I misunderstood the documentation here. I also think it may have been different in the past because I see other people on the forum making the same "devices can sniff passwords" claim that I was. E.g. in https://forum.qubes-os.org/t/understanding-security-implications-of-usb-keyboard-usage-key-logging/2817

Anyway, I wanted to explain why I now believe this claim is incorrect, and why I still believe my USB to PS/2 adapter is useful in terms of security.

According to this, traffic from devices is only sent to the controller. https://web.archive.org/web/20190708035849/https://www.totalphase.com/support/articles/200349256

They mention that the host has the choice to either send each packet to a specific device or broadcast it.


The security benefit my device will provide is not connecting the keyboard to any VM, which means we can limit the control a compromised USB Qube would have on your system. The Qubes documentation is pretty unambiguous here:

"If you connect USB input devices (keyboard and mouse) to a VM, that VM will effectively have control over your system."
https://www.qubes-os.org/doc/device-handling-security/#security-warning-on-usb-input-devices

By avoiding using a USB keyboard or mouse, the UAB qube can be fully untrusted.

nostr:nevent1qqs2yz6h2375n0h7rsvdmgu9r3kwfamyct0du8mykpqmg5xr0gx6glcpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgsdxr4f36n9a9fljx4e8a4np6j3aveu2phc04ylvq9p8xh0qz4f2ygrqsqqqqqpekze9y