My friend asked: When this app collects keystrokes with keys hits, it can collect password typed by user. Is it right? I cannost find any document about this.
WhatPulse is able to collect passwords. It will count how often you press each key, it doesn’t make any difference if you’re typing a password or just regular text. But it shouldn’t save the password, at least we hope that.
Definately not. Sure, the ability is there because the client gets a message of every key that gets pressed, but we are very privacy conscious while processing and storing data. Here’s an example:
When the client gets the key messages, it stores the key frequency and counts in encrypted memory. The client stores the stats in a local database file which it puts data in there every 30-240 seconds. When the client transfers the data to the database, it even randomizes the key frequencies, so if you happen to type only your password in those 30 seconds, your password wouldn’t be ‘sniffeable’ in the database.
WhatPulse is 12 years old and has about 260,000 users. If we didn’t take privacy seriously, we wouldn’t have come this far.
Hope that helps!