Feature Request: Accessibility setting for globally disabling/enabling the clipboard

forestfuturist · March 18, 2024, 11:21am

Feature Request: add a toggle to Accessibility Settings that disables/enables all clipboard functionality globally.

Namely, the toggle would disable/block/continuously overwrite the three possible selections (PRIMARY, SECONDARY and CLIPBOARD) to make any manual cut/copy/paste operations impossible, whether by keyboard shortcuts (CTRL+X/CTRL+C/CTRL+V), by context menu (cut/copy/paste options) or by mouse middle-click.
Considering that every app has their own shortcuts, it’s impossible to globally disable all shortcuts and relevant context menu options within apps, so the best way to achieve this would be to disable/block the selections themselves.

Use Cases: enhanced security data processing, working with cryptocurrency, handling of financial or otherwise confidential data, preventing malicious websites from reading out clipboard contents.

It would allow the system to be used as a kind of dumb terminal for enhanced security/privacy contexts, disabling an avenue for human error (fat-finger errors) and reducing the attack surface for malicious actors.

Also in my case, I have medium-severe OCD, so it would help me greatly in reducing friction in my workflow.

redstrate · March 18, 2024, 5:08pm

If you didn’t know, malicious websites cannot read your clipboard without permission See 클립보드 액세스 차단 해제 | Articles | web.dev

This is more like security theatre, applications can still read the clipboard. On Wayland we could possibly stop all clipboard reading I guess, but I don’t think there’s a real security benefit here.

forestfuturist · March 18, 2024, 7:30pm

I actually didn’t!
I assume this is the magic of Wayland then? While I knew that Wayland isolates apps from each other, and only lets them talk to each other securely via portals, I wasn’t aware this applied to Clipboard functionality as well…
Amazingly well thought-out then!

If this gets implemented on Wayland, would it cover Xwayland apps too?

You make a great point about the security benefit, luckily Wayland seems to cover that aspect.

However, there’s still a significant benefit regarding accessibility and security regarding human error: to give an example, when working on anything important or privacy sensitive, I often cannot keep track well of what I interacted with. So I’ll often have moments that are like: “Wait, did I accidentally CTRL+C my password 5 minutes ago? Did I copy it anywhere?”
Or when navigating a website using keyboard controls, while mashing keys quickly, it happens often that I accidentally press one of the CTRL+X/CTRL+C/CTRL-V key combos, and then I have to check whether I copied or pasted anything to the wrong spot. Even when right-clicking a link to open it in a new tab/window, I have misclicked and hit “Paste” instead several times.

There’s an infinite amount of such human error scenarios, and while they are harmless usually, they are a serious problem when working with anything sensitive or private.

The only way to truly prevent this entire error category is to disable the functionality at its root.
With OCD, it truly is hell to have to think about stuff like this regularly, it occupies a significant amount of my capacity just to pay attention that this sort of error doesn’t occur, which I could use a lot better to actually do work.
For me, and anyone else with OCD, as well as anyone in need of enhanced privacy, this functionality would be a very useful “peace-of-mind-button”.

I use Wayland/Xwayland, even as a Wayland/Xwayland-only feature it would be great to have (especially considering that this kind of feature probably meshes a lot easier with Waylands more modular nature)

I also just realized that it could also make sense to put the feature in the Klipper settings instead of accessibility, either makes sense.

redstrate · March 18, 2024, 11:47pm

If your password manager is smart, it would tell KDE not to record your password in Klipper and also auto-clear. Or perhaps avoid using your clipboard at all

I don’t see how mistakes like this would warrant an option to completely disable the clipboard though. I could argue that I could accidentally slam my password into a random box on the Internet, so we should be able to disable any keyboard input.

Is it though? If you’re working on a machine where you suspect you have a malicious app running that copies your clipboard contents, maybe don’t run it while working on your company’s financial details. Said app could also read the Excel spreadsheet while you’re working on it as well…

To me it sounds like you just want to disable clipboard history entirely, why not do that instead?

forestfuturist · March 19, 2024, 1:22am

That is essentially exactly what I was thinking of, but just regarding unwanted copy/pasting.

There is an actual usecase for the functionality I described: switching back and forth between an enhanced security context and a regular context.

If you know in advance that your workflow is gonna include a lot of switching back and forth between a secure context and a regular context, it’s much more reasonable to disable the main possible vector of accidental cross-contamination, which is copy/paste functionality, at the beginning, instead of manually clearing the clipboard between every single switch.

Example: working with cryptocurrency or other financial data. You might open one window with your confidential data, and at the same time look up technical instructions in your browser on a forum, while at the same time using a trading platform. In short, any case where you’re working on several things in parallel and switch between them often, while needing to keep them reasonably separated from each other.

The only ways to ensure this otherwise are either to:

pay very close attention to not accidentally copy/paste anything, which is distracting and introduces friction, or
manually clear the clipboard every single time you switch between two windows/tabs, which would be unreasonably impractical.

In contexts where security is a priority, unneeded clipboard functionality can be a liability instead of helpful, giving the ability to simply temporarily disable the clipboard instead good reason to exist.
It makes the difference between having to worry to prevent mistakes instead of doing meaningful work, and being able to freely use your system to enhance your abilities to their maximum, which also ties into the accessibility aspect I previously mentioned.

Klippers clipboard history doesn’t really matter for this usecase, because even when disabling Klipper, the actual copy/paste functionality within Wayland keeps working just the same, which is the real crux of the problem.

Do I understand correctly that, at least within Wayland, it would be technically possible to implement it?
Would it also work for Xwayland apps?

cyberpunk · March 21, 2024, 12:02pm

Yes, please! Exactly something such as this

cyberpunk · March 21, 2024, 12:04pm

Here’s is the problem’s core, really

forestfuturist · March 21, 2024, 6:15pm

How to uninstall Clipboard? Removing doesn't work from Discover. This showed my password!

How to uninstall Clipboard? Removing doesn't work from Discover. This showed my password!

Unlike other operating systems, in Plasma the clipboard has an icon that shows you stuff and let’s you configure extra clipboard features that Plasma offers, and if you don’t like to use them, you can disable the clipboard icon but you aren’t allowed to disable the clipboard itself.

I think that having the option to disable the actual clipboard is a good idea: you can prevent an entire class of vulnerabilities (fat-finger-error/human error), which would be extremely useful in security-critical usecases.

For example, when working with financial data or crypto stuff, you have to be really careful to not accidentally copy/paste sensitive data somewhere it doesn’t belong, and you have to manually empty the clipboard all the time (which isn’t foolproof either, considering that doesn’t 100% protect you while you’re working with the data, only when you’re done).
If you know in advance that you’re not gonna use the clipboard in a scenario where clipboard functionality introduces vulnerablities, it makes a lot more sense to have this option instead.

It could be a simple toggle in Klipper settings or the accessibility settings.

What I posted in another thread on the topic.

ratijas · June 2, 2024, 12:13pm

I would LOVE to see you copy-type your wallet addresses by hands. Very secure, such error-proof, much usability, wow

What does that has to do with anything?

Then… don’t Ctrl+C ever again at all? Or check your clipboard content with Meta+V before pasting.

SvenPuschmann · June 2, 2024, 5:46pm

I understand the need to protect sensitive data. From this thread, it’s clear that this is the core of the problem. As you write, you suffer from OCD, which is a given context. However, the use case applies to everyone dealing with sensitive data, not only in this context. Therefore, my thoughts are as follows:

Separate problem from solution. The problem to be solved is securely working with sensitive data. The proposed solution is to disable the clipboard globally. This solution might seem like a good idea in this given context, but it could have negative consequences for other users and use cases. What if you disable the clipboard for this one use case but need it now for another? What are other solutions and which work best?
Don’t mix multiple unrelated problems as this makes it harder to find good solutions. For example, don’t mix the aforementioned security problem with the overall problem of having no track kept (or feeling insecure) about your latest activities or having pasted clipboard content in the wrong place. Rather combine similar problems.
Is there serious, reliable research about good interaction practices and accessibility settings for OCD patients? I believe this should be considered before taking any action.