Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nine_k 8 months ago

That's backwards.

The LED should be connected to camera's power, or maybe camera's "enable" signal. It should not be operable via any firmware in any way.

The led also has to be connected through a one-shot trigger (a transistor + a capacitor) so that it would light up, say, for at least 500 ms no matter how short the input pulse is. This would prevent making single shots hard to notice.

Doing that, of course, would incur a few cents more in BOM, and quite a bit more in being paranoid, well, I mean, customer-centric.

jdblair 8 months ago | parent | next [-]

or, you can have a physical switch, like the Framework. that also hits your BOM but its not complex!

alwyn 8 months ago | parent | next [-]

My previous HP Envy x360 had such a switch on the side of the laptop that would electronically disconnect the webcam; it would completely disconnect according to the system. Enabling it would show a new device being connected in `dmesg`.

Not a great laptop otherwise, but that was pretty good!

Vogtinator 8 months ago | parent [-]

My envy x360 has that button as well and it even puts a physical shutter in front of the webcam in addition to disconnecting USB.

oneshtein 8 months ago | parent | prev | next [-]

You can buy/print and stick a physical «webcam cover»[1] manually on your notebook or phone.

My current notebook, manufactured in 2023, has very thin bar on top of screen with camera, so I need a thin, U-like attachment for the switch, which is hard to find.

[1]: https://www.printables.com/model/2479-webcam-cover-slider

ddalex 8 months ago | parent | next [-]

Am I the only one that is not worried at all about the camera and super concerned about microphones ? The camera may see me staring into the screen, woo hoo. The microphones will hear everything I discuss, incl. confidential information.

There is no physical microphone cover there, is it ?

lukan 8 months ago | parent | next [-]

Sound is usually more sensitive, yes. But even if there is a physical switch on the laptop, only very exotic smartphones have them.

Also, loudspeakers can act as microphones, too.

In other words, paranoia gets exhausting in modern times.

(And my smartphone has a replacable battery for that reason to at least sometimes enjoy potentially surveillance free time)

MarcusE1W 8 months ago | parent | next [-]

My Pinephone has a switch for the microphone and also my Pinebook Pro laptop. But I also would agree that this is exotic hardware.

whatevaa 8 months ago | parent | next [-]

Well i have Pinebook Pro and it's pretty much abandonware, pine doesn't do any software and OSS lacks maintainers, nobody want's it, e-waste laptop. Take it as you will.

KetoManx64 8 months ago | parent | next [-]

Don't they warn you on the product page that you are buying hardware that is fully reliant on the community for functionality? That's the reason it's so inexpensive

megous 8 months ago | parent | prev [-]

Yeah, that's nonsense. Pinebook Pro is well supported by Linux kernel and you can thus put any aarch64 Linux distro on it. And it's been this way for the last 3-4 years at the very least.

I've been using it daily for 3 years for watching movies and main notebook while traveling.

It's not at all abandonware or e-waste.

lukan 8 months ago | parent | prev [-]

"But I also would agree that this is exotic hardware."

No shit. How is the current state btw?

I suppose still not ready to be a daily driver to replace my normal phone?

ri0t 8 months ago | parent | next [-]

> I suppose still not ready to be a daily driver to replace my normal phone?

I'd say that depends on your definition of daily driver and/or how much compromises you're willing to take. I occasionally see members at my larger hackerspace running around with those or other seemingly "unfit" hardware and not complain too much about it ;)

megous 8 months ago | parent | prev [-]

Kernel is in "maintenance and focussed on upstreaming" mode for a few years already, after getting nearly full HW support about 2-3 years ago.

As for phone feature, reliability of that depends on reliability of firmware of the modem, which was always shaky.

sharpshadow 8 months ago | parent | prev [-]

I have an old iPhone 7 which has an audio IC issue and the microphone is physically disconnected. Calls don’t work, video records without sound etc. need to connect an external microphone to have one.

Apart from the inconvenience it was somehow liberating knowing there is no microphone physically active.

jdblair 8 months ago | parent | prev | next [-]

The Framework has a physical microphone switch next to the camera switch.

klausa 8 months ago | parent | prev | next [-]

Modern (2019-ish? forwards?) MacBooks have physical disconnect for microphones when the lid is shut.

jack_arleth 8 months ago | parent [-]

Framework laptops have the same solution.

dghughes 8 months ago | parent | prev | next [-]

And the true or not Google or other apps listening then you see ads based on that conversation. I think it's true since far too many times obscure things I've spoken about appear in ads soon after the conversation. So yes I'd say a mic blocking feature you can confirm is working, blocking, is needed.

karolist 8 months ago | parent | next [-]

Recommendation engines work on vast amounts of data they have on you and whatever made you speak about thing X was likely preceded by your internet activity which is not very unique as a precursor to speaking about X. In other words, if other people do Y on the internet and then end up doing stuff related to X, the recommendation engine will show you X just because you also did Y.

The other explanation is one of your contacts who were part of the conversation did things that either directly related to thing X, which you spoke about, or something the algorithm see other people do that relates to X, and you got shown ads based on your affiliation to this person.

I've also worked at FAANG and never seen proof to such claims anywhere in the code, and with the amount of people working there who care about these issues deeply I'd expect this to leak by now, if this happens but is siloed...

ch4s3 8 months ago | parent | prev | next [-]

> I think it's true since far too many times obscure things I've spoken about appear in ads soon after the conversation

People have been making claims like this since at least the early 90s, about TV then, and no one ever credibly claims to have worked on something like this. I've worked with purchased ad data and I've never seen this data or anything that implies that it exists. It seems far more likely that its a trick of memory. You ignore most ads you see, but you remember ones that relate to odd topics that interest you.

wsintra2022 8 months ago | parent | next [-]

I agree with this sentiment, people talk about x product then realise they are seeing ads for x product. Most likely the ads were there first and the people only start talking about it cause the ads have been working.

ch4s3 8 months ago | parent [-]

That’s pretty much it. You see an obscure ad without realizing it and have a related conversation later. Then when you see the ad again and make note of it, it feels strange.

megous 8 months ago | parent | prev [-]

Yeah, we're well past a point where "phones" have NPUs powerful enough to locally process "sensor" input and produce decontextualized probabilties of potential interests.

It's going to happen sooner or later and people will accept it, just like they accepted training of AI models on copyrighted works without permission, or SaaS, or AWS/PaaS, or sending all their photos to Apple/Google (for "backup").

ch4s3 8 months ago | parent [-]

I really question the commercial value of that kind of data. Credit card data has a lot more to do with intent to make future purchases than any keyword you might spit out verbally or in a search engine.

gravitronic 8 months ago | parent | prev | next [-]

Reminds me of the chrome bug I filed years ago that is still unfixed. An extension with access to all browsing tabs can open a hidden iframe to a website that commonly would have mic and camera permission (like hangouts.google.com), and then inject its own JavaScript into that hidden iframe to capture mic or camera.

For this to work hangouts.google.com had to not include the HTTP header to block iframing but thankfully if you make up a URL the 404 page served on that domain does not include that http header.

Qem 8 months ago | parent | prev [-]

Just a personal anecdote: I don't have a dog, but my grandma has two. Once, while visiting her, the dogs were barking a lot. Almost immediately I started receiving ads for dog food in my cellphone.

sandywaffles 8 months ago | parent [-]

It is more likely your GPS placed you in the vicinity (regularly?) with another AD ID that regularly searches for, purchases, or visits dog centric locations. It's also entirely possible that the other AD ID's (your grandma) dog food schedule is predictable and you happen to be visiting within a time frame of dog food purchases.

Qem 8 months ago | parent [-]

My grandma never owned a cellphone, only an old landline. And she buys dogfood in the neighborhood mom & pop store.

xvector 8 months ago | parent [-]

Well, we know for a fact it wasn't your mic being recorded. Maybe you walked by WiFi networks where people purchase dog food.

chipsrafferty 7 months ago | parent [-]

Or maybe the mic IS being recorded. We don't know it for a fact until all phone software is open sourced.

michaelt 8 months ago | parent | prev | next [-]

The camera privacy issue arises because teenagers and college kids often have their computer in their bedroom.

So a webcam hack that lets them watch my 16 year old daughter study would also let them watch her sleeping, getting dressed, and making out with her boyfriend.

pmontra 8 months ago | parent [-]

It's not only a teenager or college kid issue. I've seen adults with a computer in their bedroom because it's a kind of private space where they don't expect anybody to inadvertently bump into it.

My laptop is in my bedroom in winter, right now, because it's one of the smallest rooms and I can heat it easily. I use it in other parts of the house in the other seasons. I do have a sliding cover on the camera. I bought it years ago. The main issue is the microphone.

shermantanktop 8 months ago | parent | prev | next [-]

When I have to do faux-2FA auth using numeric codes sent by text or email, I sometimes catch myself quietly saying the numbers. A microphone would by quite handy for an attacker, even if they couldn’t see all my network traffic.

camgunz 8 months ago | parent | prev | next [-]

A picture of you with the subject "I know what you were looking at when I took this picture of you" is pretty good blackmail--I think there's an active campaign doing this even.

ddalex 8 months ago | parent | next [-]

This would've been blackmail 20 years ago.... nowadays it's just "of course you know, I shared my OF likes publicly", will not even raise an eyebrow; or perhaps I'm living in too bohemian society circles

throw16180339 8 months ago | parent | prev | next [-]

I received a phishing email from this campaign or a similar one several months ago. The email opened with my name and contained a Google Maps photo of a house where I'd lived 8 years before. The author claimed to have hacked my laptop and captured videos of me doing embarrassing things. They would release the videos unless I paid them $1000 in Bitcoin. I searched and it's an extremely common scam, but I did panic for a few minutes.

jeltz 8 months ago | parent | prev [-]

Excellent blackmail against teenagers. Pointless against me as an adult.

spacemanspiff01 8 months ago | parent | prev | next [-]

I honestly like the physical switch on the framework, which disconnects the microphone/webcam fully.

djtango 8 months ago | parent | prev | next [-]

Yes I really wish we could have a physical switch for device mic

ykonstant 8 months ago | parent | prev | next [-]

As someone who often speaks gibberish to myself due to ptsd, if someone recorded me in my room they could convince anyone I am utterly insane, beyond any hope. It is a great way to blackmail people with coprolalia or other verbal tics.

And yeah, if they had access to my webcam, they would just see a guy staring into the screen or walking back and forth in the room.

chmod775 8 months ago | parent [-]

Eh, random utterances are more common than you think. Especially amongst older people. Most will know at least a couple family members who tend to mutter random things to themselves.

Nobody who is themselves sane is going to judge another for random crap they say when they think themselves alone.

ashoeafoot 8 months ago | parent | prev | next [-]

Your speakers are a microphone ..

benj111 8 months ago | parent | next [-]

I seem to recall reading somewhere that 'everything' is a thermometer, on the basis that many things behave differently at different temperatures.

You can also use an LED as a light sensor.

and I also came across a YT vid of a console that used a piezo electric speaker for motion sensing.

I wonder if you could use a track pad to pick up sound.

Sporktacular 8 months ago | parent | prev [-]

Yeah, but they aren't an input device with an amp wired in the right direction and an A/D converter to read it out.

dfox 8 months ago | parent [-]

If there is a discrete PA in the speaker path, then not. But I would not be that surprised if there is a single chip codec + PA combination that can conect an internal ADC to pins that are primarily meant as PA outputs of the integrated PA.

_joel 8 months ago | parent | prev | next [-]

Disable it all in the BIOS?

pmoriarty 8 months ago | parent | prev [-]

"Am I the only one that is not worried at all about the camera and super concerned about microphones ? The camera may see me staring into the screen, woo hoo. The microphones will hear everything I discuss, incl. confidential information."

All phones are suspect. We should go back to only carrying pagers.

volkl48 8 months ago | parent | prev | next [-]

Just to note: Apple will refuse to cover any screen damage under warranty if one of these sorts of things was in use.

I would not be surprised if the same is true for some other manufacturers, too, but I can only speak definitely to Mac.

The issue is that lids close too closely + tightly now, and so anything more than a piece of tape winds up focusing all the pressure applied to the closed lid on that one spot in the glass, since the cover winds up holding the display slightly off the base of the laptop when in the closed position.

micahdeath 8 months ago | parent [-]

i use a piece of tin foil - tiny peanut butter cup wrappy - stays in place lovely

moregrist 8 months ago | parent | prev | next [-]

I find that the sticky part of a post-it works very well for this. Sometimes you have to clean the adhesive part off with 70% IPA, but not too often.

Not as pretty as a custom cover but cost-effective and can generally be done in under a minute with common office supplies (post-it + scissors) which has its own advantages.

7 months ago | parent | prev | next [-]
[deleted]
codedokode 8 months ago | parent | prev [-]

My laptop has built-in physical camera cover, and it doesn't cost even as much as a half MacBook.

SiVal 8 months ago | parent | prev | next [-]

Would a bit of Post-It Note (for minimal adhesion) damage the screen coating if left on most of the time? Would even that much thickness stress the screen when opened and closed thousands of times? Is there a better (self-service) material?

moregrist 8 months ago | parent | next [-]

I’ve used one for years on various MacBooks and it’s very effective. The paper is very thin so it causes no real mechanical stress and also opaque, so all the camera sees is a field the color of that paper.

There’s been no damage to the screen from the adhesive although occasionally I’ve had to clean the residual adhesive with 70% IPA, but nothing worse than the typical grime that most laptop monitors pick up.

pcblues 8 months ago | parent | prev | next [-]

Plastic slide covers that stick on are pretty cheap if your laptop doesn't already have one. I also think that the open microphone issue is a greater problem, especially with the current ability of speech-to-text, but what you utter may not be as important as being seen "doing a Toobin" during an online meeting. YMMV :) (I won't expand that acronym!)

cuu508 8 months ago | parent | prev [-]

> Would a bit of Post-It Note (for minimal adhesion) damage the screen coating if left on most of the time?

Possible, I have one IPS monitor with a spot on screen where the color is pale. I had a post-it note there and I guess something bad happened when I tore it off.

grvbck 8 months ago | parent [-]

I used electrical pvc tape for many years on my macbooks, no damage but I got tired of them leaving glue residue. Switched to post-its about 10 years ago, works perfectly.

I've never tried them on a matte or coated screen though.

ARandomerDude 8 months ago | parent [-]

I use painter’s tape for a similar effect.

goodpoint 8 months ago | parent | prev | next [-]

This is the right solution. And a hardware switch cost is completely negligible in a $1000 laptop.

xandrius 8 months ago | parent [-]

But the margins?

GTP 8 months ago | parent [-]

Customers wouldn't care to pay a dollar more on a thousand plus device. This would likely increase the margin instead of shrinking it.

8 months ago | parent | prev [-]
[deleted]
throw646577 8 months ago | parent | prev | next [-]

> The LED should be connected to camera's power, or maybe camera's "enable" signal.

Wiring it in like this is suboptimal because this way you might never see the LED light up if a still photo is surreptitiously captured. This has been a problem before: illicit captures that happen so quickly the LED never has time to warm up.

Controlling the LED programmatically from isolated hardware like this is better, because then you can light up the LED for long enough to make it clear to the user something actually happened. Which is what Apple does -- three seconds.

nine_k 8 months ago | parent | next [-]

Pray read the third paragraph of my reply :) It specifically mentions a way to make the LED be lit for long enough.

throw646577 8 months ago | parent [-]

Which is not an adjustable method -- without changing the hardware design later in production to just tweak a delay -- and surely causes the LED to slowly fade out?

GTP 8 months ago | parent | next [-]

Would it be so important to be able to tweak the duration later? And why would it be a problem to have the LED fade out?

neop1x 8 months ago | parent | prev [-]

If fade out is such a big problem (which it isn't IMO) there are cheap regulator ICs which can provide constant current.

rightbyte 8 months ago | parent | prev | next [-]

You can design a simple circuit such that both long and short pulses light up the led for atleast 500ms. There is no tradeoff needed to be made at all.

atoav 8 months ago | parent | prev | next [-]

The mentioned one shot circuit does precisely that, in hardware for less cost and 100% non-overridable.

The only time that isolated hardware approach is benefitial in terms of costs would be when you already have to have that microcontroller there for different reasons and the cost difference we are talking about is in the order of a few cents max.

throw646577 8 months ago | parent [-]

Well there is a microcontroller there, isn't there? For the camera.

atoav 8 months ago | parent [-]

But is it isolated? If you can update its Firmware from the computer it isn't.

kirkules 8 months ago | parent | prev [-]

I mean can't you just have the input signal to the light be a disjunction of signals? So it's on if the camera is on OR if some programmatic signal says turn it on?

I don't see why they should be mutually exclusive

beAbU 8 months ago | parent | prev | next [-]

Yet some laptops (Thinkpads ironically) come with a built in camera shutter that's entirely mechanical.

codedokode 8 months ago | parent [-]

And they often cost less than a MacBook for which you need to buy an external shutter.

kazinator 8 months ago | parent | prev | next [-]

Even if the LED were controlled by hardware, merely that you can reprogram the camera firmware on this Thinkpad is troubling. Malicious things can be done without the ability to turn off the LED during recording. Like capture images during legitimate recording, or start recording with the LED on banking on the user not noticing.

Firmware programming should require physical access, like temporarily installing a jumper, or pushing some button on the circuit board or something.

(I don't want to suggest signed images, because that's yet another face of the devil).

Thorrez 8 months ago | parent | prev | next [-]

From this comment: https://news.ycombinator.com/item?id=42260379

it sounds like Apple is doing something similar to what you suggest.

tehwebguy 8 months ago | parent | prev | next [-]

If the LED fails the camera should be inoperable too as a security feature

ComputerGuru 8 months ago | parent | prev [-]

Cameras are now always on, to reduce the latency to taking a picture or scrubbing video feed. You’d need to wire the led to something tied to the data lines, perhaps.

vanilla_nut 8 months ago | parent | next [-]

Source? This seems extremely unlikely to me, running a camera all the time consumes a fair bit of energy and they don't take long to turn on. Unless that's because they're always on?

Regardless, that's a pretty strong claim. I'd love to learn more if you have a link that can back you up!

ewoodrich 8 months ago | parent | prev | next [-]

My M1 Macbook has some pretty extreme latency going from opening Photobooth black screen -> displayed image. Roughly five seconds to useable image.

  :00 Photobooth window open 
  :03 Camera LED lights up 
  :05 First image displayed
saagarjha 7 months ago | parent | prev | next [-]

That's generally not the case. Keeping the camera on requires power and processing its video stream is resource-intensive.

gtirloni 8 months ago | parent | prev [-]

Any links you could share abouy someone confirming this?