ... hermits. You just put on your shell.
As now become one of the hermit by force and talked as a hermit, may I suggest they just do it away with the camera. Use a wireless or usb based one. No hacking possible.
Economically (if not ethnically) trust is important as it lower the transaction costs. Chicago school heritage I guess of pre NSO HONG Kong. I switch to my two mac Mini of intel and arm. Unfortunately still have the old 3 cable apple monitor (work well with both 2018 and 2012 MacBook Pro) that have a camera. Guess a cover is ok.
I think you'd have to pay extra to buy a laptop without an integrated camera and microphone, not to mention there likely being no options that are also actually high performance laptops.
Would you notice it if it was one frame every 15 minutes for example?
As for the second point, sure. In theory. If there’s no bugs or vulnerabilities or backdoors
There's a reason Zukerberg's laptop has its mic and camera tapped up. It doesn't matter what device you use unless there's a physical switch to disconnect it'll never be safe. Software can ALWAYS have zero days, just because it hasn't been exploited yet doesn't mean it can't be.
But can't you specifically wire the indicator light to always be lit if the camera has power?
I don't see Apple claiming they've done that but a correct design would make the indicator light work that way and be related to software at all. Meaning you could only disable the indicator light by physically modifying the device.
This has been the case for quite some time (10 years or so). I've torn apart two Macbooks to specifically test this and the LED is enabled when the camera receives power. It's impossible to disable with software.
You can modify the Macbook of course, which is why the paranoid type will still use tape.
Some attacks I've seen will take a photo with the camera as fast as possible so you might not notice, but the light will always turn on.
Oh absolutely, but if I were targeting Zuckerberg this would now be a camera he carries with him and almost always has an available network connection (If I were a billionaire I'd be switching devices near constantly to stave off attacks). You could be carrying around the bug for at least a year if not more.
Your average blackmailer would be better off with the separate camera route (and likely wouldn't be sophisticated enough otherwise) but a state-sponsored attack could probably pull it off.
Not really - there are lots of times when you will not be present with your laptop (think airport security).
It's orders of magnitude easier to get access to a mobile device than to setup a camera in every possible location a target might move to. But they'll helpfully carry the device with them.
even then there probably should be some minimum "flash" time in that if it turns on and off faster than the LED lights up or human eyes can see then it may still take images faster than we can register?
EDIT: a commenter below said
"Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack."
Frankly, by the time the indicator is noticed, it may be too late. Even with the LED wired in place and a 'feature' (capacitor or software?) forcing it to stay lit for 3 seconds, the damage may be done. It does, at least, let you know an attack occurred.
I really think an LED is barking up the wrong tree. A built-in hardware cover would have the same effect as the LED, and no one would have to trust it, since the camera would just be recording the back of the cover if it was hacked in stealth mode.
Ironically for Americans' wariness China, the "pop-up webcam" in Huawei laptops completely resolves the security and trust issue, by providing a physical way to disable the camera.
The attack most people are worried about is your camera being activated while your laptop is open. Huawei's approach seems worse since you can't just apply a cover to it.
Doesn't that require the same kind of trust in the correctness of the wiring that is at issue in some other comments? I can see that a camera cover works, but I think I couldn't see that a physical switch was actually interrupting the wiring without doing a teardown.
If you don't assume the internal wiring is as described I do not think there is a way for you to guarantee the microphone is not recording. It's even less obvious than a camera lens being covered or not, and taping over the "microphone hole" won't actually block receiving sound at all.
I do physically disconnect or cover cameras. My desktop computer has no microphone unless I plug one in. Laptop and phone though? I definitely remember in the aughts that the police could remotely turn your phone into a bug without any user indication at all. To the best of my knowledge the only way to actually be sure you aren't being recorded with your own equipment is to remove power... of course now the batteries are soldered on, totally a coincidence I'm sure.
Boy, wait until you find about what's possible manipulating PCB or processor designs (the Bloomberg fiction piece "The big Hack" illustrates what would be possible with just PCB manipulation). Or firmware or anything else proprietary running with elevated rights (normal ones are already enough to cause a lot of damage on most systems).
Well, what got it declared fiction was "a broad search doesn't turn up good evidence that this has been done", rather than "experts agree this is obviously impossible". So the reaction to the piece did demonstrate something.
Well, I don't mean to fuel your paranoia, but there are materials opaque to the human eye but not necessarily fully opaque to a CMOS sensor, especially one without infrared/UV filters.
It would be quite possible, trivial even, to design a web camera with a nice built-in black camera cover -- which is transparent to the camera.
That does nothing except switching the default audio source to the blocked channel. Any app that can access the default source can access the still working microphone just as well.
There’s apps (it’s also pretty easy to write one yourself like I did) that monitor when the input source is changed and forces it back immediately. Yes, wish that feature was built into the OS, but I also don’t grant almost any app microphone access.
Depends on the laptop hardware in question, just as it does on which smartphone you’re using, as your link indicates.
If your laptop (or iPad, in the case of the latest gen) is an Apple T2 equipped device, this is somewhat relevant (“somewhat” as it’s not directly related to my original reply)
If the microphone is built into the laptop it should have a hardware switch. That still has problems as you note, but it is far better than the current state of affairs for most devices. And it still requires trust in someone (or opening the device yourself).
A better solution would be to have the microphone be physically removable, but even then it could have an internal power source and storage...
I used one of those (same asin) for a while. Cracked my screen just like TFA says. Thankfully Apple repaired it and looked the other way. I'm guessing they won't be so forgiving now with this article out there.
my laptop has a piece of tape over it, but i can still see the LED lit when it comes on. however, as far as the flash of a quick snap, does the camera on the MacBook take an image faster than the iDevices? the phones always take at least a second after pushing the button, so maybe Apple would be better off putting the same kind of camera in the laptop to ensure it is impossible to take a photo quickly
If an iPhone is displaying the current camera contents on the screen, the software already has access to the camera, and is already "taking photos" in real-time.
This is the only correct design, yet almost nobody does this. One of the challenges is verifying that this was done correctly.
You may be able to verify a design like this once with a teardown, but it's impractical to verify your particular device, and next to impossible to re-verify this every time you leave your laptop unattended.
This isn’t speculation. Opening up hardware to modify the internals is something that covert agencies do, and it’s naive to think that the purpose is equivalent to a simple bug.
As someone who posts to Hacker News you are by almost any definition a potential information source or APT vector.
What he said was that his threat model doesn't include state agencies. Many people use their laptops in bed and they probably don't want random people using their laptop webcam to take random nudes.
And, while I hear the NSA being quoted a lot, let's be fair, how many of us have the opsec to stand up to a genuine NSA attack?
A reasonable goal in thwarting the NSA should be to stop some random bureaucrat from typing on a few keys and getting access to your stuff without a signature. As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling.
Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
> > This isn’t speculation.
> He didn't say it was.
They didn’t need to use the word to imply it. I did however assume they’re weren’t so self-centeredly solipsistic as to think that their personal choices were the universal general case, or advisable for a typical participant on this forum.
But then:
> Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
Again, no. That’s another of those “surely this doesn’t happen” comments, and once again, it is flat wrong. Even setting aside that discrediting/compromising someone is likely to be different agency; just as with bugging them, there are still plenty more reasons besides eavesdropping or coercion,
such as industrial espionage, or sabotage, and the main point is that this isn’t theoretical. It happens. Deal with it, don’t deal, up to you, but never assume you can’t be a target.
This is why I only take a disposable laptop and phone across US or Chinese borders. Both have intelligence services with the resources, ability, and inclination toward systematically documenting anyone even remotely interesting.
> As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling
If this level of willingness to disregard the entire history of bureaucracy and covert action helps you feel safe, and if you have no direct or indirect ties to any other human being, body of data, or corporate entity that could ever be at any kind of risk, then why not I guess.
I had an Apple on-site support engineer open up a 16” MBP on my kitchen table a couple of weeks ago to replace a cracked screen, and he brought only
a small tool roll, a headlamp, and a anti-static work surface and wrist-strap. Took him only a few minutes to strip it down, longer to rebuild and recommission for use.
I must add, I peeked over his shoulder a few times, and my comment that it looks as good inside as it does out was answered with “yes, it’s like being asked to restore a work of art”.
I was just trying to make a joke. I've actually been very happy with working on my MBP, it was easier to re-paste than a Dell XPS from the same year. The interior of Macbooks I've seen have been laid out remarkably well.
My work laptop (a Thinkpad) has a built-in plastic slider that physically covers the camera. If something activates the camera while that cover is closed, it won't see anything.
I wanted this, but I wanted the WQHD display more.
Lenovo didn't allow you to configure a T480 with both the high-resolution display and the plastic slider, it was either-or. The high-resolution display was their premium option that omitted the slider and added two more IR cameras for Windows Hello support.
So in addition to not getting the slider, I also had to disable the IR cameras.
I'm half tempted to buy the version of the display bezel with the slider and see if it'll fit as a replacement.
Bingo. It's a lot simpler to just allow the user to physically block the lens, which vetoes everything[1], rather than trust or verify that all that stuff is implemented correctly and reliably.
[1] Yes, yes, assuming you can block all frequencies the camera is capable of detecting.
The important thing isn't whether the indicator will be lit or not.
The point is whether you will be able to prevent the camera from taking a video/picture you don't want it to.
Unless you can physically disconnect or block the camera, there's not guarantee that a piece of software can't record.
The best Apple can offer here is that you will know the recording was done (assuming you are looking at your computer, and not looking away or in another room) .
A way to overvoltage/current and burn out the LED. Probability low, but nonzero.
More plausible situation: There are times when the camera is pointed at me, but my head is not pointed at the camera. Perhaps I left the laptop on in the corner of a room while it's playing music, or a myriad of other things.
A cover is a simple, foolproof solution to the camera issue.
Better but not bulletproof; LED's can fail. Manufacturers might consider leaving a shallow recess around the camera to accommodate the paranoid among us.
I think a really large portion of users here would be extremely good attack targets. Developers with privileged access to source code and operations staff with privileged access to systems make up a significant portion of the users here.
Besides: Most people don't accidentally want to show up on a video conference while undressed when they accidentally hit the wrong button in some confusing skeumorphic app specific interface: The LED only warns you after its too late.
100%. The bank I used to work at had a part of the employee handbook dedicated to what happens if you're kidnapped. We're just being naive and casual as we are wont to do. Bro don't worry have another free granola bar.
And in fact one of the devs was poached by a shady bunch of foreign looking suits who would have fit right in with big brother.
In all fairness you have a split second between the light coming on and the video stream initializing to err hide your shame. What are you doing in front of your computer with no pants on? Naked yoga?
120%. I used to work in an industry where a developer was killed in a drive-by shooting, after he reported certain code to the regulatory agency.
Generally speaking - as developers type away on their packet handling or authentication code, they all too naively believe they won't be a target of a new friend or bribe.
Yep. When the Saudi government wanted to persecute dissidents and journalists, they went to the service providers to get compromising info on them. They just paid employees at the companies that didn't play ball to siphon data and target people clandestinely.
The light indicator in modern webcams is a "physical" indicator. Sure, it won't stop it from being hacked, but it will light up whenever it is active. That part can't be hacked, since it's in the hardware.
The irony of this is too much. The guy who pioneered privacy invasion as a philosophy is guarding his own privacy. He should have a Facebook live stream following him 24/7
Seeing that pic was eyeopening for me. I believe he had other ports taped over as well.
At the same time, he's going to be an exclusive target for myriad actors big and small, up to and including entire nations, so extra paranoia is probably warranted.
Testing on my phone at least, tape does nothing to prevent discernable audio from being recorded. I think the device would need to be encased to block the microphone
There are also doctors who are anti-vaccine, financial planners who don't max out 401ks, sysadmins with unpatched home systems, etc. Just because someone could possibly know that the thing they're doing is illogical doesn't mean they act on that knowledge.
> There's a reason Zukerberg's laptop has its mic and camera tapped up
This is an incredibly weakly phrased argument; there's a reason people are flat-earthers as well. The existence of a reason does not automatically make that reason a good one.
I actually take his webcam tape to mean that his security group (which includes people who have serious hardware chops) doesn't think that the investment in a better option is worth it.
Lastly, about that 0day argument. Many camera LEDs are implemented in hardware, which means instead of hardware prevention they have hardware detection. There are reasons for both, and neither is unambiguously better.
Which, as I said, us hardware prevention. It stops someone from recording you, it also stops you from knowing someone tried to record you (i.e. hardware detection).
The hacking consequences I care about are having my bank accounts drained, not having my picture taken.
Google "rootkit". This is a great example of theoretical security vs actual security. In theory, people review logs on their personal machines and hunt for bad guys. In practice, virtually nobody has ever done that. The reality is that personal laptop compromises are discovered through side-effects. Heat, sluggishness, webcam turning on, accounts being hijacked.
Removing components also removes functionality. What if he wants to use it later? I guess he could have another laptop specially for the purpose, he can certainly afford that.
I think the simplest explanation is whoever was staging the scenery around him didn't think anybody would notice the taped laptop. If they did realize that, they probably would have untaped. It wasn't meant to be a detail you notice or centerpiece of conversation. That's my guess.
Or, more accurately, he and his security experts are weighing the challenge of accurately assessing potential hardware failures against the $0.50 of tape which provably prevents them. If you’re a high-value target there is a lot to be said for layered defenses and easily verified safety measures.
For many people the trust in integrated laptop cameras has been thoroughly eroded especially in case of Macs. (From my experience by interacting with people not having much tech experience, limited to Germany, maybe also limited to the social cycle(s) I interacted with.)
The paradox thing is that the same people who often don't trust webcams in Apple Laptops or Apple All-In-One PCs do not bother or even think about weather or not the camera in their iPhone could spy on them or weather or not they microphone in webcams could still spy one them...
I would say you are equally likely to catch someone jacking off through the webcam as to catch valuable information through the microphone. They are therefore equally lucrative
How could it be equally lucrative? The amount of information someone can gather from a camera is much smaller than what you could gather from a microphone in a given room.
If I am in a conference room talking about strategy, an uncovered camera will just pick me up. The microphone will capture everyone’s conversation.
Depends on your tolerance for shaming. I, for one, would probably be a bit pissed off if someone threaten to publish video of me jerking off, but wouldn't care about that enough to pay anyone any money. Listening to a secret conversations in conference room on the other hand, than can be valuable on it's own, no need to blackmail.
Honestly, unless you're cheating on your SO, society is growing increasingly tolerant/indifferent of most of the other things you could see on a webcam
Honestly. I could care less what society thinks. But the scenario where one would have their laptop open and awake in their bedroom while cheating on their spouse and have enough money to make blackmail worthwhile and trust the information won’t get out anyway is slim.
How many people are doing something that is worth the time to blackmail in front of a camera and have the means to pay a substantial sum of money compared to the value of corporate secrets?
Also what are the chances that a microphone wouldn’t overhear something incriminating even if the camera were covered in your bedroom?
And I am really not trying to go down the road of wondering if you are doing something incriminating in your bedroom and your partner is being completely silent what that implies.....
Corporate espionage is potentially more lucrative yes but the opportunities are much less. There are millions of MacBooks out there with significantly more people jacking off in front of them than discussing lucrative corporate secrets
I'm not sure real "jerking face" blackmail is that frequent. If caught the author would face heavy charges. It's probably way easier and less risky to massively scam by pretending you had access to the webcam than to actually bother to hack.
Beside I'm not sure a "jerking face" would be more than awkward if published. A reverse angle in which you could identify what was the video used for the jerking session would be way more compromising.
And in this regard poorly protected IOT surveillance cameras have way more evil potential that webcam in my opinion.
Any story about Apple gets about 50x the hype because it’s a more understandable brand and set of products. The only other OEM that has any story traction is Lenovo, because China. Nobody knows what a Dell Latitude 43675b is.
There’s nothing notable or worse about the Apple issues. If anything, they are probably a lower risk than the average PC.
There where a lot of horror stories about random people spying on "you" through mac webcams. Like in the sense that they hope to capture NSFW material and similar.
Most of this stories where not actually happening, I don't remember exactly but I think they came from a single story of targeted hacker attacks where such a thing actually happened and then people got blackmailed.
But it's was more comparable to some rumors which wildly spread and then many non technical people ended up believing and which somewhat had a truth at it's core somewhere so it's not easy to just put it of as "mad up".
Also it happened like a 5+ years ago, it just stuck with a lot of non tech people somehow. And it (normally) doesn't hurt so tech people aren't that likely to tell people that this isn't quite right. It's often already hard enough to convince them to do any privacy focused actions.
Maybe that's misguided and naive, but I pretty much trust my phone to protect me from bad actors taking over the camera; I'll have to trust the apps I use that have camera access to not spy on me, but those are few.
Until relatively recently, any userspace app on my computer could freely access the camera and microphone, including background processes and malware, so that feels a lot riskier. There seems to be a permission for this that must be granted in the newer macOS versions, but I assume there might be ways around that.
My thoughts exactly. On my phone, I have to trust Apple. On my laptop, I have to trust everyone who wrote code I downloaded. That’s two quite different crowds.
Then you haven't seen all the malware and spyware on phone apps that have been approved by Apple and Google right? I don't trust anyone regarding my tech as far as I can throw them.
I could have a System 76 machine with latest xyz hacker proof Linux distro and I'd still assume all was heard and listened to through that device. Just makes no sense to trust any mass production device.
This might be true for yourself as a technical savvy person. Camera covers are particularly important to people who are self-aware enough to realize they don't have the tech skills to keep bad actors from gaining access to their camera
As a tech-savvy person, I definitely don't have the skills to make sure of that on a laptop. I might be one brew install obscure-util-from-random-HN-comment (or npm install ...) away from inadvertently giving away all my privacy.
I'd also add that my laptop camera is pointed at me[1], and has a decent view of most of my room, whereas the vast majority of the time my phone's camera is pointed directly at my desk or straight up at the ceiling. I'd find my laptop's camera being compromised far more intrusive.
[1] Or least _was_, until I disconnected it - I needed to replace the screen anyway, and I _never_ used the camera, so I just popped the camera out at the same time
Is your point that because these issues have been fixed there will never be a new camera exploit in the future?
I don't see how what you're saying supports that. If your point is simply that Apple has resolved camera vulnerabilities in the past, that's nice, but doesn't exactly give me much peace of mind about future vulnerabilities.
No, the point is that old light indicators were done in software (and were open to exploits), whereas newer indicators have all since moved to being wired right in the hardware. The power of the webcam lights up the indicator.
If the sensor is physically getting power, the light is too, unless the wire is broken. They are on the same circuit. It is not a firmware thing, its basics circuits Physics 101. The light could be burnt out, yes. The wire could break sure. But it can't be hacked (minus pulse modulation, not giving the light enough time to light up). But if you power up the camera, and something isn't physically broke... the light comes on. I know the privacy incident has already happened, separate argument. I think people are missing the hardwired point. This discussion should be focusing on the fact that if the camera has powered on, and we see it, it's already too late.
I have personally turned on the camera without the indicator light coming on on a 2012 Macbook Pro 15" with double-digit percent success rate, meaning someone with more time / expertise could probably do it consistently. I have been unable to do it on newer 15" pros or other models (Air / pro 13").
Because Apple said so? I simply don't have this level of trust.
Because someone disassembled their MacBook and reverse engineered things? And that person is trustworthy and competent? That is better, but even if it was true for the MacBook they reverse engineered, suppliers make tweaks to parts all the time. Can I be sure that my MacBook still has the exact same camera?
Because you opened up your MacBook to confirm? Maybe then you can trust it.
But you just moved the goal-posts from a discussion about whether the implementation was faulty (and Apple was misleading their product owners) to one about whether the design compromises are right.
Apple claims that the LED comes on when the camera is active, which it claims helps protect your privacy. That seems to be true, and certainly no-one seems to have any contradictory examples that are not 12+ years old.
I can argue that when one uses a sliding cover, one can easily forget to reset it after a video chat. The design is bad. The right solution is simply not to have a camera. It's just a different design compromise.
The question is whether this is a firmware implementation that's just waiting for a 0-day or if the +V for the CMOS sensor is literally wired to the LED. If the latter I'd like to see a picture of it.
I was the security architect for this feature on recent Macs. The LED is wired to the camera PMIC and is powered by the voltage rail that powers the camera. The PMIC will always remain on if the system has power. Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack.
Ah, good. Is the microphone similarly protected? Sometimes I feel I must be the only person on earth who doesn't use their laptop while naked and couldn't care less if the imager was watching me. The microphone, however, could be an actual security threat. Phone calls, muttered passwords, etc.
There is a little LED that lights up when they open. The door latch is controlled via software and so is the light, though I would assume in the case of power failure they'd unlock for fire safety reasons.
I know where you were going with that, but the situation is different than what you’re trying to show. On Macs the light is on the path of the camera: if it is on the camera is, if it is not then the camera is not. Whereas with the door you might think that if it was latchless someone could just push it open when the light was off. The camera light is really a door alarm, not a door latch. (And as I just mentioned, doors with an alarm but no lock often do exist, usually for fire safety reasons).
A door without a latch does not prevent
an unauthorized person from trespassing.
A camera without a cover does not prevent
an unauthorized person from trespassing.
So you have to perpetually watch out for the LED indicator to see if it ever randomly turns on for 3 seconds? And what if it does come up unexpectedly? At this point it's too late and you've already been captured. A mechanical cover that can slide on and off the camera seems like much better security.
The point is that the hardware has been designed properly. Combined with the OS-level permissions, it should be assurance enough for the majority of use cases.
If you need further assurances, then by all means, use a physical cover.
The claim was that single-frame grab attempts are prevented by an indicator that stays on for 3 seconds. First, you do have to be alert for all of these potential 3 seconds windows, and second, it doesn't prevent anything but only tell you that it has already happened.
No, it wasn't. The claim was whether it was implemented correctly, as the entire conversation started with examples where it was not implemented correctly.
Properly designed hardware would add one small - and in every way possible, since we've already identified the circuit that drives the single power source - addition. A physical switch that prevents camera from being turned on. Same for the microphone. Unfortunately, this is never done. So people put covers on.
According to an anonymous Gruber source, Apple fixed the issue by tying the led to the Vsync on the camera board. I have not found a teardown or anything other than this confirming it https://daringfireball.net/2019/02/on_covering_webcams
I had a laptop with a physical switch for WiFi/Bluetooth in 2006 or so (with a matching orange/blue light that would turn up when you toggled it). The problem was that this was actually all done by a software driver - when I booted into Linux with the laptop I was surprised to find that the bluetooth/wifi modules were on regardless of the switch's position.
At the end of the day, unless you have a really nice microscope, solid understanding of electrical engineering, and a few tens of thousands of hours ahead of you, you have to trust whoever you're buying the hardware from that it will do what they say it will. No amount of hardware efforts can solve the fundamental human trust problem.
I have a Lenovo Thinkpad T480. Its webcam switch is a slider that covers the webcam lens. You don't need a fancy microscope, or a solid understanding of EE, or tens of thousands of hours. You need the ability to see the slider cover the lens. Takes all of half a second and at least 1 eye.
And the hackers still win, cause no one remembers to slide it shut after a call, and they can hack the led so there is no physical indicator when they are watching.
I prefer aluminum foil under the tape that's over the lens so it can be flipped up out of the way easily but still block the view. But the cover does the same thing and doesn't take the effort of putting in a piece of tape.
It would be mildly impressive if a manufacturer made a fake cover with a switch to detect when it's "closed" and make the main camera stream filtered to look like the cover is real, while having a 2nd back-door unfiltered stream. Of course this could be detected by someone who took the unit apart.
On Thinkpads, the cover has a prominent red dot painted on it, that ends up in the location where camera lens would normally be. And, of course, you can visibly see the edge of the cover move as you slide it. So I don't know how you'd fake that.
It's like the halting problem. It's hard to decide whether a given switch works in the general case. But it's possible to design an obviously correct breaker.
Edit: the gnarly thing might be ensuring it doesn't harvest power through data wires or store power in covert capacitors or batteries.
I had another laptop with a hardware switch and a corresponding LED, and it worked exactly as it should - the hardware was completely inaccessible under Linux. So yes, it can be done and it's not rocket science.
Yes, what you describe is trivial - and it would be similarly trivial to design a module that appears to respect the switch (regardless of Linux/Windows) and yet records things surreptitiously, only to offload it at a later date.
Remember the amount of effort VW was willing to expand to cheat emissions testing.
The question isn't whether you can add a cover to the product after the fact, it's whether you can trust a switch on a product to do what the manufacturer says it does.
I don't see how that fixes the problem; if you don't trust Apple to build in hardware safeguards around the camera indicator light, why would you trust them with a hardware switch?
A hardware switch should in theory be more easily verifiable than a software one through physical testing. Running tests on PCB traces to verify that a switch indeed works is probably a whole lot easier in general practice than decapping chips or decompiling and analyzing low level firmware or low level OS components.
But are you going to run those tests on PCB traces on your own hardware? If not, then you have to trust that your hardware is identical to whatever hardware was torn-down and tested. I suppose this is good enough unless your threat model includes someone swapping your computer enroute to you with a modified one.
But even then, are you sure the computer whose PCB you tested hasn't been swapped or modified since then? That Chinese operatives didn't splinter cell it while you were out grocery shopping?
Just so you know, switches in something as complicated as a laptop have a good chance at being connected to a processor , with firmware being the thing that determines what the switch does. So you still need trust, even with a physical switch.
Source: write firmware for a living, and write drivers for physical switches.
It should be implemented with the same robustness as if the user's life depended on it.
As an analogy, you wouldn't implement a car brake by running it through some firmware. Instead, you'd preferably make a direct physical connection between the pedal and the actual brake.
There's another angle, which is that even if the wiring works and forms an iron clad promise the camera is not working, not having camera covers trains the population to be okay with having cameras pointed at them all the time, even in their most personal and private spaces.
It's connected to the damn circuit! You can't power up the webcam without powering up the light any more than you can make the camera see through a piece of electrical tape.
There could still be a circuit in the light that could pass the current without lighting up. Or even if there was no such thing, it could be added in the future after everyone was shamed into believing you are a fool for putting tape over your camera.
There are probably other ways. Stop trying to shame people just because you haven't thought of a way to bypass this.
Neither of those things is the case. You can’t power the camera circuit without passing through the low power light. We can rely on the diligent work of security researchers to attempt bypasses and do teardowns for us, so the risk of Apple compromising an older model only exists for people who buy immediately on release.
The support document also suggests a paper-thin cover, so it’s not attempting to shame anyone.
> Designed to protect your privacy, Mac notebooks have a camera indicator light to let you know when the camera is on. ...
The main problem with that isn't that it is possible to disable the LED. The problem is that the LED is like a smoke detector, when it alerts you it's already too late, you are on fire (or your photo/video has already been taken). An indicator LED doesn't protect your privacy, it only tells you when it has already been breached.
Indeed. Think of the “American Pie” situation. Laptop open playing Spotify to get you in the mood, then bop, on goes the camera thanks to a bug in zoom. Are you going to notice?
The problem with a physical cover is that if the bad guys can install software on your computer that can access the camera without setting off the LED they can also install just about anything they want. At that point nothing on the computer can be trusted.
On new Macs the light is a minimum 3 seconds even for a single frame photo. Anyone monitoring you has to turn the light in just to see if you are there, and what you are doing, and will likely have to watch for hours to catch any incriminating footage.
> will likely have to watch for hours to catch any incriminating footage
It's not just 'incriminating footage' that's the problem. There are perfectly legal sites I visit that I'd prefer didn't have a photo identifying me. Takes only seconds to snap such a picture if using an exploit like the safari one in April.
Recent Apple laptops have a separate SoC dedicated to secure boot as well as making sure macOS has no direct control over that camera indicator light, and more
I think it's a bit overstating that it destroys the secondhand market. I still see non-working Macs on ebay for hundreds of dollars. The resale value of a well-maintained Mac continues to be much higher than any other brand. These kinds of changes have also made great strides in reducing the incentive to steal phones. There was a specific update that the NYPD pointed out reduced iPhone thefts significantly.
But, I do wholeheartedly endorse right to repair. I'm very bummed about the recovery options for newer laptops with non-removable drives. I was also bummed to hear that ARM-Macs won't have Target Disk Mode.
It hasn't had a chance to impact the secondhand market yet. The laptops with the T2 chip are relatively new, and aren't getting decommissioned & recycled in significant numbers. It will be a tremendous waste when they are.
Those laptops will still be valuable for some parts, but considering now that not only the RAM is soldered to the motherboard, but the SSD too... there's not going to be much left to use.
I find the "theft" argument very hard to swallow for two reasons. First, thieves will consistently steal electronics -- smash-and-grab first, discard later. A thief unable to sell your irretrievably lost phone is a pyrrhic victory, to be sure. Thieves with domain knowledge may be savvy enough to stay away, but I would bet that is rare and more limited to organized theft rings.
Secondly, and more damning, Apple has repeatedly paid lobbyists to parrot the anti-theft security scenario at hearings discussing enacting right-to-repair laws (as well as spreading misleading FUD on repair safety). Apple could work with legit recyclers to find sustainable ways to recover donated products, but they very deliberately refuse to. IMO this makes their security arguments suspect.
In general, I'm very distrustful of a security model that relies so heavily on their cloud holding all the keys.
> It hasn't had a chance to impact the secondhand market yet.
I do think we're talking about different secondhand markets--or at least different large sections of it. Buying/selling working Macs aren't affected. That's the only one I've ever dealt with. I do think I was wrong above about non-working Macs--I do think there will be no resale value if they had a T2 chip.
> I find the "theft" argument very hard to swallow...
Multiple cities cited 25-35% drop when activation locks were rolled out. Personally, I've only had iPhones stolen before this. I do think most are crimes of opportunity, but a large chunk, especially if they're stealing multiple phones, know how they're going to unload them. But, I don't think this T2 repair thing is relevant. I don't imagine thieves parting off stolen phones because it's not worth it. Even organized crime.
I do agree Apple has misrepresented the situation and right to repair is one of the few topics I write to my representatives about.
The secondhand market I'm referring to is not one-to-one personal sales, but recyclers / refurbishers dealing with donated devices. It's already a huge issue with Apple products. Thousands of perfectly good working iPhones and iPads are not removed from iCloud accounts (either through a lack of consumer education -- resetting a device does NOT do this -- or it being too resource-intensive on the enterprise level) and the activation lock renders them worthless e-waste. This is what is going to happen to T2 chip Apple laptops.
Agreed, thieves aren't parting off stolen phones. I was referring primarily to unattended property theft (car break-ins, theft from public spaces, etc.) not muggings. Probably depends on what is driving the crime.
In terms of giving some kind of supply chain assurance it's not a bad idea by itself. I'd prefer a non-bricking variant with a red boot screen warning about non-original spare parts, or something to that effect.
Sure, but it's way too tempting and too short of a step from that, to "Sorry, this device won't work with unauthorized third-party parts... for your safety. Please shell out $$ for repairs from an Authorized Retailer, if you can find one and if they offer them."
If the T2 chip is compromised, then separate SoC protection is moot. The only true protection is a physical covering (like in the Lenovo) or physical kill switch (like the Purism laptops).
At that stage though all bets are off - the hackers have access to everything you have typed, all your files, all the audio from your microphones, your credit card details, those photos of you and your partner on the hard drive...
Yet the camera on a laptop is the thing that we need to cover? It’s a weird security model, that’s all.
Besides, on a MacBook it sounds like the webcam light is almost impossible to circumvent because of the implementation.
For those photos of you and your partner you made the conscious decision to take them, perhaps even weighing the risks of them being compromised at some point. This is very different from a video feed being captured of you unknowingly. That goes for both the impact of such a compromise, and the feeling of the risk of being watched.
Almost impossible just means it requires lots of money/dedication, but still a T2 chip compromise is scalable and can be done remotely, which is fundamentally different from physically compromising hardware.
Well Purism laptops have hardware switches for the microphones too.
But it's not even just for hackers. Zoom had the SUPER annoying habit of turning your cam on when the meeting organiser selected that everyone should cam.
This led to several colleagues being unaware they were being shown at that time. One was even lying in bed and called in from her phone. That's her business, it was 8pm at her location. But now everyone knows.
A hardware slider would have prevented all of these real-world problems.
There should be roughly ~0 cost (maybe a few cents?) to tie indicator LEDs to the camera and microphones's power supplies, and make it independently auditable by anyone with a multimeter (and maybe a magnifying glass?)
Is there a database of laptops that do this correctly?
I guess you'd also want the microphone physically disconnected when the cover is closed, or at least have the LED visible when the cover is closed.
If you read to the bottom of the directions it says you can use a sticker. So this looks like its targeted to the plastic camera covers that can be turned on and off.
I don't think they are saying that a vulnerability currently exists. I think they are saying that people don't trust these lights because they have a bad track record. It could be that the current implementation is better, but how is an end user supposed to know it's better?
It's kind of a matter of fool me once, shame on you, fool me twice, shame on me.
> that people don't trust these lights because they have a bad track record.
No tech people who think about and obsess about this type of 'risk' don't trust the lights. Most Apple customers vast majority don't think and don't care.
I would wager money that precisely zero of the "tech people who think about and obsess about this type of 'risk'" have had their privacy compromised as a result of an Apple laptop misrepresenting the on/off state of the camera.
It's been twelve years since a vulnerability in this was reported, and by all reports the LED power state is now implemented in hardware. It's long since time to obsess over other sources of risk, instead of the dead ghosts of previous ones.
An opaque piece of tape used to disable a camera is one of few components a user can completely understand. Apple is probably correct to tell users to rely on Apple's security features, but those features are way more complicated than a piece of tape.
The fact that they worked at all is an indication that something similar may work in the future. It's not like apple has never had a regression in software.
Risk to the average apple customer is? Do you think that most people need to worry about this? Point Apple is making is it's not needed for the vast majority of their users and if you feel better use a piece of paper.
So let's stipulate it can happen (because well it can happen). That would take both someone being targeted en masse (prior to apple having a fix in place) and it making a difference to the person or people it happened to. Is that really a big enough risk to spend time worrying about?
Not to presume what the OP was meaning, but I'm guessing they were pointing to these cases as a "it has been vulnerable before, it may be vulnerable again. But a cover is not exploitable in this way" rather than "these exploits work".
Do you expect him to post links to zero day exploits? If it's actively targeted and done so consistently and sequentially, it is reasonable to expect that it _could_ be happening now.
Which bugs, loopholes, backdoors, etc allow the camera to get through my cover (I upgraded to sliding plastic from electrical tape at the start of lockdown and there was a need for an actual camera)
People also do it so they don't accidentally open something that's got the camera enabled. If you're a school teacher answering questions for students in the evening you don't want to click the wrong thing and turn on video, or close the lid with something running then open it later, having forgotten, and now you're broadcasting. Stuff like that. Whether teh haxx0rs can get at the camera is irrelevant for that reason of using covers.
Personally I wish all my devices had hardware toggles for camera and mic, both. Phone included, since it's only a "phone" a small fraction of the time these days, the rest of the time it's a small Web-stuff device.
Only when the cover is shut. That prevents an important set of attacks. But a mechanical switch in the power connection to the two devices keeps you from accidentally broadcasting when on, say, a Zoom call.
I don't trust hardware kill switch either; anything is not visible right in front of my eyes. Mass product don't expect normal people to technically know about circuit design.
How hard it is for a big tech company whose hardware suppose to be best in the market, to design a built-in thin cover .. like camera shutter that's invented very first days camera invented.
ps; by shutter, I don't mean an actual light collector functionality although .. it's hard to argue that.
For macbook mic, I use hot glue to seal it. It's pretty good at blocking sound wave (I tested it).
Just as a social observation I noticed a pattern which always struck me pretty hard:
Nearly all (say 9 out of 10, and not, it's not an exaggeration) of my friends – me included FWIW – have some kind of cover over their webcams. This is true even for people who you would describe as the opposite of tech-savvy. Sometimes these folks even have no ad blocker installed and use Chrome happily.
But still: Everybody has something over their webcams. It is truly ubiquitous! Might it be we dislike the fact something like an eye stares us right into the face all the time?
Probably because it's more concrete than some abstract threat like the ad industry building a dossier on you, or the NSA spying on your web browsing habits and phone records. John Oliver uses this to great effect when talking about NSA surveillance: https://www.youtube.com/watch?v=XEVlyP4_11M
When I moved to Germany I was surprised how everyone taped the camera on their laptops with these small, thin, easy to remove stickers that left no residue made for bookmarking your notebooks.
This should still work on Macs as a sticker is thin enough not to damage the display.
That's what I use as well, and I'm still using the same one that I started with. It's lasted over a year.
I appreciate this line:
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
But I still want a physical assurance that the camera can't see anything. I don't want to have to count on myself noticing the light.
Some Lenovo ThinkPads have built-in shutters, and I wish Apple would do the same for MacBooks. In my ideal laptop, it would also physically disable the microphone.
Yet another reason to buy something better than a MacBook. :) Don't get me wrong, I used to love Macs. But they really started screwing their own prosumers, ohhh, back in 2011 when they made Final Cut Pro X into a "for dummies" application, rather than the professional tool it used to be (this is a discussion all on its own btw, and while it's not clear cut, the change wasn't welcome at the time). From then on things have mostly gone down hill. That year marks a clear change in their philosophy, from prosumer-made products and to a far more consumer and fad-based focus as a "luxury" brand. Except the whole premise for buying Apple products used to be that they were better for professional production environments. I really hope they'll get back to this tried and proven mode, instead of what they're doing now.
I love how everyone worries about their computer camera when there is no light for the camera and facial recognition hardware on the front of your phone...
So, Apple has done a nice job of making the sure the LED comes on when the webcam is in use. Unfortunately, there are still very good use cases for webcam covers.
- The computer has malware which controls the webcam. Although it's nice that the light correctly alerts you the webcam is in use, the malware can still get some pictures off before you can act.
- You're not very good with computers, and so you don't know how to change Zoom settings, and you want a surefire way to ensure that you camera will not be active when you join a call.
- You're just fine with computers, but the app has changed its defaults for some reason, and/or;
- Your company mandates a new app which you're either not familiar with, or doesn't have appropriate settings.
> Downside of covering your MacBook camera:
"If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances. Covering the built-in camera might also interfere with the ambient light sensor and prevent features like automatic brightness and True Tone from working."
Upside: a square of post-it or similar stuck over the camera gives you peace of mind assurance that this particular lens of the digital panopticon isn't watching you.
I cover my camera (not MacBook, but I did when I had one). Partially because of what you read about hacks.
BUT, the main reason I cover my camera is as a stop gap to user error. I have started chats with people (co-workers, etc) where I accidentally enabled the camera. Wasn't entirely "presentable" either, wearing just an undershirt or haven't shaved for several days, etc. Luckily all they saw was a black square. Will never NOT cover my cameras when not in use because of these experiences.
I use a piece of black sticky note cut out to cover the camera. It doesn't interfere with the closing mechanism, it comes off clean, and it doesn't require trusting Apple.
> Covering the built-in camera might also interfere with the ambient light sensor and prevent features like automatic brightness and True Tone from working.
I don’t see the LED come on any time I’m not actually using the camera, so I’m guessing the True Tone sensor is near the camera and it doesn’t actually use the camera. So as long as the sticker only covers the camera it should be ok?
Also, my Mac has a lip around the edge of the screen which is probably thicker than most stickers.
We're surrounded by tiny, meaningless LEDs. I've even tried to avoid them, but right now I can see three of them from where I'm sitting, and if I turn my head away from the corner where my computer desk is positioned, I can see three more (one of them, on an electric toothbrush, is blinking to tell me it's fully charged...).
Sometimes a light being on mean "everything's okay, don't even worry about me" but sometimes LEDs being on means "pay attention, this is important!", and sometimes LEDs being on means "LEDs are so cheap, we threw one on this device for no reason".
Second, there is no shared 'vocabulary' of lighting that tells you consistently what a light being on means (consider how in this case, Apple wants us to consider a green light to be a warning indicator).
Given this, I'm not at all convinced that a light being on would be enough to warn most people that they're being spied on, or that most people would even notice another small LED being on in the first place. Consider changing this UX!
The first thing that was said in my InfoSec 101 class was that the best security is at the hardware level. If you really want to secure something, keep in inside a room with a lock, or chain it. Software will never be guaranteed security, and not having a camera cover is asking for something to go wrong, whether it's during a meeting or someone hacking into it.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
Is this verifiably true? I trust Apple on security matters more than the average laptop maker, but the fact that so many of these indicator lights are software-controlled erodes my trust in basically all of them.
This [1] is the best source I've seen. 2008 era Mac laptops definitely had that exploit, but since then they've made hardware changes.
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
I don't understand this debate around blocking camera. If your laptop has already been hacked such that the attacker has access to disable the green light(if we could be disable by prevailed account in the worst case), wouldn't you have more serious things to worry about? I mean worst case they could film me nude or something.
That's correct, but it's not why I have a cover on my camera. I really like the peace of mind of knowing that my camera really is off during a meeting. I guess it's the same for many people, especially working from home without a dedicated office.
Lol I have electrical tape with a piece of paper on the part that goes over the camera lens. Use both 2015 and 16"
Also not sure about this "tight tolerance" as there's a rubber seam all the way around the screen that would have a gap between the camera and laptop body right?
"might also interfere with the ambient light sensor and prevent features like automatic brightness"
Oh, if I could only get automatic brightness to actually turn off!!!! I keep the sensor covered with electrical tape because that's the closest I've been able to get.
Apple should probably make a physical camera cover. I have it on my Thinkpad X1 carbon and I love it. What's missing is physical microphone and wifi switches, I don't know if there's a modern machine that has all three.
Apple webcams are pretty horrible anyway (current generation is even worse than a few ones ago). Noisy and blurry in anything less than ideal lighting conditions. So if I'm on a serious videocall I use an external one anyway.
It looks like Apples quest for even slicker devices has taken its next toll, both the MacBook retina and the original touchbar work fine with a cover.
The product line up is in a weird limbo between professional and luxury and it’s difficult to move away given the alternatives (I have Linux and Windows on my workstation, one needs a lot of attention to move beyond 95% working and the documentation just isn’t always good, the other is very annoying with ads and all sorts of stuff that is integrated and the lack of consistency) even though I miss my old thinkpad and appreciate how they think of business features like thinkshutter.
I am fully confident I can manage a physical shutter in front of my camera. I am absolutely way less confident that I can manage avoiding a myriad of dark patterned traps and mazes to have each app configured exactly right so as to not have given it permission to turn on my camera at inconvenient times.
Yes, I do sometimes participate in conference video calls with only my dress shirt on over my short sweatpants, and that shutter gives me the confidence that my co-callers need not be exposed to my state of partial underdressing at inappropriate times. Call me Luddite, but your little green light isn't doing that for me.
More than once I was gifted camera-cover plastic things that I could stick to my laptop cameras. They all had convenient ways to open/close them, and they all had the logo of the company that was gifting them to me (one was a proprietary AI software library). I am 100% confident that those plastic things would indeed damage my display, since they were slightly thick and the laptop lid wouldn't properly close with them. So I kept the insulating tape that is currently there, and nothing was damaged. It does make some sense that this article exists.
Reading this, I had the idea to create a sliding cover, in the same style as the bulky plastic ones, but made out of a sticky note. Turns out this was not an original idea, and the person who beat me to it has a much slicker design than what I had in mind, using a single sticky note, cut in two pieces, with a symmetric design.
I learned this the hard way with one of these slide covers from CloudFlare I got at BlackHat Conference. Picked up the Mac with one hand and I heard the crack. Needlees to say I now have a vinyl type sticky cover I just move on and off when I need to use the camera. Apple replaced the screen for me for a small fee of course.
https://www.ipromo.com/promo-products/20101/Custom-Webcam-Co...
I always wonder why the people who cover webcams don't think about the mic. Isn't that almost worse? It could grab speech even if you aren't right in front of the camera.
The much more real-world use case for me is guaranteeing I won't join a video conference call with my camera on. In light of all the WFH zoom accidental nudity videos going around, its no surprise camera covers have become more prevalent.
Even if we trust that without the LED being on, the camera is never on, it does actually provide little consolation. Unless Apple has covered every single scenario, where any program trying to access the camera, can't do so without the user intervention.
People accidentally leave their laptop lids open, and what if the app they trusted earlier isn't so anymore and turns on the camera, streaming the content before it.
Unless Apple has a solution to prevent all these, they shouldn't be giving such advise.
Seems like most/all ppl in this thread are also missing the bit where MacBooks are just too thin; so much so, that it's hard to even protect the fragile coating on the screen from damage without something as thin as printer paper in between it and the keyboard. It's hard for me to remember to put that piece of paper in there every time, but if I forget, I risk oils from the keyboard getting on the screen and permanently erodong the anti-reflective coating.
Cameras and mics need hardware off-switches on all mobile devices. Not a digital switch that sends a signal to a CPU - I mean a slider switch that physically disconnects wires.
I have something very similar to these [1] (the original item is no longer listed) on my laptop's webcam and my smartphone's front-facing camera. They've served me very well, and the former has saved me from a potentially-embarrassing conference-call-style disaster.
I don’t use the sliding cover. I put black electrical tape over the camera. I keep a roll in my computer bag in case of an unusual scenario that I would need to use the camera. As soon as that is over I replace the tape. If it leaves a sticky residue? Oh well. Sorry. I have a phone if you absolutely need to see me.
Also- why isn’t the iPhone camera engineered the same way as the Mac? How many apps/websites would love to have footage of compromising moments?
This could probably be solved by an accessory with a loose flap. Gravity would naturally ensure that the flap covers the camera when the display is vertical, but hangs over the edge to avoid getting sandwiched when the lid is closed. Not sure if the dimensions quite work out for this as Macbooks are very thin, but with some thoughtful design, I think this concept could work.
An indicator light is good and well but, you kinda have to be present to monitor it in order to stop it. Someone can record all the video they want if you’re not around to notice.
And that still leaves the possibility for it to snap a photo of you present at the computer before you can react to stop it.
So far it has stopped me once or twice from picking my nose on camera. So not totally useless. /s
I am shocked at the people defending apple. A thin piece of tape shouldn't be enough to damage the laptop. That's terrible design. I hate to make the cliche comparison, but this is why newer think pads have the camera cover built in.
"Dont cover the camera, YOU could hurt your 2500 dollar device."
Can someone help me understand the extent of possible damage by having a webcam cover? This might at least inform me if its worth the risk.
When Apple says
"you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances", do they mean?
- the display itself could have scratches?
- the display connector at the hinge has a chance of weakening?
Edit: Also, from my limited research, the repair cost w/out AppleCare+ (or regular AppleCare if they don't count it as accidental damage) is around $1,000.
On my MBA there's a small metal lip around the lid and the LCD is recessed into that. Something thicker than the lip sitting on the glass would negate the relief the lip provides.
The webcam is behind the same pane of glass as the display. It's similar construction to a typical modern cell phone.
When the laptop is closed, the webcam lands around the bottom of the trackpad. There's a small gap between the screen and the lower lid, and the trackpad is recessed slightly, but not by much, and it doesn't have any "give". A bulky webcam cover will strike the trackpad and may shatter the glass of the display and/or the trackpad, especially if the laptop is closed quickly.
I had a basic post-it like bookmark sticker on my macbook pro camera for years. Over time the black coating on the bezels started wearing off where the sticker was placed. Not much of an issue though, as this was purely a cosmetic issue.
This is an interesting side effect of designing a thin, fancy glass display! I see a lot of people who cover their camera and I appreciate their concerns but I do trust the green light.
Although... You may not see the light on if you leave your laptop open when you're away from your desk. I do wish it was easier to get a laptop with no camera or microphone at all!
I've been using this[1] for the last 4 years. It's soft fabric and it can be easily removed. The adhesive can be reactivated with a tiny drop of water and it can be reattached easily.
With everything being digital these days, physical failsafes are slowly becoming a luxury. I love having the vibration/sound-on hard toggle on my iphone. I don't see why this can't exist for something people feel so insecure about like webcam functionality - a physical toggle that physically disconnects webcam wiring.
This is moot. I cover it because some apps turn it on, on an action I didn’t quite expect will start the camera.
If there were an explicit confirmation asking me each time if I really wanted to allow camera access (like a delete file confirmation), I might consider not using a cover. And you can have a ‘don’t ask me again’ for this app option.
> The FaceTime HD camera built into your Mac computer is designed with your privacy in mind and uses a camera indicator light that glows green when the camera is active. So you will always know when the camera is on.
Erm, the whole point is that you can't trust this kind of indicator on an OS that's completely closed source.
My understanding is that the LED is hard-wired the power source of the camera sensor. There's no separate software command to turn the LED on. All Macs run Windows and most run Linux pretty well. So you /could/ audit at least one open source software implementation.
However, like many others have mentioned in this thread, personally I see the value in having a physical cover in addition.
My $5k MBP is rocking a 1 cent square cm of black electrical tape which isn't going anywhere. If it leaves adhesive residue, I'll wipe it off with alcohol and replace the tape. My camera is only for stupid zoom meetings, and if I ruin it I get to tell my colleagues my camera is broken. That's a feature, not a bug.
> If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances.
Yep, this is exactly how the screen on my 16" cracked. I'd rather have a 0.5mm thicker laptop where I can actually cover up the camera.
The track record of Apple keeping their camera light shine when camera is in use does not strike confidence and that's why people want to use something more advanced like tape.
Unfortunately, everybody is focused on camera and forget that way more valuable information can be leaked through microphone and other sensors.
This could be mitigated simply by adding other pads/spacers with the same thickness around the screen bezel. This would reduce cracking chances, though maybe pressure right in the center top-bottom and left-right could crack the screen due to the gap between the screen and keyboard.
If a hacker can modify the firmware on your Macbook to somehow turn on a hardwired camera without turning on the LED you're so beyond screwed it's not worth mentioning. This means they already have full sudo access to your entire entire machine, all encryption keys, everything.
So, their suggestion is to "Make sure the camera cover is not thicker than an average piece of printer paper." and also "Avoid using a camera cover that leaves adhesive residue."?
Good luck finding a cover that is thinner than a piece of paper and is also not tape.
If they sold a model without a camera for the same price, I would have bought that. The camera on MacBooks is terrible anyway, and you can buy a USB camera that's significantly better for less than $100.
Since that isn't an option, I keep a square torn from a post-it note over the camera.
It’s very sad that some users may associate Apple==Security. NO piece of software is secured on this planet. If it’s programmable(even through Assembly), then a programmer can break through it. I will cover my webcam physically, even if I am running linux, thank you very much.
There are good reasons to want a camera cover that physically blocks the camera from being used that are not addressed by an indicator light (especially prevention versus disclosing).
But my guess is Apple recommends that users not block the camera because Face ID will someday make it to macOS.
This seems like a massive UX issue in that a lot of people want it closed and that they're putting the light sensor close to it. In the future, they should put a lid over it. People seem to be more worried about accidentally opening FB live or Zoom rather than hacking.
Genuine question. Why are people worrying so much about the camera but none talks about the microphone? Whenever I think about it, the microphone is able to gather far more harmful information than the camera about what I m doing close to my laptop.
I wouldn't trust the indicator light, its not a mechanical switch, its something programmed that means - you know what I mean. I would prefer covering with a tape, I'm doing it for a long and it didn't damaged anything.
They should amend this article to mention that because they haven't updated the camera in 7 years, customers should rest assured in knowing that even if compromised, nobody will be able to make anything out on the other end ;)
According to that it's fine if it's thin enough. I always just use a little piece of electrical tape. Not really worried about spying just like the piece of mind that I won't accidentally be seen nude on a zoom call.
I've had my barn door over my camera for years. It prevents a perfect seal but my screen works great. I'm sure this is valid in one way or another, but I don't buy this for a second. Adjusts tinfoil hat
I think the underlying stupidity is that no matter how good or bad the indicator is, that’s is fundamentally different than blocking the camera altogether.
This is like telling you to not use a lock if you have an alarm.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
I'd assume this is done in firmware for the camera module?
I still prefer a hardware solution or even a toggle, 1\2 the reason I like the cover is less for privacy and more to prevent joining meetings with the camera on when I'm not ready
removes the need to always be thinking about some random indicator being on or off
I have personally used a camera cover on 4 macbook pros and 1 macbook air, I have friends and colleagues who have done so as well, I've never heard of anyone having an issue. Just my 2cents.
Lenovos have a physical cover that can be shut when camera is not in use. It’s paranoia free and tape is no longer needed for that. Maybe apple could do something similar for their users comfort
No amount of tech or trust beats a black sticky tape.
Thin enough to not damage anything; Removed and re-applied in a second without leaving residu; Zero discussion whether it will work or not
Apple were boastful of the 'precise engineering', in a different way, of the iPads warping frame, I see to remember...
You are as full of crap, Apple, as you are to be admired.
For what it's worth, EFF has privacy stickers which are easy to re-apply multiple times and should be thin enough to close the laptop fine. I've been using them for a while.
Having a mechanically guaranteed way to cover your webcam is a must. Apple should just add a built-in mechanical switch. If that makes their laptop a millimeter thicker then boo hoo.
Yep, and keeps it on, my housemate has Facetime open all the time and no camera cover, every time I walk by his laptop the camera light is on, defeating the point of it if it's always on?
Camera covers most cost less than a dollar. Why doesn't Apple just build a physical one into their laptops? I wonder what they could come up with for microphones as well.
As an alternative to a camera cover, use the camera indicator light to determine if your camera is active
I've been thinking about privacy all wrong. I thought it was about preventing access to my data... but Apple has cleared up my misunderstanding and now I know that it's just about being notified when my data is stolen.
Everyone feel free to post your credit card numbers... your privacy is secure, since your bank will let you know in the form of a bill when it's accessed without your permission.
If Apple makes such high-end stuff, and is marketing on privacy, why can't they spring for hardware switches? Pine64 does, and they're by no means high-end. Not by price, anyway.
Better yet, Lenovo has a little plastic cover built into the camera under the lens.
I don't need to trust the implementation of some switch, I can physically cover up the camera with a nicely integrated cover. No trust required for about 0.01¢ of plastic.
Apple's old iSight webcams had a white iris that opened and closed by twisting a ring at the front of the camera. It was very nicely built and you could see whether the iris was closed from across the room.
I can physically see that there is opaque plastic covering the camera lens. I don't need to trust in the hidden implementation of a LED or switch or anything. I can physically verify that the camera is disabled - meaning no trust.
I don't think the price of a hardware switch would be a concern for Apple, but the size would. A hardware switch would take up space. Apple broke their keyboards to shave a couple millimeters of thickness off their laptops.
The Pinebook Pro uses a key combination, managed by the keyboard firmware. That's not quite as good as a hardware switch, but it shrinks the attack surface considerably.
I always used to say I don’t cover the webcam on my MacBook Pro because any hack sufficient to activate it without my knowledge would mean the attacker already has root, including my bank login, etc, and I’d just be closing the barn door after the horses have left.
In the Covid era, however, my threat model is no longer unlikely malicious actors with root , but more plausible bugs in my conference software. I’m not worried that a statistically implausible attacker has a zero-day on my webcam, but that Zoom has a bug that will default the camera to on despite my settings as I join standup coming out of the shower. If there were a firmware-based gesture to explicitly turn the camera on, I wouldn’t need the tape.
Not necessarily. Apple owns the patent for a camera cover made of the privacy film that turns transparent with a switch; why they haven’t used it is beyond me.
You still have a silent mode toggle on your iphone. I think apple can figure out how to add a hardware switch for a camera/mic to a laptop without compromising thickness.
It doesnt need to be a hardware cover, just a hardware killswitch to the circuit.
Well, I can't speak to Apple's intentions, but consider they did the same thing with their laptop touchpads as they did the iPhone button. The touchpad used to actually depress, now it just vibrates to simulate feedback.
(Thinking about this again, past the edit window—no, it's more than three parts. There's the (1) sleep/wake button, (2) (3) the two volume buttons, (4) and the vibration motor. And I guess (5) the speaker too, not sure if it counts. Still, it's not many.)
The problem is if someone is able to activate your camera even if the light comes on 100 percent of the time, without a cover they’ll see something and will be able to capture that. Hey this guy hacked in and is seeing naked wife or my taxes on my desk or something else sensitive - the light isn’t really going to stop that. If you really don’t believe me go stay in a hotel next to defcon and use the hotel WiFi naked.
Actually it would be a huge security risk if everyone posted their CC numbers publicly. Attackers could use their numbers to make purchases, and by the time the purchases show up on the statement the money is already gone.
Is it not clear that they're not complaining about the literal situation of credit card breach, but rather using it as analogy to being informed of a breach after the fact?
>I've been thinking about privacy all wrong. I thought it was about preventing access to my data... but Apple has cleared up my misunderstanding and now I know that it's just about being notified when my data is stolen.
This comment makes absolutely zero sense in more ways than one.
First, in the post Apple also says how you can control exactly which apps have access to the camera in the privacy settings. And, like, not give access to any, if you don't feel like so.
Second, the green light is not about "notified when your data is being stolen" is about being informed if/when you are filmed. In which case, you can just close the lid, quit the app, or do anything you like to prevent it.
Your reasoning is like arguing ironically against an alert vendor that "I thought the problem was getting my valuables stolen, but now the vendor has cleared up my misunderstanding and now I know that it's just about being notified when my valuables are stolen".
You’re missing the point. By the time the light is on it’s too late - your privacy has already been violated. Closing the lid only mitigates a camera privacy violation in progress. Covering the camera prevents the privacy violation from happening in the first place. One is a proactive measure and the other is reactive.
But in those few moments between when I notice the light and when I close the app/lid, my data has been stolen already.
If I'm in a compromising position, I don't want ANY footage of it to be created. If it is a so how frame or multiple seconds, I'm not okay with it. So being told that the notification light is equivalent to covering the camera entirely doesn't line up for me.
So you're saying everyone should always be staring at their webcam to make sure the light is not on? It isn't like there's a subfield of Human Factors studying Cognitive load[1], saying that people don't do a good job at what you're saying people should do. Also, have you ever heard of a rootkit?
I always notice when the light goes on, because it's close to my screen, and effectively a form of movement in a place I don't usually see it. It's also quite bright on Apple computers. Is it different for other people?
Yes. Many people leave the laptop on, and wander off to pee. Or they're jerking off with their eyes closed. Or they are using a different computer at the same time in a data-center. Or all of the above at once.
How on earth can you say for certain you _always_ notice it? If it came on and you failed to notice it, well.. you wouldn't know would you. You'd still think you had a perfect record of always noticing it.
Broke my Macbook Pro's display after I unplugged my earphones, accidentally left the tip of the earphone at the edge and closed the lid lightly. So beware of that too.
Most of the time, I have an external monitor connected to the laptop (with the laptop still open) and I usually wont notice if the camera is on just by looking at the LED.
Years ago there was an article about 2008 era Mac laptops that could enable their cameras without turning on the LED. I believe the camera firmware was read from RAM on boot. So they just intercepted that. Since then they redesigned the hardware to tie the LED to the sensor camera source. AFAIK Apple hasn't published any official documents on this. I, too, would be curious if it could be hijacked by only taking a still image or modulating the power, but I haven't of anyone actually do this.
Their laptop cameras haven't changed in like a decade. The only change was making it physically thinner to match thinner screens. The image quality actually got a little worse.
Does mackbook has dedicated light sensor somewhere near camera, or the same camera is used to detect ambient light and adjust color temperature and screen brightness.
I use a small square of 3M yellow sticky sharpie over with black.
That’s what I do for my work MacBook.
At this point, with all the reported QA problems and my own QA problems with my work MBP, I am completely disinterested in acquiring any Apple notebooks — especially at their prices.
I babied my 2 year old work MBP and it’s had the keyboard go bad, the video ribbon go bad, and the batteries expanded enough they popped the case.
I babied this thing. I was careful with it, did all the best practice. The first failures were just out of warranty and Apple wouldn’t cover it.
In the old days, I always could trust that Apple would make it right. But those days are long gone. And so is my loyalty.
Too little too late. Wish I knew that before, I broke my MacBook Air camera with that tiny sliding cover. Tried SMC reset and what not. It works “sometimes” though.
Also make sure you don't turn off your microphone, that could damage it too. The microphone needs regular electricity flow or else it may become decalibrated.
Forget LEDs, hardware switches, and all the rest, what I want to know is why Apple is making hardware so fragile that a simple piece of tape might damage it.
I use a small strip of black electrical tape and it works out great. It has virtually no profile and disappears into the black margin of my laptop screen.
There's a separate ambient light sensor. On some models you can make out the three separate holes above the monitor, one for the webcam, one for the led, and one for the light sensor.
I can't for the life of me see it with more recent models, but if block the camera it's clearly still there since it can respond to light changes, but if you block enough of the area around the camera, it'll default to assuming you're in darkness.
It's so interesting that we've arrived in a state where people, for good reason, cannot trust "their" devices in the slightest. On the computer where you do all your online banking or taxes or whatever, you don't feel safe without sticking something over the camera.
Makes me very proud to support Purism laptops with their camera/microphone hardware killswitches and FOSS software (I know FOSS is not the same as secure, but at least incentives are aligned). On desktop I use FOSS software and physically plug in a webcam for meetings.
> It's so interesting that we've arrived in a state where people, for good reason, cannot trust "their" devices in the slightest. On the computer where you do all your online banking or taxes or whatever, you don't feel safe without sticking something over the camera.
That really doesn't mean anything, because the people who post on here just like to not trust things. It makes them look cool when they're posting. You can always use evil maids or Russell's teapot or any argument you like as an excuse to be cynical, it's not like it can be disproven.
I don't follow you. Lots of people put stickers over their cameras, not just hacker news posters, and furthermore, I think we all agree they have good reason to do so, it's not just posturing to look cool. (Also to me, "I bought a $2700 computer and I can't even trust it not to photograph me" is the opposite of cool, but I digress.) Also, I trust my chair, my bicycle, my car to a great extent (made in 2001 though), and quite a few other kinds of technology. So I don't understand what you're saying here.
You should try this on a recent (last 4-5 years or so) Macbook! There is a hardware timer that forces the LED on for at least 3 seconds even if the camera only grabs a single frame.
Seriously Apple, just stop blaming your users. Camera covers are a totally reasonable response to the threats we all face. If your precious computers can't have them installed, build one in.
I am a longtime Apple hardware user, but it's just getting so hard to keep using them...
protip. small piece of scotch tape and a small piece of paper. when you need camera, just fold the paper open. when it gets worn out, new paper and scotch tape.
Simple solution for those who are security minded: physically break the built in mic and camera through some precision hammer and needle work, and connect peripherals when you need em. I'm half serious.
Sometimes that minority may be surprising. I have seen people who are otherwise very careless about their computer's security put tape over their computer's camera.
When you think about it, it makes sense. People frequently bring their computer into private spaces. Where any given person draws that line will vary, depending upon their expectations of privacy. (One of the criticism I've heard of the recent shift to online schooling is the use of video conferencing, because some kids don't want to effectively invite all of their classmates into their home. This is hardly what I would consider a paranoid demographic and is a situation where you have a considerable amount of control over what people see and when.) Is it really that strange to suppose that some people will want to cover up their camera?
Students were particularly troubled by the momentary flickering of their
webcams' green activation lights, which several students reported would
periodically turn on when the camera was not in use, signaling that the
webcam had been turned on.[9][23][25][48] Student Katerina Perech
recalled: "It was just really creepy."
After the suit was brought, the school district, of which the two high
schools are part, revealed that it had secretly taken more than 66,000
images.
Apple is advocating for a strategy to preserve the privacy of its users that demonstrably does not work.
The “versions of MacBook laptops and iMac desktops” they are referring to are the ones from more that 8 years ago that didn’t have the hard wired LED. Nowadays there is literally a wire from the sensor to the LED. If the sensor is on, the LED is on. It’s got nothing to do with firmware.
What happens to the connection if the LED burns out? Is the LED lifetime sensitive to state change such that you could flicker it via rapid camera toggling to burn duty cycle overnight?
If someone had access briefly to your laptop at a coffee shop, could they cover the LED with black opaque cellophane?
This sort of attack is pretty specific, so you figure it’s only done by people who want something from you in particular. These sorts of physical prep steps are what I’d be looking at if someone were relying on the light. Hypothetically, I’d attack the light first then take advantage of the false assurance.
How do we know there isn’t a secret spy camera hidden somewhere else in the laptop? How do we know Apple didn’t hide spy nabobots in their products that spread all over our houses watching everything we do?
The circuitry can't be that complex. Meaning the likelihood of a bug being pretty low. I mean come on, it's a wire attached to the camera power source with a resistor and a LED.
Is this what you think passes for informed commentary?
There are innumerable things I take for granted. Sure, I assume Ifixit isn’t a CIA front and their tear downs fairly accurately represent what ships to the customer.
Barring hopeless threat models, the light is a decent trade off.
Then something is really up and I’d not be concerned about the cam cover on my computer so much as whatever malware is allowing remote control of the camera.
I use a small piece of black electrical tape to cover the camera, and another small piece to cover the mic. It peels off easily and retains stickiness pretty well.
It's a bit surprising to me that this is trending so much. Apple has been making functionality compromises for years at the expense of hackers and power users of all kinds. Is it really so shocking that MacBooks aren't compatible with camera covers?
No, it's shocking that Apple doesn't seem to understand that their assurances do not even remotely touch what users of physical cover have in mind. A LED showing that the webcam is active means that it's too late. It doesn't matter what app is using the webcam, with permissions or not. The users apparently want to prevent the webcam to make any clear pictures. Apple just doesn't seem to get it. Instead Apple say, it's impossible for apps to turn the webcam on without permission. Ever heard of "trustworthy" apps being compromised? I have.
Apple compromises at the wrong issues. The issue is trending because of that.
Right and I don't disagree with any of what you said. I'm just asking, why is this surprising to anyone? Why are people suddenly acting like they care when this has been open and obvious for a long time?
Beyond a certain point Apple computers became a status symbol and now they seem to be able to get the users to cater to them instead of the other way around.
But no, this analogy does not follow, because your microwave will still work after you put your dog in there -- and I have not seen guidance from Siemens telling me that microwaving my dog voids my microwaves warranty.
After reading this help article by Apple I will sell all my Apple devices and never buy anything again from them.
This post by Apple is confirmation to me that they were spying though the camera. In recent years I have seen more and more people do this with nearly every single Mac owner I know doing this (and that's a lot of people). I don't think it's Apple conducting the espionage but rather LEAs of totalitarian undemocratic country (US, China) performing economical espionage.
It makes sense that Germany is the country that is by far most affected by industrial and economical espionage. And it makes sense that nearly all of the spying is conducted by the US and Chins whether it be industrial economical scientifical or political.
First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
Camera covers solve all of those problems.
[0]: https://jscholarship.library.jhu.edu/handle/1774.2/36569