Cross-posted to: https://sh.itjust.works/post/15859195
From other conversations that I’ve read through, people usually say “Yes, because it’s easy on Windows”, or “Yes, because they simply don’t trust the webcam”. But neither of these arguments are enough for me. The former I feel is irrelevent when one is talking about Linux, and the latter is just doing something for the sake of doing it which is not exactly a rational argument.
Specifically for Linux (although, I suppose this partially also depends on the distro, and, of course, vulnerabilites in whatever software that you might be using), how vulnerable is the device to having its webcam exploited? If you trust the software that you have running on your computer, and you utilize firewalls (application layer, network layer, etc.), you should be resistant to such types of exploits, no? A parallel question would also be: How vulnerable is a Linux device if you don’t take extra precautions like firewalls.
If this is the case, what makes Windows so much more vulnerable?
Removed by mod
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=OhHnBYZINzc&t=15
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
I dont think the covering of webcams with tape on windows is necessarily about a malware or an exploit watching you, but more about windows itself monitoring and selling off everything you do.
One of the key tenets of keeping something computerised secure is ‘Defence in Depth’ - i.e. having multiple layers of defence, so that even if one layer is breached, the next layer (which you thought was redundant and unnecessary) prevents the attack.
Running a fully patched kernel and services / applications should protect you unless someone has a 0-day (i.e. not disclosed) exploit. Reducing the surface area by minimising what services / applications are running, using software (firejail etc…) and firewalls to limit permissions of applications / services to what is needed, etc… serves as another layer of defence. Disconnecting or physically blocking peripherals that might allow for spying is another layer; it serves its purpose if all the other layers are breached.
All software has bugs, including Linux. Some bugs can lead to security escalation. Those bugs are called vulnerabilities. Like bugs, all software has vulnerabilities - including Linux.
Your webcam can be accessed by hackers on Linux, on Windows, on MacOS, on BSD, it doesn’t matter.
If they have that level of access you are in trouble
I do, for three reasons:
- Hackers. It’s unlikely that anyone would hack my webcam, but there’s always a chance. Maybe I’m paranoid, idk.
- Hardware exploits. Three of my laptops are too old for me to update the firmware with
fwupd, so I cover the webcams in case there’s some critical hardware-level vulnerability which could be exploited; or in case one of the three-letter agencies are in there. - Consequences. Despite the incredibly low chances of anything happening whatsoever, the possible consequences are too bad for me to want to risk it.
I’m paranoid, aren’t I…
Security is always applied in layers. If you aren’t inconvenienced by it, it’s a really solid layer to use. Doesn’t matter how ‘paranoid’ you are, it’s a good strategy.
And for me: 4. It makes it a lot harder to accidently turn my camera on in meetings (a different form of privacy)
Also, it’s incredibly low effort to cover it. There’s no subscription plan for covering a webcam.
I wouldn’t put it past Microsoft trying to spy on you, just changing some line in that 11 pages thing you click “OK” to because you don’t have an alternative.
The Windows threat comes from other places
That wouldn’t hold up in court, not even in the fucked up pro corp system the US has.
Besides, they don’t need to take any photos, they already know pretty much all your habits and interests without taking a major risk.
The device is vulnerable. The webcam is one way that gets exploited.
If it makes you feel safer, cover the camera when you’re not using it. I can’t comprehend why a person wouldn’t cover it up when it’s not in use. It takes one second.
Stay patched up.
It’s really cool how a lot of Laptops nowadays (including mine) have a feature built-in that covers and disables the webcam with a button press. I can have it disabled most of the time and when I need it, I just press the button to enable it.
If this is the case, what makes Windows so much more vulnerable?
What the hell. They are same vulnerable.
Is it unnecessary to cover one’s webcam on Linux?
No. Please cover your webcam.
how vulnerable is the device to having its webcam exploited?
Every bit as much as Windows minus their proprietary spyware.
How vulnerable is a Linux device if you don’t take extra precautions like firewalls.
Depends on what links you like to click.
what makes Windows so much more vulnerable?
Fewer eyes on the source code. Effort to reward ratio, the 80-20 rule. 20% of the effort nets your 80% of the reward. Literally. Develop exploits for one platform, target 80% of average computer users. Or write exploits for hundreds of different distros for *checks notes* … 4%. Unless you like servers. There there’s a coin toss. 50% linux, 50% Windows.
Keep yourself safe, there’s malware for Gnu-Linux too. Install your patches when you can. Remove software you don’t use. Practice good cyber hygiene.
This question really begs the point that cam and mic need kill switches that physically disconnect these things with a simple switch.
One of you go make a wall mounted light switch thing with a red LED for Workstations and sell it – I could see this becoming standard.
Laptop world is going to take more inroads from slacker hackers scratching their own itch.
If I’m not using my cam, it’s not plugged in. If I am not chatting, my headset’s physical button has the mic deactivated. That’s two potential vulnerabilities I just don’t have to think about.
Honestly, I don’t think anyone can actually say 100% for sure that your webcam can’t be accessed. We don’t know what we don’t know—new exploits are discovered every day—thus it’s worth the extra 2 seconds to cover and uncover it.
No. It’s necessary
Especially if you own a smartphone. You’re carrying 4x+ cameras and a wiretap with you at all times.
I thought about this one day when I was in the bathroom and used autorotate with face detection. I practically had the camera facing towards my crotch while it was on.
There’s this youtuber that goes around and films people in public, its funny because people get mad but most people in cities are already being filmed hundreds of times a day.
The message is the same, if you are worried about X vector you should really think about YZ first for it to make sense.
Face ID is one of the sillyness things in my option
Yeah, when my new iPad broke and I had to go back to my old iPad. I forgot how much more convenient the fingerprint reader was compared to face I’d.
On the iPad at least if you had it standing up on its own or flat on a table it was no bueno for face I’d. You know, like showing recipes or a big e-reader while learning to code from an e-book. I miss that big screen, it was like carrying a nice netbook screen with me everywhere.
TL,DR: no
ITT: Yes.
It’s a hardware issue not a software issue. If your laptop can run its webcam and not have the light turn on then it’s bad hardware. Software might get around one exploit, but that doesn’t fix what’s a hardware issue.
