[pjc50]

I don't see why it would interfere with autocompletion - the keystrokes are passed onto the browser, after all.

Interfering with focus might be more noticeable, although Windows 10 has made this much less obvious than it used to be.

It does rather drive home the extent to which the "desktop" model is at odds with the user being able to run multiple mutually hostile applications from different sources. And sometimes the ability to read and inject keyboard input is legitimate.

[alanbernstein]

There is at least one password manager autocomplete system that works by examining the title of the current active window, so if that's not the browser, it will fail.

[zwp]

But presumably the transparent keylogger window must know which is the supposedly-active window (in order to be able to pass on keystrokes to it), so the transparent window could emulate the supposedly-active window's title?

[yorwba]

> Interfering with focus might be more noticeable, although Windows 10 has made this much less obvious than it used to be.

Interfering with focus is what breaks autocompletion. (This drawback is explained in the paper itself.)

[falcolas]

Personally, based on my experiences thus far I'd put it down to a web page that's interfering with autocomplete or blocking default actions (like pasting) in the name of "security".

IOW, web designers have already set the precedent for broken autocomplete, no keylogger required.