Bug 2018158 - disabling camera and microphone access doesn't disable either
Summary: disabling camera and microphone access doesn't disable either
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-control-center
Version: 35
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: gnome-sig
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: https://ask.fedoraproject.org/t/we-ar...
Depends On:
Blocks: F35FinalBlocker
TreeView+ depends on / blocked
 
Reported: 2021-10-28 11:41 UTC by Kamil Páral
Modified: 2021-12-04 01:02 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)
disabled camera in Settings (32.35 KB, image/png)
2021-10-28 11:42 UTC, Kamil Páral
no flags Details
disabled microphone in Settings (33.57 KB, image/png)
2021-10-28 11:42 UTC, Kamil Páral
no flags Details

Description Kamil Páral 2021-10-28 11:41:32 UTC
Description of problem:
In GNOME Settings -> Privacy, there are tabs "Microphone" and "Camera". In each of them, you can disable those devices and you'll see the following message:

* Microphone is turned off *
No applications can record sound.

* Camera is turned off *
No applications can capture photos or videos.

However, even if you do that, it doesn't seem to have any effect. If you run Cheese, you can capture photos and videos (including sound) from your camera just fine. Similarly, if you install gnome-sound-recorder, you can record your voice also without issues.

Those options in GNOME Settings seem misleading at best. Users might be relying on those messages to think they're safe from any snooping applications, while they are not.

Version-Release number of selected component (if applicable):
gnome-control-center-41.0-1.fc35.x86_64
wireplumber-0.4.4-2.fc35.x86_64
pipewire-0.3.38-1.fc35.x86_64
(F35 Workstation Live RC1.2)

How reproducible:
always

Steps to Reproduce:
1. in gnome-control-center, go to Privacy->Sound/Camera and disable both
2. run Cheese, see that it can record video+sound
3. run gnome-sound-record, see that it can record sound

Additional info:
If you don't disable Camera and Microphone options, there is a box saying "No Applications Have Asked for Camera Access". That also doesn't reflect the apps accessing the devices.

I had a feeling that this might be broken for a long time, so I booted F30 Workstation Live in a VM, and I can reproduce the same issue even in F30.

Comment 1 Kamil Páral 2021-10-28 11:42:04 UTC
Created attachment 1837958 [details]
disabled camera in Settings

Comment 2 Kamil Páral 2021-10-28 11:42:11 UTC
Created attachment 1837959 [details]
disabled microphone in Settings

Comment 3 Kamil Páral 2021-10-28 11:45:03 UTC
This could be possibly considered a broken basic functionality of gnome-control-center under:
"All applications that can be launched using the standard graphical mechanism after a default installation of Fedora Workstation on the x86_64 architecture must start successfully and withstand a basic functionality test. "
https://fedoraproject.org/wiki/Fedora_35_Final_Release_Criteria#Default_application_functionality

Proposing for a discussion.

Comment 4 Zbigniew Jędrzejewski-Szmek 2021-10-28 14:09:17 UTC
I can confirm the issue. The gnome-settings setting has no effect whatsoever on cheese.

FWIW, I think this violates user expectations and should be fixed. Since it's apparently not a regression,
I'm not convinced it should be treated as a blocker though.

Comment 5 Ben Cotton 2021-10-28 18:10:01 UTC
In today's Go/No-Go meeting, we agreed that this is not a blocker as it exceeds our definition of "basic functionality"
https://meetbot.fedoraproject.org/fedora-meeting/2021-10-28/f35-final-go_no_go-meeting.2021-10-28-17.01.log.html#l-126

Comment 6 Michael Catanzaro 2021-11-02 20:39:38 UTC
Please understand: the design of System Settings panels assumes all applications are installed as flatpaks. This might be bad design, but anything that is installed via RPM could simply ignore whatever permissions you set in System Settings, so attempting to restrict their permissions would be futile.

Comment 7 Kamil Páral 2021-11-03 08:32:24 UTC
Michael, thanks for explanation. It's definitely bad design, and misleading, because it says "**No applications** can ...". I'll file an upstream bug.


Note You need to log in before you can comment on or make changes to this bug.