Apple Recommend Not Covering Your Laptops Webcam, Claims It Can Damage Hardware
American computer giant Apple has come out with a warning against covering up the camera on their MacBook laptop line. Their advisory states that closing a MacBook, MacBook Air, or MacBook Pro laptop with something covering the camera "might damage your display". Those who want to safely use Apple laptop computers can replace their bundled macOS with a GNU/Linux distribution and disable the web camera by either blacklisting the driver module or by compiling a custom kernel without the camera-related modules.
written by 林慧 (Wai Lin). published 2020-07-16 - last edited 2020-07-18
Apple story is that there is too little clearance between the display and the keyboard to accommodate even a thin sticker placed above the spy camera on their laptop products. They recommend trusting that the LED next to the camera will tell you if it is recording or not.
"If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances."
Apple notes that camera stickers that are thinner than
0.1mm (the thickness of an average piece of paper) can be used to cover the camera on Apple laptop computers. They advice that those who opt for using a sticker avoid covering the light sensor next to the camera.
Those who own Apple laptop hardware can easily install a GNU/Linux operating system such as Ubuntu or Manjaro Linux on their Apple laptop and permanently disable the camera functionality in software by either blacklisting or not compiling the web camera driver module.
HOWTO Permanently Disable The Webcam By Compiling A Custom Linux Kernel
All camera functionality can easily be disabled by compiling a custom kernel without
Cameras/video grabbers support. This can be de-selected using
make menuconfig by saying no to ▸ ▸ (
CONFIG_MEDIA_CAMERA_SUPPORT). It is also possible to disable specific web cameras in the sub-menu.
GNU/Linux users who want to disable their web cameras without re-compiling the kernel can do so by blacklisting the
uvcvideo module. This can be done by adding the words
blacklist uvcvideo to one of the blacklist files in
sudo sh -c "echo 'blacklist uvcvideo' >> /etc/modprobe.d/blacklist.conf"
Disabling The Web Camera Using A Thin Sticker
The Tor project will send you some fine laptop camera stickers, and a T-shirt, if you run a Tor node for half a decade. They will even send another T-shirt, and more stickers, after a whole decade if you tell them that the T-shirt you have is all worn out.
Non-Apple users can disable their webcam by placing a small suitable sticker over it. You can get special-purpose stickers made for this explicit purpose for free. You only have to setup a Tor onion router node and run it continuously for half a decade to get a very nice free webcam sticker and a nice t-shirt from the The Tor Project, Inc for free.
Disabling the webcam is very easy once you have a suitable sticker. Just peel the sticker off and fasten it above the web camera lens.
Don't Forget The Microphone
Disabling the web camera using software (or hardware) will not disable the microphone. People seem to forget about that particular bugging built into all laptops and smartphones. Disabling the microphone is usually more problematic because microphone support is, in GNU/Linux, tied into the general sound card driver. Disabling all sound support may be a too high price to pay.
The vast majority of modern computers have a sound card that is powered by the
snd_hda_intel module. You can check if that is true on your system using
cat /proc/asound/modules and blacklist
snd_hda_intel and/or other modules used to provide sound card support using a command like:
sudo sh -c "echo 'blacklist snd_hda_intel' >> /etc/modprobe.d/blacklist.conf"
Disabling the entire sound system is obviously NOT ideal. There is an alternative. First, run
grep CAPTURE /proc/asound/card?/pcm*/info
to see what hardware devices are capable of audio capture. You will see a list like:
These will correspond to devices in
/dev/snd/pcm* where card1/pcm0c is named
/dev/snd/pcmC1D0c (card C $X and device D $Y). The microphone bug(s) you have identified can now be disabled using the file access control lists tool
sudo sh -c 'setfacl -m u:root:-,u::-,g::-,m::-,o::- /dev/snd/pcmC1D0c'
This command can be placed in a file executed at boot. Fedora users can create a file called
/etc/rc.d/rc.local and make that file executable with
chmod a+x /etc/rc.d/rc.local