There was a recent Network World article that reported that some people are freaking out because IF you setup Windows 10 to do facial recognition to log you in, it works even if you have disabled your camera.
Call me dumb, but if you ask Windows to use the camera to log you in, it is likely going to do that.
But the article does make some interesting points.
The first is that the Windows 10 facial recognition is good enough that when The Australian tried to fool Windows 10 using 6 pairs of identical twins, Windows 10 was not only smarter than a 5 grader, but it was also smarter than The Australian. The score was twins 0, Windows 6 – the twins could not fool Windows 10. What I haven’t seen any data on yet is if Windows can be fooled by a 3D model of your face. I assume it won’t be fooled by a photograph. I am sure that hackers are working away at fooling Windows. Still, this is better than when Apple released their first iPhone fingerprint reader and that was hacked in a couple of days.
Next, Microsoft says in one of their FAQs that the setting to disable application access to the camera does not work for ‘legacy’ apps. For the geeks reading this, that means .Net apps, COM apps, Win32 apps, etc.
The good news is that apps that ‘officially’ use the camera will turn the camera light on, if there is one or put a notice on the screen that the camera is on if there is no camera light.
The bad news is that malware is rarely that nice. We have seen malware that manipulates the camera – which has been unfortunate for people who use their laptops when they are wearing less than they would in public. There was an incident in 2013 where Miss Teen USA Cassidy Wolf’s webcam was hacked by a classmate who used it to take pictures and videos of her and then tried to extort money from her to keep the pictures private. Apparently, she kept her laptop in her bedroom. That person was caught. He had apparently done this to a number of other people as well. Cassidy Wolf has been very public about her situation in an effort to increase teenager’s awareness of the problem.
I think the bigger problem is with cell phone cameras. Cell phones may not have a light to tell you that the camera is on (my Samsung Galaxy Note 4 does not that I can tell, for example) and people are much more likely to use their cell phone when they are in a state of undress. The only advice I have for people who are concerned about that is to not use your phone under those circumstances, but I don’t think that is totally practical.
I used to put a sticky note over my laptop camera when it wasn’t in use – which is most of the time. While that solution is effective, it is somewhat less than elegant.
Later, I found a company at a computer trade show giving away small stick on sliders that cover the webcam and are very inconspicuous. You merely slide the cover over if you want to use the webcam and back when you are done. These are available on Amazon for about $5. I thought maybe the glue would fail, but I have had one on my laptop over a year and it is still there.
The moral of this story is that I wouldn’t be worried about Windows using your web cam to ID you, but there could be other, malicious, apps that you might be concerned about. A $5 fix will solve the problem for your laptop if you are concerned. Or you can use a sticky note if you are on a tight budget. I wish I had a solution for the cell phone version of this problem, but I don’t.
Information for this post came from Network World.
Cassidy Wolf interview with CBS News on her situation can be found here.