I know someone whose camera and microphone were taken over. A window showed on her computer where the person watching her chatted with her and told her things that he only knew because he was watching her. It scared her to death and made her cry.

Beyond blackmail, it is probably close to the psychological equivalent of a stranger just suddenly appearing in your home watching you.

I think that every electronic camera and mic device should have a hard switch/button that physically disables both the camera and mic. Having to use tape or a cover does not keep you from being spied on; it only eliminates the visual spying. The attacker can still listen.

Smartphones represent a bigger security risk in that regard. Front facing rear facing, mic all ones personal data, pictures and so on.

Hardly. You put your phone on the desk and it's going to show the ceiling. In contrast to this, people do all kinds of weird things in front of laptops. I've even heard once of someone who allegedly masturbated (!) in front of a laptop. Of course, that must have been an extreme outlier ...

Remote code execution on a cell phone is thousands of times harder than a PC. If you have a RCE for the newest iOS software then there's people who are ready to pay you millions.

An up-to-date Nexus or iPhone is about the most secure thing you own.

Yes. They should have a switch.

This should definitely be a concern, but I feel like most people don't even realize that anything like that could happen. There is lots a news about webcams, baby monitors, etc. being hacked, but barely any warnings about making sure you keep your phone protected and secure, too.

That doesn't work with cameras integrated in laptops.

That's...a really good point. Talk about a massive blind spot on my part :)

> "This particular thing doesn't matter because I don't need it. And because I don't need it, nobody needs it at all"

This is all that I hate about stackoverflow.

You don't know SO rage until you get a case of a small, inconsequential problem which is of vital importance to you. After heaps of searching someone else has posted the same issue on SO. Then reposted a while later with "Don't worry, fixed".

As always, releavant: https://xkcd.com/979/

Also the mandatory upvoted comment 'why are you using vb6'.

"You should just tell the client that you'll rewrite everything from scratch in Rust rather than making this two-line fix."

That's just a bot someone made. It scrapes SO, constructs a model of question text and generates new questions from the model. Then, after a random number of days it posts that "Don't worry, fixed" you've seen.

What would be the point of that?

What he's describing is something that also happened (with far greater, more rage-inducing frequency) on tech forums before SO existed.

I believe it is a joke.

Oops. Thanks. I had a fear I was just missing a joke, but I have seen bots used on forums for no immediately obvious/spammy reason and I've also seen people genuinely imagine strange motives for relatively explicable things.

This is probably one of the reasons jokes are very much discouraged on HN. They pollute the conversation and add confusion. I too didn't notice that it was meant to be a joke.

It's a joke. I thought it was obvious, I'd have laughed if someone else had made it and I didn't think it's polluting anything, not tucked away in this side-thread-ish.

I've been using React for my last few projects (not by choice) and have found this a lot. Maybe because its newer, maybe because it doesn't play nice with other front-end things. SO rage indeed.

Plus I don't buy the "Doesn't affect me"-angle. In general, people abusing vectors like this are dang smart (or know someone who knows someone who's smart. doesn't matter). There's a reason why my webcam isn't plugged in unless I explicitly use it.

What about recognizing keys, credit card details or important information in letters on the desk? Some simple image recognition for these, and a large dragnet-style attack with this seems quite lucrative from a minute or two of thought.

All the author did was say it wasn't a concern for them. Nowhere did they say it didn't matter.

> Hey, but putting a sticker on your webcam is a way to show how 1337 your are!

This was a little bit more.

> He's clearly a man.

What is the point of this comment? Even if you had some way to know (EDIT: which you (https://news.ycombinator.com/item?id=12506075) point out is the case), why should it matter, especially since no-one else in this thread seems to have brought up gender?

Using “them” when you already clearly know the gender is bad style stemming from political-correctness zealots.

> all they will see is a bearded man staring to the front

I don't think he was saying that it's not important at all. His point was that there are plenty more security risks that deserve more attention.

In particular, he was calling attention to all the people that cover up their camera and proudly exclaim "Done! Safe at last", while oblivious to all the other hacks and malware that could already be infecting their computer.

Maybe it's just me, but I didn't take away that the commenter felt it is unimportant and he humourously explained why. He also explained that the other things were of greater concern.

More importantly, there's the fact that the level of access required to take over a webcam implies the ability to do all sorts of other things.

What I took away was that if his system was compromised, an open webcam wouldn't likely be the chosen vector for ruining his life.

Completely this.

As someone who was profiled and eventually experienced an attempted-blackmailed by a company in India (employer details gained among other things) - everything seems inconsequential ("I've done nothing wrong"), until it is used, abused (and lies added to) to threaten you.

It doesn't matter whether things are true or not. What matters is, when someone gains details about you, the story and lies they can spin. The cost, distress, and difficulty in trying to resolve and take control of the story can be incredible.

Your personal details should remain just that.

Don't be complacent.

> experienced an attempted-blackmailed by a company in India

Is this a well-known thing? I haven't heard of it before. Is there some sort of common pattern that such attacks follow? (E.g. most phishing attacks seem to be categorizable, following a number of set patterns, because the people who do them basically try to run the same attack against a lot of people at once to get one or two victims. Is this similar, or is it a matter of individual targeting?)

Would you mind sharing any more details about the attempted blackmail?

Nice try, blackmailer.

It's not just blackmail that I worry about.

A hypothetical, ruthless hacker manages to install malware on a person's computer. Hell they could target certain zip codes. All the information is on the Internet. Hell, they could get a picture of your home. (By the way, Google will blure out you home, if you ask. It tends to reappear, although they claim its permanent. If your house has been sold recently, a thief/criminal has easy access to interior layout through Zillow, and the like.)

They watch you through your cams. A lot can be deduced with that information--valuable information that could be sold.

Maybe I've watched too many movies, or crime shows, but I just picture certain questions being asked, "Does the home look like its worth robbing?" "Are there hostages we could take?" "What times do they leave, we need to install our cams because they might find our malware?" "Do they have a safe, or do they seem like they have money/valuables in the house, bedroom?" "Are they doing anything illegial themselfs?" They could develop psychological profiles for people?

I hate to think like this, but certain people think nothing of doing some horrid crimes. A hacker overseas gains some valuable information, and makes a phone call to the Triads, or Russian mob? Your life becomes a statistic.

It sounds far fetched, but just what if? (And am I going to cover my cams? No, because I don't have a life, and I'm poor.)

this happens a lot through low tech means. they'll just case a house and note the owners' movements until they recognize a pattern.

the only real solution to this is good insurance and good luck.

But that at least requires some human investment of time and movement. Someone has to case your house and sit there for however long it takes, risking discovery, boredom, opportunity cost, etc.

Wholesale information theft is another level. Someone in a different state or country has access not only to me, but potentially hundreds of people's details, without ever leaving their home. And then they can leverage a whole community that is doing the same. This is how "The Fappening" occurred. This sort of crowdsourced stalking would be impossible pre-internet.

Surely it's at least as much human effort to compromise a specific webcam, identify the house it's tied to, monitor it extensively, and then rob/assault the owners?

Obviously there are other reasons to worry about webcam access, but "they could spy on me to set up a robbery" is exceedingly low on my list since it just recreates a pattern that doesn't involve a computer.

I think it's more about the mass dissemination of that information. We've seen how easy it is to "Dox" someone without much information. One person might not be able to glean much, but what happens if 4Chan gets a hold of that data and has decided they don't like me?

Knowing your neighbors doesn't hurt, either. I like to think that if my neighbors noticed something untoward happening at my house, they would sound the alert.

This is all true, but wouldn't somebody who has the technical skills to pull this all of, be able to pull in a legal income far in excess of what burglary is likely to yield?

A lot of trojans are like off-the-shelf kits that anyone can grab. The technical skills amount to convincing someone to run an executable (email, malicious USB keys, poorly managed advertising networks, etc) and then clicking a few buttons in a GUI to connect to them and do what you will.

For the slightly more technical, you've got frameworks like metasploit which can perform network attacks, but even that is getting much more like a kit these days. Port scan for services, fingerprint them, check database for known vulnerabilities, automatically attempt to exploit known vulnerabilities, deploy payload (the trojan).

A typical drug dealer would make more money working at McDonald's, so why don't they? People are weird.

Once you've been convicted of something, or even arrested really, you have few legal options to support yourself.

> A typical drug dealer would make more money working at McDonald's, so why don't they?

I think a substantial share of those drug dealers who aren't working formal-economy jobs as well are also drug addicts that would not be able to keep such jobs particularly well even if they weren't drug dealers, and/or convicts that wouldn't be likely to be offered such jobs if they chose to pursue them.

> Blackmailing people with pictures taken from webcams

How can one blackmail a person with webcam pictures where the person just stares into a screen?

If you mean NSFW pics I don't think they're done with a computer's webcam cam. Nowadays, people use phones for that use case.

It's not only pics of people staring into a screen.

There was a case about 5-6 years ago when a guy recorded and streamed his secretly gay roomate having sex in the dorm. The gay roomate committed suicide later.

Work computers can be taken home or to business trips where things can happen in the hotel after the deal is struck.

>where things can happen in the hotel after the deal is struck.

Serious question: what happens when a deal is struck? They go out to drink? They go back to their hotels? They have sex with their coworkers?

Serious answer: whatever happens is none of your or FBI's business ;)

I'm not naked when I'm using the computer. When I am naked my laptop is closed and most likely in my bag. I guess a lot of people keep their laptop open on their nightstand or something?

Open all night on a table/desk certainly isn't rare. If you're in a dorm room or a studio apartment that can mean "staring straight at the bed".

A lot of people mastubates in front of their computer.

If society wasn't so prudish about naked bodies, it'd be less of a problem. It's one of those shoot the hostage situations. We could defuse a lot of our concerns if we'd relax our self imposed constraints and it would give us more time to worry about the things which matter more.