According to another respondent, they had a photo "taken" from the exact moment they scrolled by an ad. The author of the tweet confirmed the same happened to her in the same thread: https://twitter.com/PickledBoba/status/1338658784391000064.

That's quite strange. Even if we presume Twitter is doing everything aboveboard, why would they activate the camera when the user is not taking a picture or streaming?

They are likely computing the target of the user's gaze. It's valuable information for twitter and advertisers. Did the ad draw the user's attention?

I have a OnePlus 7 Pro. When I bought it, having a screen without an ugly notch or hole was the benefit and having a pop-up selfie camera was the trade-off.

Or so I thought. And then one week I caught my camera quickly popping up and down when using Firefox. I searched around thinking there must be a bug. It turned out, Firefox had camera permission somehow. I don't recall granting it permission. In any case, it sure seemed like a rogue ad or JavaScript malware was taking pictures at random times. Who knows.

But I would never have known this if it were not for a physical camera that has to pop up. Today, I can't imagine having a phone that doesn't have this same mechanism.

I wish there was more information about the behaviour. Realistically, I suspect it's just the last snapshot from the time the camera was opened/closed in Twitter, and the image buffers got mixed up. It would be interesting if that's not the case, but that's a lot more investigation.

Edit: From the follow-up tweet: "It was still photo from the exact moment I scrolled over the ad" - now that is very interesting!

I have a Mi 9T with a pop-up selfie cam and I really can't think why I wouldn't nowadays. I caught my bank trying to take sneaky selfies when I made any payment (https://twitter.com/Hamcha/status/1259801253527388160) when they only had camera permissions for a completely unrelated reason (QR code scanning for bills and ATM authentication).

For people like me looking at the linked tweet via a desktop browser: the picture in the tweet isn't shown in full - you need to click on it to see the issue.

And... it's horrifying.

All the more reason to use a third party client.

I thought web browser asked you for permission before using the camera?

Is this a browser screenshot? If it's the native twitter app, it already has the permissions.

Well that's terrifying and now I'm shopping for a camera cover for my phone.

It's technically a visual bug, but the content of the bug highlights the disconnect between what everyone thinks is in the T&Cs and what is actually in there. I wonder how many people would tap yes if they had a dedicated prompt to "Can we take a photo of whatever your front camera can see every time you see an ad?"