the fallacy of … tape.

A discussion has emerged in various corners of the Internets regarding a recent photo from Mark Zuckerberg in which someone spotted he (apparently) covers the camera of his laptop, and possibly the mic as well, with tape. (As far as I know, this hasn’t been confirmed, so I’d argue we can’t really know for sure the purpose of that tape).

Perhaps we can start by saying that if your “solution” to a problem is basically something that Homer Simpson has already done (see video above), you’re probably not on the right track.

Regardless, this led to articles like “Mark Zuckerberg Covers His Laptop Camera. You Should Consider It, Too.”

John Gruber points out:

I think this is nonsense. Malware that can surreptitiously engage your camera can do all sort of other nefarious things. If you can’t trust your camera, you can’t trust your keyboard either.

I’d go further and say that it is worse than nonsense: it is dangerous nonsense — because it creates a false sense of security.

The problem it “solves” is hilariously low in importance down the list of problems you’d have if malware had taken over your camera without you noticing. 

Because, yes, with the exception of (very rare) highly specialized attack vectors involving specific hardware elements, someone taking over the camera and bypassing low-level mechanisms that control it and the light pretty much guarantees they have full control of your system, including your keyboard, which by the way means they have all of your logins and passwords to all services, local and remote.

“Well, it doesn’t hurt, does it?” someone might say, but I’d argue that it does. It does hurt that this sort of nonsense can be propagated. It’s a bad meme. We should be talking about real security measures, improving software, whatever… except this.

It doesn’t solve the real problem (again, because the real problem will usually be “someone has total control of your computer”) but it doesn’t solve the “problem” it’s trying to solve. Because: how many HD cameras do you think are in a 15-foot radius of that laptop camera? I’d bet a couple of dozen, easily (at various angles, no doubt). Does anyone realistically think that malware that has taken silent, undetected control of a networked system running UNIX is just sitting there twiddling its thumbs and uploading JPEGs to a server somewhere? It’s like some type of bug infestations: if you find them anywhere, chances are they’re already everywhere. 

This is the reality of the world today. Taping over a camera is as much a solution as sticking your head in the sand. Which is to say: none at all.