The idea of having software controlled hardware kill switches, as @todd-weaver described it in the video @miso linked, seems flawed. The main reason why you would have kill switches for sensors (as distinct from kill switches for baseband or WiFi/Bluetooth) is because you don’t 100% trust the software running on the main CPU. Therefore, it’s nonsense to put the kill-switches under the control of the software running on the main CPU!
A hardware LED indicator isn’t going to help you if some malicious software un-kills a sensor while you’re not looking and starts eavesdropping on you.
However, what would work is to have a hybrid software/hardware approach. Add a momentary push button switch to the hardware. Holding it down would do three things:
- Send a signal to the CPU to trigger the display of the software-controlled kill switch UI.
- Illuminate the kill-switch status LEDs (which have been designed to directly reflect the actual hardware state).
- Allow the kill switch control output signals from the CPU to physically reach the kill-switch circuitry.
Releasing it would stop doing those things.
This means the kill switch circuitry must hold its own state (rather than relying on the CPU to continuously output the desired state). For extra security (against accidental button presses), it might be worth adding a time delay to the circuit, so that the button must be held down for a certain amount of time before events 1 and 3 happen (2 could still happen immediately).
This has suddenly become my favourite option!
With this arrangement, software can only influence the software-controlled kill-switch state when the button is held down, at which point the user should be actively observing the state LEDs and will notice any anomalous behaviour (for example if they hold down the button and enable the GPS, but the microphone LED also illuminates, then they will know that there is some misbehaving software present and can take steps to protect themself).
@nicole.faerber @ekuzmenko I wonder if this is what Todd was describing, or if it’s a new variation.
I would still like to have the three separate slide switches though.
It would be neat if the momentary push button for operating the software kill switches was integrated in to the relevant slide switch: slide to enable/disable everything, or push down for fine-grained control in software.