That's not what they mean by "keylogger" and some reasonable people would agree with them on their naming. Suppose you have a log-in page, and a user name field, password field, and a "Log in" button. If a website secretly submits everything entered into the password field even when "Log in" isn't clicked, such as when a user accidentally pastes a password for another website and realises it before logging in, I think most people would call that a keylogger.
In Gitlab's case, it seems to be their search function. It provides search results without needing to press Enter or clicking a button. From a technical POV, this is the exact same kind of keylogging as the above, it's only the intent that makes this okay and the above not so.
Would you agree that keylogger is a term for malicious software with the purpose of stealing private data such as credentials?
Is this is the case, then the latter is not keylogging.
The former is some sort of logging, but I wouldn't call it keylogging; after all, you are still entering data to the particular filed intended for entering credentials, to be sent to the remote server for verification. If the purpose of the remote server is something more nefarious, then it is keylogging.
The feature would even make sense if the server would let you in without pressing enter; but for understandable reasons this is not really a thing..
> Would you agree that keylogger is a term for malicious software with the purpose of stealing private data such as credentials?
No, I would not. Keylogger, I would say, is what the name implies: is a term for software that records keystrokes. In order for the term to be useful we have to limit it to such software where the recording is not obvious to the user, as otherwise even Notepad would count, but we do not have to limit it to malicious software.
Would that go along with the common consensus, or perhaps water down the term to near meaningless? Maybe Firefox is keylogging my input as well; and in fact, so is Linux. Keyboard itself, definitely.
Once I had X11 enter old keystrokes (so it had missed the read position in the input ring buffer and every stroke entered a key from the past); keyloggers all around.
Kidding aside, I believe it is important to use terminology all parties agree on; after all, words are a tool for communicating. Even if an individual finds a deeper or "fundamental" meaning in a word outside the typical use of a word, attempting to use and understand it in such a way hinders communication.
It honestly sounds like you've come to allow all types of keylogging to become (to yourself only) allowable and called by any other name. Yes, if Google Docs does actually take each keystroke and record it and save record of it, even once backed out/deleted from a field, this is in fact keylogging.
I want my Linux box or my keyboard to get my keystrokes. I don’t want my typing on a website before submitting a form sent to a third party. Key logging is how Blacklight describes it.
Agreed, if there is consensus on what a word means it's unnecessarily distracting to use it in a different sense. In this case, the common meaning of keylogger is not restricted to malicious software, so we shouldn't insist here that it is.
Indeed, it's not necessarily going to be obvious to a user that when they type in a search bar their text will be used to find relevant content on the site even before the user clicks a "Search" button.
Nope. A keylogger is any field taking whatever your input without your knowledge, and "logging" it. So as he said above, if you were accidentally typing in sensitive info in a password field, or a chatbot window and without clicking a button to send that info off, they are logging it. That is still keylogging. Just because it's not a RAT keylogger doesn't mean it's not logging keystrokes.
The technical difference would be that a keylogger logs keystrokes regardless of where the focus is, whereas normal "respond to key events" logic would be restricted to capturing key events in a field where the user understands the focus to be.
"Type to search" is OK, as the key events processed are restricted to the ones typed into the search field. A key logger would attach an event listener to capture key presses in any field, or even if no field is selected.
It is the same technical difference between a UI which has an explicit "paste" button, which reads from the clipboard only when that button is pressed, vs a web app which reads from the clipboard indiscriminately, in the off-chance that there's something interesting (a password for a different website?) stored in the clipboard.