But you just moved the goal-posts from a discussion about whether the implementation was faulty (and Apple was misleading their product owners) to one about whether the design compromises are right.
Apple claims that the LED comes on when the camera is active, which it claims helps protect your privacy. That seems to be true, and certainly no-one seems to have any contradictory examples that are not 12+ years old.
I can argue that when one uses a sliding cover, one can easily forget to reset it after a video chat. The design is bad. The right solution is simply not to have a camera. It's just a different design compromise.
The question is whether this is a firmware implementation that's just waiting for a 0-day or if the +V for the CMOS sensor is literally wired to the LED. If the latter I'd like to see a picture of it.
I was the security architect for this feature on recent Macs. The LED is wired to the camera PMIC and is powered by the voltage rail that powers the camera. The PMIC will always remain on if the system has power. Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack.
Ah, good. Is the microphone similarly protected? Sometimes I feel I must be the only person on earth who doesn't use their laptop while naked and couldn't care less if the imager was watching me. The microphone, however, could be an actual security threat. Phone calls, muttered passwords, etc.
There is a little LED that lights up when they open. The door latch is controlled via software and so is the light, though I would assume in the case of power failure they'd unlock for fire safety reasons.
I know where you were going with that, but the situation is different than what you’re trying to show. On Macs the light is on the path of the camera: if it is on the camera is, if it is not then the camera is not. Whereas with the door you might think that if it was latchless someone could just push it open when the light was off. The camera light is really a door alarm, not a door latch. (And as I just mentioned, doors with an alarm but no lock often do exist, usually for fire safety reasons).
A door without a latch does not prevent
an unauthorized person from trespassing.
A camera without a cover does not prevent
an unauthorized person from trespassing.
So you have to perpetually watch out for the LED indicator to see if it ever randomly turns on for 3 seconds? And what if it does come up unexpectedly? At this point it's too late and you've already been captured. A mechanical cover that can slide on and off the camera seems like much better security.
The point is that the hardware has been designed properly. Combined with the OS-level permissions, it should be assurance enough for the majority of use cases.
If you need further assurances, then by all means, use a physical cover.
The claim was that single-frame grab attempts are prevented by an indicator that stays on for 3 seconds. First, you do have to be alert for all of these potential 3 seconds windows, and second, it doesn't prevent anything but only tell you that it has already happened.
No, it wasn't. The claim was whether it was implemented correctly, as the entire conversation started with examples where it was not implemented correctly.
Properly designed hardware would add one small - and in every way possible, since we've already identified the circuit that drives the single power source - addition. A physical switch that prevents camera from being turned on. Same for the microphone. Unfortunately, this is never done. So people put covers on.
According to an anonymous Gruber source, Apple fixed the issue by tying the led to the Vsync on the camera board. I have not found a teardown or anything other than this confirming it https://daringfireball.net/2019/02/on_covering_webcams
Apple claims that the LED comes on when the camera is active, which it claims helps protect your privacy. That seems to be true, and certainly no-one seems to have any contradictory examples that are not 12+ years old.
I can argue that when one uses a sliding cover, one can easily forget to reset it after a video chat. The design is bad. The right solution is simply not to have a camera. It's just a different design compromise.