Some thoughts on this: turning sensors off is absolutely valid, of course.
But don’t overdo it with the kill switches that are placed on the case. Combining some of the ideas mentioned in killswitch design submission, we could have
- camera slider (shutting the lens)
- 3 external kill switches (baseband, WiFi/BT, Mic)
- ~10 internal kill switches (GPS, Accelerometer, Gyroscope, Compass, Ambient Light, Proximity, Camera, Microphone, Baseband, WiFi, Bluetooth)
Keep in mind, software kill switches are perfectly fine as long as you have some basic trust in your device, or at least the kernel. (A watchdog could tell you which sensors are active / have drivers loaded). And if you don’t trust your device, you will most likely just turn most of the internal kill switches off for good and quadruple-check if they are really off.
I think the circle of users who would toggle the gyroscope on a regular basis is really small. To me, it makes a ton more sense to have a browser that does not grant access to sensor data by default.
As you might have noticed, I included the devices with external switches also for internal ones. This way you can turn them off completely, without accidently turning them on. Also, one could turn off BT internally, and this way the WiFi/BT switch becomes a Wifi switch.
I was looking how small internal DIP switches could be. I found these, allowing 12 switches in about 8x16mm.
I also like that slider idea for the camera lens, saving one kill-switch on the side.
Would be extra cool, if the slider would double as shutter-release button when slid open, and of course slide-open would open the camera app. (And un-muting the microphone would accept the incoming call, as somebody suggested before).