Holy shit I didn't know she was missing.

I guess advocating open source is enough to be imprisoned.

It is very wise to use a FOSS keyboard app, because if you think about it a keyboard app would probably be the thing on your phone that knows the most about you. I don't mean that to fear monger, it's just a thought. Plus if you look at events in the past few years like swiftkey's little user data error it gives you an idea of how privacy invasive they could or could already be.

Keyboard is absolutely a thing to be careful with. On Android mobile, use OpenBoard for example. On computer, if you use Linux, also install kloak [https://github.com/Whonix/kloak], a tool that slightly delays randomly your keystrokes to help you hide your typing pattern that can definitively identify you

For those who would like to know more about what happened to Naomi Wu, aka SexyCyborg:

https://www.hackingbutlegal.com/p/naomi-wu-and-the-silence-that-speaks-volumes

I used to use Gboard with a firewall that isolates the app so that it can never connect to the internet. Though that was in the past and I'm not sure if that is even effective. So I just switched to a open source keyboard in FDroid

Probably a good place to ask. Are there any FOSS keyboard apps for Android with swipe typing?

Florisboard on FDroid.

And dont ever use any Stock Android, its all spyware. Thats simply the truth. At best its "only" Google. Samsung was the worst of the ones I tried, regarding bloatware, but Huawei and Xiami are also horrible and you dont need anything fancy but a keylogger keyboard.

A while ago I read about a study where they showed how they recreated typed text on a computer keyboard based on the sound the keys made, using AI. I can't seem to find the post right now tho.

All that comes down to your threat model.

If you're very concerned about sophisticated actors getting effectively keyloggers on you. Install a privacy focused operating system on your phone, like graphene os (fixed spelling). Don't change the keyboard. Keep the default secure keyboard.

For your physical computer, uses very standard keyboard. Nothing fancy nothing that's reprogrammable. Most people have USB keyboards nowadays, make sure you plug your keyboard and mouse into their own USB controller, so nothing can snoop those keystrokes. Don't use a KVM, don't use a fancy monitor that basically got a computer inside of it.

If you think you might be a target, buy your keyboard with cash, in fact by all of your electronics of cash, don't order anything for delivery. They could get tampered with on the way to you.

So, the keyboard is important, and is one thing; but one must not overlook that on touch devices, software keyboards run on top of operating systems, and hardware, too.

Actual keyboards made of physical keys/domes/switches, embedded controllers, and USB chips/cables, even if they seemingly present a similar attack surface (after all, they are also connected to hardware with an operating system), are practically harder to compromise.

Yes, in both cases, the operating system has access to the information (be it via the USB subsystem, or via the touch/input subsystem, etc), and the hardware too; but computer hardware is more heterogeneous, more modular and standardized, and "auditable" operating systems are much more common, and readily deployable. Heck, it is entirely possible to run open hardware and open software (including the toolchain to build said software) with a computer; but the same for mobile devices is very much uncharted territory.

The result is that even with our best effort, a mobile device is at the very best a black box, with an unlocked bootloader, a community provided recovery and operating system, often downloaded from random file hosting services, and built with toolchains of variable quality with several proprietary components.

This is not ideal, and it is the best case scenario. In many cases, people run the stock recovery/operating system, and simply sideload software on a device they do not even have root access to.

The takeaway here, is that while nothing is perfect, and there is always an attack surface, using unpredictable components (e.g. standardized, modular), with unpredictable software (e.g. dozen of different operating system families, each with their own version and qwirks), while also having a community of technologists auditing the code (even if only a handful of developers, there is much less risk of them all organizing towards a harmful goal than with a team of employees from a company ultimately led by a single person), practically provides a significantly different environment.
And unless you're an embedded engineer/genius able to design bug-free (g'luck) PCBs from open hardware ICs (so you can have them made via your vendor of choice) and simple components, and then use software you, or people you trust, audited, you have to recognize that you can only do "less bad".

Less bad being a dev-friendly device (old Google pixels come to mind, not sure if they're still like that), installing lineage, /e/ or another alternative system on it, and using software from f-droid (like AnySoftKeyboard - the one I am actually using for typing this).

That, or you decide to trust the reputable (YMMV) company of your choice with your digital life, identity, and data. Many pros I know in infosec go for Apple. It is true that, at least for professional use cases, with companies in the US or in western Europe, it arguably makes sense.

On a standard computer, be it a desktop or laptop, it's very hard to effectively avoid keylogging.

I don't say you 100% have a keylogger on your PC, that's not my point.
My point is that both on Windows, and on Linux systems that use the X11 window system instead of Wayland, any program can log your let presses with basically no effort.
On windows this is somewhat restricted when a program opens a secure desktop (a temporary "desktop", usually (always?) with a single window). This happens when you have to grant admin rights to a program, but other programs can request such a thing too, like the keepass password manager can be set to prompt for the password on a secure desktop. I don't know if the X11 window system of Linux has a similar feature.

But, as the other commenter said too, it depends on your threat model, because it can go a lot deeper than your choice of keyboard app.
If you use the original system of your smartphone, the manufacturer may have hidden software in it that can log your key presses even without cooperation if your keyboard app.
But if the modem - which is basically a different operating system that runs in parralel to the main one, but with the purpose of handling the connection with the cellular network, besides doing quite a few other things too - could get compromised, often it could be used to have open access to all the hardware that your main, android operating system uses. How is this on topic? This way intruders could observe where do you touch the touch screen, among a lot of other things.

I use familiar Gboard with the network permission toggled off.

Use grapheneos, lineageos or something similar. Those contain the AOSP keyboard instead of the google keyboard.