It’s clearly a dark pattern thought up by shitbags because users are more likely to create an account after they’ve typed something out vs. leaving when they find out an account is required to participate.
Even the shitbags over at Mozilla are doing it.
You’re right, you can see this with wire shark, or you can just use the network tab in your browsers developer tools.
But as a web developer, you’re absolutely wrong that we can’t collect every freaking keystroke if we want to.
Sometimes we wait for submit. Sometimes we collect everything as you move from one field to another, called a blur event. Sometimes we wait for the user to stop typing for like 1/4 or 1/3 of a second, called a debounce event. But we can collect every keystroke. We don’t concatenate them on the server side, we send the whole field value after each change, tied together with other fields based on a session ID.
Hell, sometimes we track your mouse movements as well. Where you move in the page, where your mouse lingers, how long you hesitate before clicking. A “good” company uses this information to make a better user experience. A nefarious one uses it to collect all your personal information without you ever clicking submit, and sees just how hesitant you were to disengage after being asked to pay. Then aggregate that experience to determine the price point.