Consider this a PSA. Assume everything you do is trackable. My small company writes software applications. We're trusted and have been managing sensitive information for about 30 yrs. One of our apps uses a Windows hook function which allows us to read all user inputs keyboard, barcode scanner, mouse, etc to detect whether the user is calling our application. Since we know our app might be one of three or 10 on the PC in use, we read everything but only respond and bring frontmost our app when it is needed. This just makes our business app more efficient and our users like it. That said, a nefarious developer could use the hook function to read all inputs (think keyboard usernames/passwords) and sftp (transfer) data to a third party site anytime USBANK, Chase, Wells Fargo is pushed into the keyboard buffer. We run on all versions of Windows and get by most/all antivirus applications (some might occasionally bark, but users agree to it). If Microsoft 'fixes" this problem, we'll just force users to bring our app forward, but they haven't in 25 years, and there are probably a dozen other ways to skim this information. Check you bank statements and don't type in anything anything that you don't want made public.
