gtk3-mushrooms VS wayland-keylogger

It is not about KDE/Breeze, from what I have read, the issue is with GTK(3.) One fix, not 100%, but almost pefect fix is to switch out GTK3 with GTK3-Classic.

GTK3 does indeed suck. That's why I run it with these patches.

Unfortunately they also lost tons of functionality in the process. The fact that typing on a file picker starts a recursive search instead of simply jumping to the file/folder with the prefix you typed, is nothing short of hilarious.

Gtk-classic is the only thing that keeps me sane https://github.com/lah7/gtk3-classic

The KDE Server-Side Decoration is also really powerful, allowing easy Maximize Horizontally/Vertically, window shading/hiding, and moving windows between virtual desktop/workspace, all while being able to be hidden when maximized for that extra screen space when I'm on my old 768p laptop and why I use gtk3-classic to get that SSD. Also, Window Rules -- they're very, very handy to get windows and apps to start and behave in a certain way by default.

I highly recommend gtk3-classic.

It's a bug when it stalls out your computer for 2-3 seconds because the file picker is doing a recursive search through all of your files.

Luckily, the patches that fix this (along with some other bugs and anti-features) are actively maintained by community members, despite being ignored by the GNOME project.

https://github.com/lah7/gtk3-classic

gtk3-classic will move them out of the titlebar, but if you want them completely gone you're better off switching to applications that haven't fully embraced CSDs like Gedit.

The GTK3 filechooser is the reason I switched to gtk3-classic.

Use gtk3-classic.

Intercepting inputs meant for other apps is easy and it's already been done via LD_PRELOAD.

And all of this just for supposedly better "security", that can easily circumvented with trivial attacks.

Not in the same sense that there's a keylogger included with Windows, no. It's that it's easier to do on Xorg as opposed to Wayland. This isn't to say that it's impossible, however.

You can have keylogger on Wayland also without root priviledge. It's trivial: https://github.com/Aishou/wayland-keylogger

> you can still deliver different experiences at runtime — but you’re not likely to have the superuser privileges needed to run a leylogger or read ~/.ssh/id_rsa, etc, at that point.

Keyloggers are trivial to do in userspace Linux via LD_PRELOAD attacks[0], and typically your user account has permission to read ~/.ssh/id_rsa.

[0] https://github.com/Aishou/wayland-keylogger

I have read that bare Linux is totally insecure (https://github.com/Aishou/wayland-keylogger) unless you use some means of sandboxing. That's why I have been reading a lot about firejail, AppArmor, Tomoyo, etc.