I think you've created a strawman here. It's about risk assessment and ease of implementation. Taping the webcam is easy to do, effective and easy to undo. It protects against a real, not theoretical attack. It has meaningful value. Not using Windows 10 might also have meaningful value and protect against real, not theoretical attacks, but would be difficult to do or undo.

I could also point out that you are more likely to slip in your shower and injure yourself than get struck by lightning, but I expect there are more people who know how to stay safe in a lightning storm than who have non-slip mats in their shower. You're also far more likely to get injured or killed driving your own car, but I expect many people avoid public transit out of fear, lack of convenience , etc.

No question our assessment of risk is poor, but that doesn't mean we shouldn't take what steps will fit into our lives.

I mean, I think it's a worthwhile comment even granting this. When people are worrying about the computer scare of the moment, they tend not to realize that the threat surface is so massive that they're certainly, inevitably vulnerable somewhere.

No security habit short of Ludditism was going to keep people safe from Heartbleed. And it does feel a little on the nose for Comey to be pushing a security 'story' that's conveniently removed from crucial steps like "update your software regularly". I was irritated to see him describe that as "caring about people's personal security" when his stance on all other tech topics is to make people give up security for access.

None of which makes taping up a webcam wrong, of course. It's easy, it's nontechnical, and it eliminates a whole (very real) class of threat at a single stroke. That's actually pretty good, and webcam spying/blackmail certainly does happen.

In fairness, however, he wasn't "pushing the story". Indeed the irony is pointed out during the story.

I work at a public library and occasionally teach computer classes. In one we cover security, but it's infuriatingly difficult. When you're working with people who have trouble with the mouse, or even with basic literacy (I mean reading literacy, not computer), it's hard to explain "attack surfaces" or "the cloud". It usually comes down to:

1. Understand the difference between identity and security. 2. Update your software regularly. 3. Use different passwords for different services and write them down (the number of people who don't know their password because they have email on their phone is... too high). 4. Be aware of who you are giving information to and why. Do they need that information? Is what they are offering worth providing it.

It's hard to cover much more than that.

That's what typically happens for people who have no grasp of data. They understand what a camera is, that it takes pictures and that they don't want something to be able to take pictures of them at any given time. They do not understand the whole clusterfuck of data that's drawn about them from every other service and how it can be put together to reconstruct details about them that they do not want others to know about.

The other issue with the webcam taping is that it is becoming less and less of a viable way to even keep yourself from being video recorded. For example, what about the cameras on your smart phone?

If we aren't there already, the direction of technology seems to me to be: "cameras all around, everywhere, 360 degrees all the time." Ubiquitus video/audio recording and real time processing.

So what are we left with in terms of privacy? I believe we can only hope to control how data is used in this aggregate sense to some extent or other. If even that.

> Ubiquitus video/audio recording and real time processing. ... So what are we left with in terms of privacy?

A new sense of what privacy is. It is increasingly rare that someone should have a sense of privacy or anonymity while in a public place.

It's reasonable to worry about government abuse of power from monopoly access to the full aggregation of surveillance data (even if that data was not originally intended as surveillance). Many people advocate for damming the flood of data, but this is futile. A more effective solution is to end the monopoly of access -- public aggregation of surveillance data. Twitch for everything.

Don't worry quite yet. Wait until we all have wearable cameras.