[ale] webcam privacy concerns / flash settings
Michael Trausch
mike at trausch.us
Wed Oct 5 11:30:57 EDT 2011
LOL.
That was a good episode.
Y'know, Linux should be running personal flying cars these days... where's
my Penguin Powered Personal Flying Car?!
On Oct 5, 2011 7:00 AM, "John Pilman" <jcpilman at gmail.com> wrote:
> I always liked the approach taken by Balok in Star Trek. But then, he
> was defeated by the Corbomite Maneuver.
>
> Actually, thanks for the post, My laptop has a camera that I don't
> use, but I don't know if anyone else is using it.
> ...John
>
> On Wed, Oct 5, 2011 at 1:29 AM, Ron Frazier
> <atllinuxenthinfo at c3energy.com> wrote:
>> Hi Guys,
>>
>> I'm going to post some experiences I've been having with Windows
>> regarding webcam privacy. I'm posting it here for two reasons. 1) Some
>> of you dual boot like I do or have exposure to Windows either by
>> necessity or choice for whatever reason, and 2) some of it could apply
>> to Linux. I'm posting it just in case someone reading it may avoid some
>> of the hell I've been going through. If anyone wants to, they can
>> address how to deal with similar issues in Linux.
>>
>> Webcam privacy
>>
>> As many of you know, many new notebook computers come with a built in
>> webcam and a microphone. This is handy if you're doing video
>> conferencing, but can also be a dangerous way to invade your privacy.
>> There have been occurrences of viruses which secretly turn on the web
>> cam and mic and send a record of whatever you're doing to the cracker.
>> I believe there have also been occurrences of websites which do the same
>> thing with java and / or flash. Most people, including myself, don't
>> want total strangers spying on them while they use their computers.
>> There was also a lawsuit where technicians of a school system had
>> installed spy software on the schools pc's prior to giving them to the
>> students. It was an official action, presumably to help find the
>> laptops if they were stolen. However, the staff was using it to spy on
>> the students without authorization while the students were in their own
>> homes.
>>
>> So I decided to A) find out if the camera and mic were active, and B)
>> disable them. Note that these components cannot be physically removed
>> or disconnected easily. I first had to see if my notebook even has a
>> mic. After 20 minutes studying the manual, and trying to figure out
>> which parts of it applied, I determined that my machine has both a
>> webcam (which was obvious) and a mic (which was not obvious). Finally,
>> I found a tiny pinhole in the front bezel, which is the mic. They may
>> not always be visible though. To see if the mic was working, I loaded
>> up Windows sound recorder. Even before starting a capture, I could see
>> the volume graph fluctuating as I made some noise around the machine.
>> So, I've got a hot mic. Then, to check the camera, I loaded up the
>> camera utility that came with the machine. Sure enough, my mugshot pops
>> up on the screen. The colors were all wrong, but that's another matter.
>>
>> At that point, I decided I wanted to permanently (unless I reinstall
>> something) disable these things. If I want a mic, I'll plug in a
>> headset; and if I want a camera, I'll plug one in. I went to the
>> Windows device manager and looked for the mic. Couldn't find it. I
>> then opened the sound control panel and went to the recording tab.
>> There I found the mic device and told the system to delete it. I don't
>> remember the exact command. I then rebooted and restarted the sound
>> recorder. It immediately gives an error message that there is no
>> recording device found, which is just what I wanted. So far, so good.
>>
>> I went back to the device manager and found a USB Webcam. I selected
>> the device and told Windows to disable the driver. I then rebooted and
>> started the camera app again. BOOM. There I am on the screen again.
>> Darn it. I went back to device manager and told the system to DELETE
>> the driver. Rebooted. Started the camera app. BOOM. There I am
>> again! My image is now upside down, and the colors are wrong still, but
>> it's there! The point being, you can't turn off the stinking camera.
>> Nothing I could do from a software point of view would stop the camera
>> from working. Being the clever engineer that I am, I headed to the
>> pantry and pulled out a roll of Gorilla Tape. It's thick, strong, and
>> black. I sliced off a 1/2" x 1" piece of tape and affixed it right over
>> the top of the camera lens. I made sure that I positioned it in such a
>> way that I could still see the LED light which is supposed to come on if
>> the camera is active. Now, I can activate the camera app and see
>> nothing at all, even though the camera is on, which is just what I
>> want. Even if I shine a flashlight on it, all I see is a dim blob of
>> light, so the tape is working nicely. And that is how you can control a
>> very high tech device with a very low tech device. Note that covering
>> up the mic with tape won't really stop it's function though.
>>
>> Now you may or may not want to tape your camera. So, assuming you don't
>> have a virus or secret spyware on your system, here's how to stop flash
>> from accessing your camera and mic without your permission. I use both
>> the tape as well as these settings. I don't know for sure if Java can
>> access the camera and mic. But, if it can, the only way I know to stop
>> it is to uninstall Java. I'll probably uninstall Java on my sister's
>> machine and Dad's machine to reduce the other security concerns
>> associated with it. I don't think they need it anyway.
>>
>> Some of you might say, don't use flash, but for my purposes, I don't
>> find that practical. I have flash on both Windows and Linux. If you're
>> running flash on Linux, this applies to you.
>>
>> Flash settings are controlled through an online app on the Adobe /
>> Macromedia website. Assuming you have flash installed, go to the site
>> below to access the Flash settings manager. If using something like
>> Noscript in Firefox, you'll have to trust adobe.com and macromedia.com.
>> Here's are the addresses:
>>
>> You can check the version of flash on your system here:
>> http://www.adobe.com/software/flash/about/
>> They've been ramping the versions quite often lately. As of this
>> moment, the current one is 11.0.1.152.
>>
>> Here is the settings manager.
>>
>>
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
>>
>> Note, you can right click a flash object in Windows IE and click
>> settings and a settings widget will pop up, however, you don't get all
>> the settings. I would use the website. I'm only going to mention the
>> mic and camera settings here, but I would recommend checking all the
>> flash settings here to make sure your're not allowing flash cookies, old
>> security, flash storage, and flash peer to peer networking, if you wish
>> to really keep your shields high, as I do. I can elaborate on those
>> procedures if desired. Note that if you delete flash, these settings
>> may be erased. If you update flash, they SHOULD stay there, but I check
>> them whenever I do an update.
>>
>> Once you load the settings page, you will see some links at the left.
>>
>> Click Global Privacy Settings Panel.
>>
>> There are two buttons. One says Always Deny - which automatically
>> rejects any request from a flash app to access your camera and mic.
>> This is the one I choose. The other says Always Ask - which,
>> presumably, will ask you every time a flash app wants access to your
>> camera and mic.
>>
>> There is a bug in the settings manager, whereby it sometimes doesn't
>> accept the settings. This screen has no status indicator to show how
>> it's set, so I do the following to make sure it's set.
>>
>> Click Always Deny and then confirm the action. Do this 3 times. Click
>> Global Privacy Settings Panel again.
>> Click Always Deny and then confirm the action. Do this 3 times. Click
>> Global Privacy Settings Panel again. (Yes I meant to write that twice.)
>>
>> Now click Website Privacy Settings Panel.
>>
>> This is where you can override the default settings. You should see a
>> list of sites you've visited which activated flash. The list may be
>> quite long. If you want all sites to follow your new policy, click
>> Delete All Sites to remove everything from the list. All future sites
>> you visit will, by default, use the settings you set in the prior step.
>> Let's say that now I go to skype.com, and I DO want to allow access to
>> the camera and mic. After loading skype.com in the web browser, open a
>> new tab and go back to the settings manager and click on the Website
>> Privacy Settings Panel. You should now see skype.com in the list. It
>> will have a symbol by it which indicates the settings for that site. If
>> you clicked Always Deny in the prior step, as I did, there should be a
>> red circle with a white horizontal line through it. This means that
>> skype.com will always be denied access to the camera and mic and it
>> won't ask you. Every new site that activates flash will get an entry in
>> this box with the same symbol.
>>
>> To allow skype.com to access the camera, click on its name in this box.
>> Once you click the site name, some radio buttons above will light up.
>> There, you can select Always Deny, Always Allow, or Always Ask
>> permissions for THIS site only to access your camera and mic. In this
>> case, you could click Always Ask or Always Allow. Note that you cannot
>> set Always Allow from the Global settings screen. This setting should
>> take effect immediately. But, you can click on the Website Privacy
>> Settings Panel link again to refresh the page and see if it saved the
>> settings.
>>
>> Using these settings, you can tightly control access to the camera and
>> mic for non malicious websites. A malicious site may be able to bypass
>> these features. A virus or spyware won't be using flash probably but
>> will be talking to your hardware directly - hence the Gorilla Tape and
>> deleted mic driver in my case.
>>
>> Later I'm going to share 2 days worth of application install hell
>> experiences caused by DEP (Data Execution Protection). Too tired of
>> typing now. This other topic applies to Windows, Linux, and Mac.
>>
>> From Wikipedia:
>>
>> http://en.wikipedia.org/wiki/Data_Execution_Prevention
>>
>> Data Execution Prevention (DEP) is a security feature included in modern
>> operating systems. It is known to be available in Linux, Mac OS X, and
>> Microsoft Windows operating systems and is intended to prevent an
>> application or service from executing code from a non-executable memory
>> region. This helps prevent certain exploits that store code via a buffer
>> overflow, for example.[1] DEP runs in two modes: hardware-enforced DEP
>> for CPUs that can mark memory pages as nonexecutable, and
>> software-enforced DEP with a limited prevention for CPUs that do not
>> have hardware support. Software-enforced DEP does not protect from
>> execution of code in data pages, but instead from another type of attack
>> (SEH overwrite).
>>
>> DEP was introduced on Linux in 2000, on Windows in 2004 with Windows XP
>> Service Pack 2,[2] while Apple introduced DEP in 2006.[1]
>>
>> More later.
>>
>> Sincerely,
>>
>> Ron
>>
>> --
>>
>> (PS - If you email me and don't get a quick response, you might want to
>> call on the phone. I get about 300 emails per day from alternate energy
>> mailing lists and such. I don't always see new messages very quickly.)
>>
>> Ron Frazier
>>
>> 770-205-9422 (O) Leave a message.
>> linuxdude AT c3energy.com
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111005/82e565ff/attachment-0001.html
More information about the Ale
mailing list