[_flux]

Would you agree that keylogger is a term for malicious software with the purpose of stealing private data such as credentials?

Is this is the case, then the latter is not keylogging.

The former is some sort of logging, but I wouldn't call it keylogging; after all, you are still entering data to the particular filed intended for entering credentials, to be sent to the remote server for verification. If the purpose of the remote server is something more nefarious, then it is keylogging.

The feature would even make sense if the server would let you in without pressing enter; but for understandable reasons this is not really a thing..

[hvdijk]

> Would you agree that keylogger is a term for malicious software with the purpose of stealing private data such as credentials?

No, I would not. Keylogger, I would say, is what the name implies: is a term for software that records keystrokes. In order for the term to be useful we have to limit it to such software where the recording is not obvious to the user, as otherwise even Notepad would count, but we do not have to limit it to malicious software.

[_flux]

So, basically, Google Docs is a keylogger?

Would that go along with the common consensus, or perhaps water down the term to near meaningless? Maybe Firefox is keylogging my input as well; and in fact, so is Linux. Keyboard itself, definitely.

Once I had X11 enter old keystrokes (so it had missed the read position in the input ring buffer and every stroke entered a key from the past); keyloggers all around.

Kidding aside, I believe it is important to use terminology all parties agree on; after all, words are a tool for communicating. Even if an individual finds a deeper or "fundamental" meaning in a word outside the typical use of a word, attempting to use and understand it in such a way hinders communication.

[BTCOG]

It honestly sounds like you've come to allow all types of keylogging to become (to yourself only) allowable and called by any other name. Yes, if Google Docs does actually take each keystroke and record it and save record of it, even once backed out/deleted from a field, this is in fact keylogging.

[luke2m]

I want my Linux box or my keyboard to get my keystrokes. I don’t want my typing on a website before submitting a form sent to a third party. Key logging is how Blacklight describes it.

[hvdijk]

Agreed, if there is consensus on what a word means it's unnecessarily distracting to use it in a different sense. In this case, the common meaning of keylogger is not restricted to malicious software, so we shouldn't insist here that it is.

[eitland]

> In this case, the common meaning of keylogger is not restricted to malicious software, so we shouldn't insist here that it is.

The common meaning of keylogger is restricted to stealthily recording an unsuspecting users keyboard input.

Malicious or not depends on the user who uses it and what they use it for and possibly also is in they eye of the beholder, but Google Docs or a an auto complete search field is not a keylogger by any definition I've seen used.

But what do I know, I've only been interested in this since the nineties.

[ChrisLomont]

>the common meaning of keylogger is not restricted to malicious software

Over 99% of the hits on a google search use keylogger restricted to malicious software (sampled the first dozen or so pages). The first sentence in Wikipedia is "Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored". The top definition googling a definition is "a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information."

What metric did you use to conclude that the "common meaning" is not this common meaning? Not a single place I have found claims the common meaning is anything other than surreptitiously recording user keystrokes for nefarious purposes. Do you have even one such link?

[hvdijk]

I'm curious what you searched for, because the majority of the very first page of Google search results agrees with me, actually. Two of these say define keyloggers in a way that is inherently malicious, most give a neutral definition. They do go on to say how such software can be used by criminals, but most do not say that keyloggers are inherently malicious, and some very specifically deny that:

https://www.csoonline.com/article/3326304/what-is-a-keylogge...:

> Keyloggers are a type of monitoring software designed to record keystrokes made by a user.

https://securelist.com/keyloggers-how-they-work-and-how-to-d...:

> The term ‘keylogger’ itself is neutral, and the word describes the program’s function.

https://en.wikipedia.org/wiki/Keystroke_logging:

> Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored.

https://home.sophos.com/en-us/security-news/2019/what-is-a-k...:

> A keylogger is an insidious form of spyware.

https://www.kaspersky.co.uk/resource-center/definitions/keyl...:

> Keyloggers are used for legitimate purposes like feedback for software development but can be misused by criminals to steal your data.

https://www.mcafee.com/blogs/consumer/family-safety/what-is-...:

> A keylogger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.

https://searchsecurity.techtarget.com/definition/keylogger:

> Keyloggers are often used as a spyware tool by cybercriminals [...]. Keylogger recorders may also be used by: [...] These uses could be considered ethical or appropriate in varying degrees.

https://www.malwarebytes.com/keylogger/:

> Keyloggers are a common tool for corporations, which information technology departments use to troubleshoot technical problems on their systems and networks—or to keep an eye on employees surreptitiously. The same goes for, say, parents, who want to monitor their children’s activities.

https://enterprise.comodo.com/what-is-a-keylogger.php:

> At its most basic definition, a keylogger is a function which records or keystrokes on a computer. Taken at this basic level, a keylogger looks absolutely harmless. In the hands of a hacker or a cybercriminal, a keylogger is a potent tool to steal away your information.

https://us.norton.com/internetsecurity-malware-what-is-a-key...:

> A keylogger is a type of spyware that can be used to track and log the keys you strike on your keyboard, capturing any information typed. Keyloggers are insidious because you don’t know they’re there, watching and recording everything you type.

[ChrisLomont]

From your links:

1st: title mentions they're used by attackers. First sentence: "Keystroke logging software is one of the oldest forms of malware. Under "definition" they state "One of the oldest forms of cyber threat, these keystroke loggers record the information you type into a website or application and send to back to a third party"

Why did you take your sentence out of context? Those above and below state keyloggers are used for criminal activity. The article is about keyloggers being malicious.

Second link: "Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose."

Well, I guess that defines the common usage, hence the word "most". The article also states that "keyloggers have pushed phishing out of first place as the most-used method in the theft of confidential information". So not only are they mostly used for crime, they are the number one method for stealing confidential information.

And most every other link you posted also either defines them as malicious or points out that most uses are malicious.

So, by what metric you claim ". Yes, a keylogger need not be malicious. But so far you competently have made the case that the common meaning is most certainly malicious, and it's not even a close assessment.

So - what was your metric to claim "the common meaning of keylogger is not restricted to malicious software"? This list clearly supports that malicious use is by far the common meaning.

Please state your metric for "common meaning" then we'll test it. If you have no metric, we're done, since so far all the data points to your claim being false.

[karaterobot]

Strongly disagree that most people think of autosuggest in a search form as a keylogger. I've never once heard it referred to as such, outside this thread.

I think most people think of a keylogger as a malicious program that secretly records your keyboard activity when you don't know about it. If they think about it at all, they think of autosuggest as analogous to a form submission.

[volkk]

this is such a classic HN argument, it's almost comical. pedants from every part of the world going at it and even including google search results, picking apart each word that the original author meant to prove their point. this is the kind of conversation that would make me want to rip my head off in an office environment.

but from my POV i would also say that 95% of the time i've ever bumped into the term, it was always used in a cyber attack context. the other 5% was from corporate overlords wanting to spy on your actions.

[hvdijk]

Yeah, please take into account that I only listed the Google search results in reply to a blatantly false claim that Google search returned completely different results. Bullshit needs to be called out.

[leesalminen]

It’s not obvious to the user that when they type in a search bar their text will be used to find relevant content on the site?

[hvdijk]

Indeed, it's not necessarily going to be obvious to a user that when they type in a search bar their text will be used to find relevant content on the site even before the user clicks a "Search" button.

[syshum]

TIL that all software that accepts keyboard I/O is now a "keylogger"

wow...

[BTCOG]

Nope. A keylogger is any field taking whatever your input without your knowledge, and "logging" it. So as he said above, if you were accidentally typing in sensitive info in a password field, or a chatbot window and without clicking a button to send that info off, they are logging it. That is still keylogging. Just because it's not a RAT keylogger doesn't mean it's not logging keystrokes.