J, This stuff has been on and off the list for quite some time now. I think the general opinion is that you cannot trust any software that does not come with full source code. Especially operating systems ( read : Windows ). Furthermore, hardware could be untrustworthy. As an example of the latter just imagine a keyboard chip that takes the serial data signal, ANDs it with the clock and runs the current-limited output through a metal loop on the die or couples it to an outside trace that is not likely to be filtered. Instant keyboard transmitter. Short range but probably usable. Try it outside the chip, I'll bet an old AM radio will pick it up pretty well. If you have better receivers try 1x, 3x, 5x ... clock carrier frequencies. What sort of other things would you design into an OS or a CPU or peripheral chips if you wanted to snoop? Let the OS do the keysnoop for you and send it off through the network? Keystrokes seem like the obvious choice because they are low-bandwidth and have a high information content but someone who's smarter can probably think of all kinds of other stuff to send. ls -al > G-buddy. You know, keystrokes are so low in bandwidth that I bet a receiver/recorder could be placed on your premises, say behind an outlet for power, and checked surreptitiously only when needed - how long would it take you to fill a 1Gb drive from your keyboard? I don't think that there can be real security unless you use embedded systems ( unknown to the OS and Host HW ) for critical roles and maintain two machines - one clean in a cage, the other on-line and without any sensitive information. Use sneakernet between the two using media that you can readily analyse. If I can think up a feasible method to do something in 5 minutes it was probably already done a long time ago and the people who do this stuff full-time have probably taken the field to amazing heights. They seem to be able to get cooperation from commercial companies too. Snooping probably won't be done wholesale, too expensive in terms of manpower, and I don't know anyone who needs real security but, in principle, everyone should have it. mike *** Crypto AG: The NSA's Trojan Whore? http://caq.com/cryptogate Are people familiar with this document? Why shouldn't NSA have implanted this kind of back-doors in various software and operating systems as well? It seems to have worked so very well in the past.