keyviz
keyviz copied to clipboard
mulaRahul
Create a Setting to Pause KeyViz on Sensitive Information Typing
Is your feature request related to a problem? Please describe. KeyViz does a great job of visualizing keystrokes, the issue is currently having to remember to turn it off on password fields as that becomes a pain point when sharing screens.
Describe the solution you'd like It would be awesome if there was a setting that allowed to user to opt in/out of KeyViz visualizing keystrokes on password fields.
Describe alternatives you've considered Turning KeyViz on and off or only sharing screens when you've crossed that part of the process is an alternative to this, but it would be cool if it recognized password fields off the bat.
Additional context Currently do not have any additional context
Wait, aren't browsers supposed to not share key info outside the browser when typing in a password field? Does KeyViz specifically work around that?
I think keyviz specifically just takes in what's being typed on the machine you're on - regardless of browser happenings. I don't think keyviz is connected to any browser code, more-so desktop application code (but correct me if i'm wrong here), so it will show everything regardless
Low-Level Keyboard Listener ⌨️
Keyviz uses (a dependency which uses) LowLevelKeyboardProc (more here) to get keyboard inputs.
In short, it hooks up with the keyboard driver (connected to the system) and listens to every key press/release event i.e. low-level listener (Keyboard Driver → Raw Event → App).
There is also a high-level listener which is passed down by the OS (Keyboard Driver → OS → Processed Event → App), but the problem with the same is it only provides the keyboard events if the app in question is focused. But in this scenario, the app itself needs to display every keystroke, on top of other applications while staying unfocused (ignoring pointer events). That's why the low-level listener is used.
Global Hotkey & Secure Input Fields
Getting back to the issue, as you can see above keyviz gets raw keyboard inputs wherever it's coming from. Of course, it will be great if keyviz ignores keyboard inputs coming from secure input fields like <input type="password"> but ...I didn't find anyway to implement the same with the current low-level listener.
I did find some Mac keystroke visualizers ignoring events from secure input fields, so maybe there is a way to perform the same on windows as well. I'll need to dig around more about the same.
For now, to get around this issue you can perform the following -
- Use Hotkey Filter, to filter out letters, numbers, etc. (if it's not important)
- Turn off the visualizer temporarily using a global hotkey. Currently, the same can be done by left-clicking on the tray icon or from the dropdown menu (accessible from the tray icon) but in the upcoming releases a global hotkey will be added to turn on/off the visualizer temporarily (like using Pause, F10 or choose your own).
Keyviz uses (a dependency which uses)
LowLevelKeyboardProc(more here) to get keyboard inputs. In short, it hooks up with the keyboard driver (connected to the system) and listens to every key press/release event i.e. low-level listener (Keyboard Driver → Raw Event → App).There is also a high-level listener which is passed down by the OS (Keyboard Driver → OS → Processed Event → App), but the problem with the same is it only provides the keyboard events if the app in question is focused. But in this scenario, the app itself needs to display every keystroke, on top of other applications while staying unfocused (ignoring pointer events). That's why the low-level listener is used.
Makes sense! Thanks for this comprehensive reply!