[fredley]

What's one more keylogger?

Your OS is already logging your keystrokes, your browser is already logging your keystrokes, who even knows what else is already logging your keystrokes.

Obviously I speak here for the majority of computer users, I imagine many (most?) in the HN readership have taken steps to reduce the amount of keylogging they are exposed to as much as possible already.

[microcolonel]

Whose browser and OS is logging keystrokes? OSX/Windows users with IE/Edge/Safari? Are you insinuating that Google has a patch which integrates keylogging in their Chrome builds of Chromium?

I typically use Chromium on OpenBSD, am I being keylogged. I'm pretty sure we all have a choice, and many of us choose convenience over privacy.

[EGreg]

How would you know one way or the other?

You trust your OS and user agent. Would be better if there were strong cryptographically signed assurances that the open source build is the one you have. And lots of companies should be looking through the source and patches. And even then someone might have hidden a back door by now.

And your CPU and encryption algorithms might contain back doors, too.

I would say all these things are fixable over time. Cory Doctorow talks about the war on general computing by spyware and locked-down devices.

Ultimately the only way to have trust is the same way Ripple has trust - by using products from various ostensibly unrelated parties - indeed enemies - to check adherence an agree-upon standard, like code signing from source without compiler backdoors. So you can eg inspect code.

https://softwareengineering.stackexchange.com/a/184896/13446...

Here are some recent examples:

http://www.cnbc.com/2017/06/23/under-pressure-western-tech-f...

http://m.mspmentor.net/managed-security-services/kaspersky-l...

https://disruptiveviews.com/chinese-demand-source-code-imple...

http://fortune.com/2016/04/19/china-demanded-apple-iphone-co...

[fredley]

The amount of data Windows reports by default is well covered. Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.

[marcinzm]

>Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.

I just checked, it's off on my install of Chrome so likely it' not on by default. The regular spell check is purely local.

[aesthetics1]

Any site with an instant search, similar to Google's, is sending a steady stream of your keystrokes to the server. Even the Omnibar inside of Chrome has to send your keystrokes over to receive suggestions that aren't local.

[jowsie]

You should take a look at the kind of js that gets injected into most mainstream websites nowadays.

[Jonnax]

You're going to have to explain a bit more than that.

Tabs are isolated fork each other and the web browser does give a web page the kind of access to be key logging.

If you're talking about things that you type whilst the page is in active focus then it's kinda their website you're visiting.

[zemo]

attaching an event handler to a keyboard action is not the same thing as keylogging...

[zer0tonin]

If it's on all keyboard actions, then it's the same thing.

[27182818284]

Often it is this too, because of sloppy coding, not even malicious intent. I've seen people implement JavaScript easter eggs that play a funny joke, but in doing so the developers had created a keylogger by accident that was logging everything you did on the site. Again, wasn't malicious at all they didn't think about it at all.

[diggan]

Unless you're not actually logging the actions but just listening for certain combinations like "ctrl+x" or even "x"