Desktop#
The graphical session is the operator’s interactive surface above the shell. Display server (X11 or Wayland), window manager (tiling, stacking, dynamic), and optionally a full desktop environment that wraps both. Each layer trades convenience for attack surface; the operator picks the stack that matches the threat model of the host they sit at.
The OPSEC-relevant lines run through this section. X11 lets any client read any window’s pixels and keystrokes (universal keylogger by design); Wayland isolates clients per surface. Tiling window managers reduce mouse-driven artifacts in screen recordings. Compositor choice (Sway, Hyprland, Mutter, KWin) shapes what an on-host adversary can observe, redirect, or replay.
The legacy display server. Universal pixel and keystroke access across clients. Tradition, broad WM support, audit-trail nightmare.
The modern display server. Per-surface isolation by default; screen capture and global hotkeys require explicit grants.
Keyboard-first window managers. i3, sway, dwm,
hyprland, bspwm, awesome, qtile, river.
Full desktop environments. gnome, kde, xfce,
mate, cinnamon, lxqt. Convenience plus
session-wide assumptions.
Battle drills. Identify the session, harden the screen, pin the clipboard, kill the keylogger surface.