How can I mitigate the keylogging issue of Xorg?

My plan is to: - Turn off listening to all sockets, and initiate X through a command such as: `Xorg -nolisten tcp -nolisten inet -nolisten inet6 -nolisten unix -nolisten local :0 -seat seat0 vt7 -novtswitch` (although I don't know how to prevent X running entirely without this configuration) - Run Xorg rootless - which is far more difficult than it seems considering I don't want to use GNOME or GDM. At the moment I'm using LightDM and XFCE. I did manage to get rootless Xorg working on SDDM, but it's quite buggy. Again the insanity of this baffles me. - FireJail the main X server and only allow communication through for specific inputs (keyboard, mouse, screen, Xephyr). So for this I'd prevent anything speaking to the X server directly other than these applications/devices, thereby forcing GUI applications to use the proxy of Xephyr. It should also keep everything sandboxed to hopefully prevent possible zero-day attacks. - Use seccomp namespacing through FireJail on both applications and the X server to try and further isolate everything However the reality of implementing these measures is much more difficult than I realised, as I've seen with FireJail and Xephyr not preventing keylogging still. Is there anything I should add to this above list? It would be good if we could compile a list in this thread of all the possible fixes to help other people out who are also probably struggling in the same way. What kind of protections do you guys have in place to prevent keylogging (and other issues) on X11 and Xorg? This is a huge issue which affects just about every GUI computer which runs Linux so I absolutely can't and don't believe there's nothing which can be done to prevent this as it's such a notorious issue. Really interested to hear what you all think.