Free keylogger: cheap keyboard records what you do and uploads it to the internet


#1

Originally published at: https://boingboing.net/2017/11/07/free-keylogger-cheap-keyboard.html


#2

Is the issue here with the keyboard or with the driver?


#3

$30 for a mechanical keyboard…sounds too good to be true, and well it sorta is.


#4

quark-but-why

I see no goo reason for this thing.


#5

Seems like the driver. I don’t know why a keyboard would need a special driver. What happens if you just plug it in, or better yet, plug it into a Raspberry Pi?


#6

Presumably it’s all being done by the drivers. If you just use it with a reasonable OS (e.g. Linux or BSD) presumably it can’t/won’t be able to do anything. Now whether it will work on those platforms…


#7

It will most likely work just fine - the driver is only to enable the extra features that the generic HID driver doesn’t support - like the RGB lighting and any special keys the keyboard may have (e.g. various programmable macro keys).


#8

Screw the kb. But I love the pic of the aghast kid in the title.


#9

Article is updated - it doesn’t send key logs, it sends total counts of how many times each key has been pressed.

The hypothesized reason is that it’s so the manufacturer can get an idea of how many key strikes the keyboard will withstand before breaking (guessing that once a particular keyboard stops sending regular updates, it’s because it broke), so it can optimized the price/durability ratio of future hardware by reinforcing the most-pressed / scrimping on the least-pressed keys.


#10

Am I engaging in crimethink by only using keyboards and mice that do not require any kind of driver?


#11

Smash it up it before trashing - so some poor soul dosesn’t think they’ve made a great find on trash collection day


#12

Is it time that we need a government organization that regulates privacy in products? Similar to the Consumer Product Safety Commission or the FDA where it keeps track of the code that goes into the product, who wrote it, etc. and the overall product for privacy safety and has the power to recall products and fine or otherwise punish people who release products with safety/privacy violations?

A government agency tasked with doing this could do great harm or could do great good. What do you think?


#13

well that isn’t even remotely close to the same thing. do we know if the data is anonymized as well? does the driver ask you to opt into anonymous usage data? i’m guessing it is and that it does.

if it is just counts and anonymized then while it should only be opt-in, it is very similar to “send anonymous usage data” to improve X that many apps have. still, those sorts of things need to be manually opt-in only. if it isn’t opt-in, they should change that, and also sending keyboard data even just counts, could be problematic for small data sets, it should only send data sets larger than X to avoid potentially revealing sensitive data.


#14

There’s apparently no opt-in. If there were an opt-in with a clear description of what it’s doing, they wouldn’t have had to reverse engineer the software, and wouldn’t have had a false-alarm identification of a keylogger.


#15

How granular are those keypress logs?

A keylogger has the virtue of reporting the number of depressions of each key one at a time, in order; but depending on how frequently keypress value dumps are provided, the closer the diff between report N and report N+1 gets to being a somewhat stochastic sort of keylogger. More of a nuisance than something designed for the purpose; but potentially quite informative.


#16

Available in the BoingBoing Store!


#17

I only know what’s in TFA.


#18

This topic was automatically closed after 5 days. New replies are no longer allowed.