a torn bit of Post-It over my webcam

News flash: people on the internet are watching you fap.

Or, well, maybe not. You would never masturbate at your computer, would you? No, of course not. But is there nothing you’ve ever done in “view” of the webcam that you’d prefer to be kept private?

Do you even know if your computer has a webcam? If you never Skype, you might not have noticed it. Back in the day it was a sphere the size of a tennis ball and you couldn’t miss it, but these days, it’s just a little glass circle or rectangle on the bezel that wraps around your screen, usually top center. An awful lot of computers (desktops and laptops alike) come with them as standard equipment.

People have long known that it’s theoretically possible for malware tools to hijack their webcams and allow remote viewing of whatever the cam can see. The paranoid, or “careful” if you prefer, are old hands at sticking a bit of tape (or a torn Post-It note, or whatever) over the camera’s tiny eye. Now comes word that at least one police agency is fairly routinely targeting suspects by attacking them with malware that can turn on the camera, while leaving the indicator LED off and as dark as your shifty little soul:

The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, now on the advisory board of Subsentio, a firm that helps telecommunications carriers comply with federal wiretap statutes.

Of course, anything the FBI can do (supposedly they’re pretty selective about picking targets for their cams malware, and their process is reported to be warrant-driven) another less scrupulous attacker can also do. It’s one thing to know that an attack is technically possible, it’s another to know that it’s been developed into software that’s in routine use. That suggests a level of practicality from which we may fairly speculate that other potential attackers have developed and are using similar software. It’s not just the FBI, you can count on that. Voyeuristic hackers, rogue security agencies with a data-hoarding fetish, would-be sextortionists, anybody who thinks you have business secrets worth stealing, technically-adept stalker exes… Let’s face it, the list of potential black-hats out there is as long as your imagination wants to make it.

Of course, you’re a responsible computer user who never clicks a suspicious link and has a good security software package on your computer. So you’re safe from malware, right?

Well…

We can hope. You can hope. But we’re all human, we all make mistakes, and your antivirus software may not be perfect either. It may be less robust than you’d hope, or it may be coded badly, or it might even be designed to protect you less well than you want because surveillance agencies might have influenced the people who coded it. It’s better than nothing, but it’s far from a guarantee.

There’s really only one way to be certain your own camera is not watching you as you read this. Just put a bit of tape over that lens when you’re not using it. Some will think you paranoid, but others will understand you’re just being sure.

Once upon a time, I would have said that people who taped their webcams were either tinfoil-hatters, or they were being extremely cautious because they were facing extreme threat parameters for whatever reason. But somewhere in the last few years, the world has changed on us, and my opinion has changed along with it. I now consider it a routine computer-security best practice for every citizen. You should do it, if you haven’t already. C’mon, it only takes about ten seconds.

Done? Good. Now you know nobody is watching you (with that camera). There, isn’t that better?

Similar Sex Blogging: