and that's NOT what these tools are doing. That would be a huge waste of data. They're just tracking which UI components you touch, the timing and inputs. It's more like recording an RDP session, not full on screen captures. You can compress a lot of that data and it would be difficult to detect without installing CA certs and using a MITM-proxy.