After reading http://techtrickery.com/keyloggers.html I am not sure if I ever want to have Xorg installed anymore. Wayland is great but it seems like having a fully featured *nix desktop without XWayland installed is still hard to achieve.
At present Linux desktops aren't very secure against user installed malicious software. It is however fortunate that most software is installed from curated repos.
It's not clear that just switching to wayland is worth much at this point in time.
That link is a blatant lie. Redirect each wayland client's stderr to a different term and you will see that the process (keyboard/mice input + graphics output) isolation is still working as intended.
It's not a blatant lie. There is probably no default install in which I would not feel it absolutely necessary to change every credential stored on a system if it ever ran a compromised binary and a new install from scratch.
At best you are hoping that the malicious binary someone tricked you into running didn't also take advantage of an additional vulnerability to compromise everything. Keeping in mind that your adversary has every opportunity to test against the same environment you are running.
The only linux environment that I've aware of that takes isolation really seriously is qubes and even that isolation could be violated in theory.
I want desktop applications to have features that right now require substantial permissions to effect. The primary defense is and will likely remain not to install malicious software in the first place by installing from curated sources.
It's a blatant lie because the author of that code snippet is trying to trick the reader into thinking that Wayland's isolation somehow has been broken, but that's not true at all.
In the real world, any secure desktop solution is going to require a reliable execution environment ("security is only as good as your weakest link"). If you don't trust the user to properly handle that, then you must ensure they don't do anything stupid or dangerous to themselves by restricting what they can do. For desktop applications this usually means to execute them in a sandbox (such as Flatpak). QubeOS tries to do something similar, but stumbles upon the inherently insecure design of the X Server, and has to work around it running separate X server instances for each unreliable X client.
It's definitely possible depending on your use case - I can run Firefox and a terminal without XWayland running, which is all I need. (There was a weird bug where Firefox under Wayland would open an X window first and then discard it, not sure if that's been fixed yet)
