I would much prefer a simple, hardware (slider) actual "off" button with or without an integrated shutter for the webcam and mic. Since laptops address webcams over USB anyway, that shouldn't be an issue software-wise. Why isn't that on offer?
Physically disconnecting USB is not as simple as one expects it to be. Designing a physical disconnect switch that operates without software isn't in the works for USB, outside of power delivery.
I hear what you're saying and agree that hardware disconnect switches would be ideal, but it's not going to happen, unfortunately. At least while we're still using USB.
Nonsense. You don't have to disconnect the USB. Just stop sending power to the actual camera and mic themselves. The control chips can retain power and USB without a signal from either. How is that technically difficult? It's not.
I reiterate my point. You can't disconnect power to a USB device and keep the data pins. The device physically doesn't operate like that and the spec does not permit it.
Don't claim "nonsense" when you are unclear on how USB devices operate.
I remember when Fujitsu made privacy the forefront of their last ditch effort to remain relevant in laptops. It was a total failure. The added costs, weight and battery usage were no match of sitting with your back against the wall.
It is ironic that Lenovo is prominently featured in a laptop privacy article when they were the first caught installing Superfish malware on laptops which allowed them to impersonate Citibank, Google, Facebook, and to spy on their own customers private communications. Their CEO later stated that he didn't see how this was a big deal.
Not long after, Dell did even worse, installing a root certificate on laptops that all had the same certificate authority, so anyone could create a website or application that the laptop's browser would report as "Safe".
Hopefully both companies fired the dangerously inept employees who made those decisions and have hired at least one tech person that knows the introductory basics of security.
If it's Windows 11 Secure Boot there's no privacy, Windows 10 itself harvests a lot of data one needs to remove the garbage from the iso itself using DISM or use an Enterprise IoT with garbage removed. Plus if it has UWP apps and Store, there's no privacy, Windows 11 home mandates to have Account. On top if these are using Ryzen 6000 Rembrandt then it's game over. Pluton processor is cloud connected technology blackbox. It uses Windows Update catalog to update itself as well.
At this point people are buying glass for their homes. This whole thing is a facade and just PR BS.
Eh, the OS is spyware and has been for a long time. Not having a physically present microphone, camera, or biometric analysis component like a fingerprint reader on a laptop might be helpful, but until Microsoft, Facebook (or whatever they call themselves), Google, Valve, Twitter, etc no longer have an incentive to collect and mine data in order to generate income (never gonna happen) then you can enjoy your non-private computing experiences and like it.
Skimming a profit off of the fact that these machines and the network they connect to, are the antithesis of privacy — by design.
The selling of sunglasses to poultry so the foxes in their houses won’t bother them so much, until they do.
When CPUs no longer have black box CPUs in them, support chips don’t contain spyware, operating systems don’t contain closed (secret) code, networks and the software atop them don’t contain closed code and are required to be designed to have military-grade security, and yada yada yada get back to me.
It's a much more reasonable threat model. Providing laptops which a law firm's IT department will be happy to allow partners to use for billable hours of client work on a train or a plane is going to let you make a few sales you wouldn't make otherwise; being overlooked on the train is much more likely than being the target of an APT. Of course, making phone calls on the train is an even more obvious source of client data leakage.
Interesting article Brett, but would be interested in hearing AT’s balanced take on Pluton and the privacy concerns it raises. The bolder claims being made about it in comments here and elsewhere suggest things like webcam shutters would be a metaphorical bandaid on a gunshot wound.
It mostly is just tpm on die, so doesn't give MS more power than it had, besides the ability to update the tpm firmware (which should provide better security ofc). The tpm update bits can and will be analyzed ofc, so I'd say it's unlikely that of all the ways MS could access your secrets, this is the route they choose.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
24 Comments
Back to Article
eastcoast_pete - Monday, January 10, 2022 - link
I would much prefer a simple, hardware (slider) actual "off" button with or without an integrated shutter for the webcam and mic. Since laptops address webcams over USB anyway, that shouldn't be an issue software-wise. Why isn't that on offer?SSNSeawolf - Monday, January 10, 2022 - link
Physically disconnecting USB is not as simple as one expects it to be. Designing a physical disconnect switch that operates without software isn't in the works for USB, outside of power delivery.I hear what you're saying and agree that hardware disconnect switches would be ideal, but it's not going to happen, unfortunately. At least while we're still using USB.
Ryan Mercer - Monday, January 10, 2022 - link
Nonsense. You don't have to disconnect the USB. Just stop sending power to the actual camera and mic themselves. The control chips can retain power and USB without a signal from either. How is that technically difficult? It's not.SSNSeawolf - Monday, January 10, 2022 - link
I reiterate my point. You can't disconnect power to a USB device and keep the data pins. The device physically doesn't operate like that and the spec does not permit it.Don't claim "nonsense" when you are unclear on how USB devices operate.
Cygni - Tuesday, January 11, 2022 - link
An internal USB-A connection attached to a plastic slider that physically disconnects the connector internally, one million dollars please.Zoolook13 - Saturday, January 22, 2022 - link
I have a Lenovo Legion with a physical on/off button for the camera, works fine.Peskarik - Monday, January 10, 2022 - link
Privacy... :-DOxford Guy - Tuesday, January 11, 2022 - link
Will Pluton be considered a planet or a small moon?GeoffreyA - Wednesday, January 19, 2022 - link
A black hole, into which information is lost for ever.wr3zzz - Monday, January 10, 2022 - link
I remember when Fujitsu made privacy the forefront of their last ditch effort to remain relevant in laptops. It was a total failure. The added costs, weight and battery usage were no match of sitting with your back against the wall.Sivar - Monday, January 10, 2022 - link
It is ironic that Lenovo is prominently featured in a laptop privacy article when they were the first caught installing Superfish malware on laptops which allowed them to impersonate Citibank, Google, Facebook, and to spy on their own customers private communications.Their CEO later stated that he didn't see how this was a big deal.
Not long after, Dell did even worse, installing a root certificate on laptops that all had the same certificate authority, so anyone could create a website or application that the laptop's browser would report as "Safe".
Hopefully both companies fired the dangerously inept employees who made those decisions and have hired at least one tech person that knows the introductory basics of security.
Oxford Guy - Monday, January 10, 2022 - link
‘Hopefully’Silver5urfer - Monday, January 10, 2022 - link
If it's Windows 11 Secure Boot there's no privacy, Windows 10 itself harvests a lot of data one needs to remove the garbage from the iso itself using DISM or use an Enterprise IoT with garbage removed. Plus if it has UWP apps and Store, there's no privacy, Windows 11 home mandates to have Account. On top if these are using Ryzen 6000 Rembrandt then it's game over. Pluton processor is cloud connected technology blackbox. It uses Windows Update catalog to update itself as well.At this point people are buying glass for their homes. This whole thing is a facade and just PR BS.
Zoolook13 - Saturday, January 22, 2022 - link
It's not difficult to install Windows 11 without a microsoft acciount, it's just not obvious.PeachNCream - Monday, January 10, 2022 - link
Eh, the OS is spyware and has been for a long time. Not having a physically present microphone, camera, or biometric analysis component like a fingerprint reader on a laptop might be helpful, but until Microsoft, Facebook (or whatever they call themselves), Google, Valve, Twitter, etc no longer have an incentive to collect and mine data in order to generate income (never gonna happen) then you can enjoy your non-private computing experiences and like it.Oxford Guy - Monday, January 10, 2022 - link
Skimming a profit off of the fact that these machines and the network they connect to, are the antithesis of privacy — by design.The selling of sunglasses to poultry so the foxes in their houses won’t bother them so much, until they do.
When CPUs no longer have black box CPUs in them, support chips don’t contain spyware, operating systems don’t contain closed (secret) code, networks and the software atop them don’t contain closed code and are required to be designed to have military-grade security, and yada yada yada get back to me.
ballsystemlord - Monday, January 10, 2022 - link
So we're allowing MS to stick Pluton into the HW, but touting better security because we blur the display? What sort of madness is this?TomWomack - Monday, January 10, 2022 - link
It's a much more reasonable threat model. Providing laptops which a law firm's IT department will be happy to allow partners to use for billable hours of client work on a train or a plane is going to let you make a few sales you wouldn't make otherwise; being overlooked on the train is much more likely than being the target of an APT. Of course, making phone calls on the train is an even more obvious source of client data leakage.Sunrise089 - Monday, January 10, 2022 - link
Are you claiming partners can’t bill for work while traveling? Because if so I’m curious what direct experience you have in this area…Sunrise089 - Monday, January 10, 2022 - link
Interesting article Brett, but would be interested in hearing AT’s balanced take on Pluton and the privacy concerns it raises. The bolder claims being made about it in comments here and elsewhere suggest things like webcam shutters would be a metaphorical bandaid on a gunshot wound.Oxford Guy - Tuesday, January 11, 2022 - link
A ‘balanced’ take = warm and fuzzy excuse-making.There are facts and there are fictions. Facts can be ‘balanced’ by a helping of comforting fictions but is that really in your interest?
Mil0 - Thursday, January 13, 2022 - link
Ars' take isn't very critical, but it gives a decent overview and makes at least some of the claims here pretty unlikely:https://arstechnica.com/information-technology/202...
It mostly is just tpm on die, so doesn't give MS more power than it had, besides the ability to update the tpm firmware (which should provide better security ofc). The tpm update bits can and will be analyzed ofc, so I'd say it's unlikely that of all the ways MS could access your secrets, this is the route they choose.
Oxford Guy - Tuesday, January 18, 2022 - link
'Ars' take isn't very critical'No surprise there.
'so doesn't give MS more power than it had'
Incorrect.
'besides the ability to update the tpm firmware'
You mean turn your PC into a slave of Windows Update? A kiosk rather than something you own that's under your control.
'The tpm update bits can and will be analyzed'
By the agencies that mandated it.
AshlayW - Monday, January 24, 2022 - link
Disable tpm in the motherboard firmware - it's been an option for a long time, you don't have to use Windows 11.