[JdeBP]

My computers ignore USB HIDs other than the ones that I have explicitly permitted. Unfortunately, this is a major architectural revamp for many operating systems. The idea that every HID is automatically added to a keyboard/mouse 'multiplexer', that provides a single combined input stream, is a pervasive one.

[pbhjpbhj]

Some sort of USB firewall? Something you can share?

[JdeBP]

No. The multiplexers are all turned off, and I have devd/udev rules that spawn my own userspace driver processes (as services, via service management) to attach to the individual USB devices. The driver services in turn use an autoconfiguration system to determine whether they should actually attach to the device whose name they are passed, and where they should pass input onwards to.

* https://jdebp.uk/Softwares/nosh/guide/user-virtual-terminal-...

* https://jdebp.uk/Softwares/nosh/guide/commands/user-vt-reali...

This is for a virtual terminal system. For X11 or Wayland, one would have to replicate the same idea in an appropriate form, and stop using the multiplexed devices.