The article does talk about one example which is not considered wiretapping: a Google search field with autocomplete that's intentionally embedded in the web page.

You're not supposed to and everyone is in a gentleman's agreement not to, but you could if you really wanted to.

For example, the following code:

console.log("Foo");

console.log("Bar");

console.log("Baz");

Prints out the following to the console:

> Foo

> Bar

> Baz

But if I was to run this code first:

const originalLog = console.log; let logCounter = 0; console.log = function log(str) { logCounter++; originalLog(`${logCounter}: ${str}`); }

Then the original code will now output:

> 1: Foo

> 2: Bar

> 3: Baz

So if you wanted to stop people messing with keystroke/input/change/etc events, you could:

1. make backup variables that reference the original addEventListener, onChange, onTouch, onInput, etc... functions

2. make up your own man-in-the-middle functions that inspect the events getting passed to them

3. if you want the event passed to your man-in-the-middle function to go through, just pass it to your backup variable that points to the original function

4. and if you don't want it to go through, then just don't call the original function.

------------------------------------------------

Or, you could just use an adblocker like uBlock Origin on Firefox, so the third party tracking script isn't loaded in the first place