I was taking a look at the Naomi Wu situation (A Chinese DIY tech youtuber who went missing after being watched by the government) and in one part they mentioned that she was concerned about her privacy, so started using Signal, but had a default chinese keyboard that had a keylogger and the police had looked into what she was talking on there.

I’m not sure if it was a mobile only thing, but it was mentioned that the keyboard app was used in like 70% por chinese smarthphones.

Now, I use AnySoftKey and refuse to use default keyboard apps, but how far can we reach on the keyboard security thing? Is typing on a computer or using a physical keyboard on a mobile device 100% safe? I think the keyboard issue is often overlooked and would like to know what recommendations your have? Or what should be known more?

  • nickwitha_k (he/him)
    link
    fedilink
    71 year ago

    This is exactly why Wayland replacing X11 is a good thing. X11 was developed in an academic, on-prem LAN environment where such security wasn’t a big consideration in its architectural design and needs to be allowed to gracefully retire from mainline use.

    • @jmp242@sopuli.xyz
      link
      fedilink
      51 year ago

      I really don’t see why you couldn’t attack wayland if you’re running code locally. Wayland is going to need keyboard hooks anyway to enable important productivity tools like anykey and clipboard managers.

      • nickwitha_k (he/him)
        link
        fedilink
        2
        edit-2
        1 year ago

        Absolutely. With local and physical access, attacks are very doable. Starting with a security-conscious architecture means that it’s easier to improve over time.

        ETA: The main point is that tech and use cases have evolved. This means that architecture of existing components needs to be re-evaluated for whether they are still a good way of accomplishing a task. In the case of X.org/X11, the architecture is more challenging to secure due to fundamental design. Wayland may not have full parity for remote use yet but, currently, security is generally a higher priority, so, its newer architecture that DOES consider security and sandboxing gives a better starting point in that area.

        I fully anticipate that Wayland will also be replaced in the future as tech and use evolves further (does it consider AR/XR? Man-Machine-Interfaces that might see adoption? etc.). Like biology, it’s the nature of tech to evolve and, since there isn’t a sign that bad actors will be absent in the future, Wayland’s architecture will likely end up being insufficient to secure against input logging attacks of the future.

      • @ReversalHatchery@beehaw.org
        link
        fedilink
        4
        edit-2
        1 year ago

        No, this thread is a general one, and I have mentioned Wayland. And they responded to me.
        The post may be more about mobile keyboards, but OP has also asked about what’s the case with computers, besides phones