Do you think a hardware cutoff switch for the camera, like the Librem 5 and PinePhone, is enough to ensure privacy, or would you really want an actual built-in camera cover like is on some laptops (that presumably also kills the power since the system knows whether the camera is covered). The caveat for only having a switch being that you can’t very easily audit the circuitry to check if it’s actually turning off the camera, but the benefit being that it’s easier to implement, has fewer points of failure, and will leave more room for a bigger camera.
Also, would you want separate switches for front and rear facing cameras or are you okay with turning both of them on and off with one switch?
Ideally you would want both.
For anything important, redundancy is important.
Most covers can still leak some information with various integration time settings.
Killswitches need to be trusted, and cannot easily be verifiable at a glance.
Killswitches circuitry should place the mechanically isolated switch in series to the camera power line, and on the camera side have an indicator LED in parallel - or a similar arrangement. Other configurations are difficult to trust.
Imo separate switches is not as important as verifiably trusted switches. Separate would be nice, as long as it doesn’t lead to confusion.
That begs the question of how one would check if the cutoff switch is working. If a company like Pine64 or Purism says they have cutoff switches in series to the power, would you trust them? What if the devices were audited by a third party? I wonder if there’s a self-test that can determine if they’re working, which you can run from in the OS itself.
Even if the camera had a cover you can see, that’s not possible for the microphone, radios, etc. Do you think the other components can get away with not having physical indicators of function? Do you consider them significantly less privacy invading than a camera? I mean, in terms of “creep factor,” then yeah, the camera is by far the worst, but if your main concern is confidential information leakage, like if it’s a work computer, the microphone can be just as bad, possibly worse.
I guess you can take the thing apart and follow the traces from the switch to the camera, but I feel like that’s edging on paranoid, unless you’re like a secret agent or something where someone modifying your specific device before shipping to you is part of your threat model.