Sad that a keyboard even needs to say that it's "privacy-conscious." What a world we've built, where one might reasonably worry that their keyboard _isn't_ private.
The standalone microcontroller in your physical keyboard can run arbitrary code, and it's been able to since we've invented keyboards attached to the computer via a port. What's there to stop the manufacturer (or a sophisticated attacker) from:
- recording your keystrokes in non-volatile memory, to be extracted later?
- exfiltrating them in real-time via Bluetooth (yay for wireless peripherals), WiFi, LoRa?
- asking the OS to install a driver, which (even if approved/signed) could have exploitable security holes?
The main hurdles are scale and sophistication, which, with an all-software "keyboard", were no longer an issue.
Weren't (true) PS/2 keyboards exempt from all of that? Of course someone could always achieve the first one with enough effort, but it would be adding in lots of things from scratch rather than repurposing the existing hardware that many keyboards have now.
And PS/2 had a maximum draw of 100mA so even piggybacking on that would be challenging I'd assume(?) - not an expert. A Teensy which was benchmark for lots of custom keyboards can pull most of that [1].
That's a gross underestimation. At current world population levels that comes out to be 8000 people. The QMK github repo alone has over 18k stars and almost 40k forks. So yeah very popular!
now exclude world population who is not using computers with separate keyboards in the first place. and maybe everyone who would not bother with firmware. in that context it's sorta popular. maybe even very.
- recording your keystrokes in non-volatile memory, to be extracted later?
- exfiltrating them in real-time via Bluetooth (yay for wireless peripherals), WiFi, LoRa?
- asking the OS to install a driver, which (even if approved/signed) could have exploitable security holes?
The main hurdles are scale and sophistication, which, with an all-software "keyboard", were no longer an issue.