Description
Request: Add security section for Espanso to main website/documentation
As a long-time user of Espanso I am often preaching its virtues; but recently encountered some FUD: a friend installed but then immediately uninstalled Espanso worrying about the fact that it captures all keyboard input, including potentially passwords (which it does not - see below)
It's not an unreasonable worry, and it is actually addressed, it's just not easy to find, tucked away at https://github.com/espanso/espanso/security/policy
While espanso detects key presses as a keylogger would do, it doesn't log anything. Moreover, to further reduce risks, espanso only stores in memory the last 3 chars by default (you can change this amount by setting the backspace_limit parameter in the config) and this is needed to allow the user to correct wrongly typed triggers by pressing backspace, up to 3 characters.