Skip to content

paolostivanin/Snoop-Guard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
snoop-guard.ini
snoop-guard.ini
 
 
snoop-guard.service
snoop-guard.service
 
 

Repository files navigation

Snoop Guard

Receive a notification every time your webcam and/or your microphone are being used.

Project status: active, user-space daemon + CLI.

Requirements

  • GCC or Clang
  • glib-2.0, gio-2.0, gobject-2.0
  • alsa-lib (for microphone checks)
  • libnotify (desktop notifications)

Build

$ mkdir -p build && cd build
$ cmake -DCMAKE_BUILD_TYPE=Release ..
$ cmake --build .

Check version:

$ ./sg-daemon --version
$ ./sg-ctl --version

Configuration

Snoop Guard reads its configuration from: $HOME/.config/snoop-guard.ini

A sample configuration is provided at the repository root as snoop-guard.ini. Copy it to your config directory and adjust values:

$ mkdir -p "$HOME/.config"
$ cp ./snoop-guard.ini "$HOME/.config/snoop-guard.ini"

Relevant options:

  • [server]
    • check_interval: polling interval in seconds (> 5)
    • notification_timeout: seconds; 0 = manual dismissal
    • microphone_device: ALSA device name (e.g., sysdefault). If unset/invalid, mic checks are skipped
  • [policy]
    • allow_list: semicolon-separated process names that will NOT trigger a notification when using the webcam
    • deny_list: semicolon-separated process names that WILL trigger a notification when using the webcam

Notes:

  • The policy lists apply to webcam checks. Microphone process attribution is not available yet.

Running as a user service (systemd)

This project is intended to run as a per-user systemd service. A unit file is provided: snoop-guard.service.

Install and enable:

$ mkdir -p "$HOME/.config/systemd/user"
$ cp ./snoop-guard.service "$HOME/.config/systemd/user/"
$ systemctl --user daemon-reload
$ systemctl --user enable --now snoop-guard.service

By default the unit expects the binary at /usr/bin/sg-daemon. If you run it from a custom location, override ExecStart with a user drop-in:

$ systemctl --user edit snoop-guard.service

and add:

   [Service]
   ExecStart=
   ExecStart=/absolute/path/to/sg-daemon

CLI usage

The sg-ctl tool connects over the user session D-Bus to query status and recent events:

  • sg-ctl status
  • sg-ctl recent [N]
  • sg-ctl --help

Limitations

  • Only one microphone device can be monitored at a time.
  • We currently cannot reliably attribute which process is using the microphone; allow/deny lists apply to webcam usage only.

Security

  • The provided systemd unit includes modern hardening options while preserving access to /dev/video* and /dev/snd/*.
  • See SECURITY.md for the vulnerability disclosure policy and hardening details.

License

GPL-3.0-or-later. See LICENSE for details.

About

Receive a notification whenever your webcam and/or your microphone are being used

Topics

notifications c privacy microphone webcam

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages