I don't think they are saying that a vulnerability currently exists. I think they are saying that people don't trust these lights because they have a bad track record. It could be that the current implementation is better, but how is an end user supposed to know it's better?

It's kind of a matter of fool me once, shame on you, fool me twice, shame on me.

> that people don't trust these lights because they have a bad track record.

No tech people who think about and obsess about this type of 'risk' don't trust the lights. Most Apple customers vast majority don't think and don't care.

I would wager money that precisely zero of the "tech people who think about and obsess about this type of 'risk'" have had their privacy compromised as a result of an Apple laptop misrepresenting the on/off state of the camera.

It's been twelve years since a vulnerability in this was reported, and by all reports the LED power state is now implemented in hardware. It's long since time to obsess over other sources of risk, instead of the dead ghosts of previous ones.

An opaque piece of tape used to disable a camera is one of few components a user can completely understand. Apple is probably correct to tell users to rely on Apple's security features, but those features are way more complicated than a piece of tape.

The fact that they worked at all is an indication that something similar may work in the future. It's not like apple has never had a regression in software.

Gruber has an article about this; he mentions someone who is a former Apple engineer saying it's now implemented entirely in hardware.

https://daringfireball.net/2019/02/on_covering_webcams

Risk to the average apple customer is? Do you think that most people need to worry about this? Point Apple is making is it's not needed for the vast majority of their users and if you feel better use a piece of paper.

So let's stipulate it can happen (because well it can happen). That would take both someone being targeted en masse (prior to apple having a fix in place) and it making a difference to the person or people it happened to. Is that really a big enough risk to spend time worrying about?

Not to presume what the OP was meaning, but I'm guessing they were pointing to these cases as a "it has been vulnerable before, it may be vulnerable again. But a cover is not exploitable in this way" rather than "these exploits work".

Do you expect him to post links to zero day exploits? If it's actively targeted and done so consistently and sequentially, it is reasonable to expect that it _could_ be happening now.

Which ones do?

Which bugs, loopholes, backdoors, etc allow the camera to get through my cover (I upgraded to sliding plastic from electrical tape at the start of lockdown and there was a need for an actual camera)