I agree regarding the title, but I would say the bit about safeguards is not entirely obvious. For example a webcam with a led indicator. If the led is in series with the image sensor, even if the firmware gets hacked the led would turn on when recording regardless of the computer it is connected to.

some of those that know what they’re doing, do it through pihole. But a DNS sink is really not enough. Even blacklisting the MAC might not be enough. If it requires a key from a server it might even be necessary to hack the device if it’s not a SoC and you can’t defile or use M-x Butterflies