[deadbunny]

I didn't read the part about Nest to be fair but with some basic network design you can easily segregate networks and reduce your attack surface massively, even if you're using internet connected devices (seperate vlans, use http proxies with ACLs, no inter device communication where not needed).

The difference between a switch and a laptop is that your switch isn't running browsers with 0days found regularly, no malicious JS payloads, no phishing emails.

To exploit a switch you generally need access to the management interface, something anyone who has any experience with networking does not put on the same network (virtual or physical) as laptops, iPads, televisions, or internet connected cameras.

[balamaci]

I agree with what you are saying, however tape over the camera means you don't trust the OS or the hardware manufacturer with a console command like modprobe to actually do it's thing and disable the web camera.