I often agree with John Gruber on Daring Fireball, save for his views on the necessity of tipping. But in 2016 he wrote this, emphasis added:
I think this is nonsense. Malware that can surreptitiously engage your camera can do all sort of other nefarious things. If you can’t trust your camera, you can’t trust your keyboard either. Follow best practices to avoid malware in the first place — don’t install Flash Player, and don’t install software from sketchy sources — and you’ll almost certainly be fine.
My comment back then:
Security is about layers, so covering your laptop camera is perfectly rational.
Now there are widely circulating reports about a Zoom video conferencing vulnerability that allows any arbitrary client to access your webcam. It’s not the first time this has happened with similar software, and I would bet my professional career it won’t be the last.
Zoom isn’t malware; corporate users download it as part of their job. So the argument that avoiding malware in the first place is well intentioned, but misguided and incomplete. Almost certainly is true, just in the other direction.