If you’re arguing for different defaults - then that ship has sailed: security is always a compromise with ease of use and discoverability and in this regard the devs and users have spoken loudly and the clipboard stays visible with default 7 entries.
If you want to suggest features that can be enabled by more security conscious users, then please do. I think the password hiding feature is already implemented, and you could have always hidden the icon in the overflow menu. Anything else?
I would also like to point out that in general - claiming that the GNOME desktop is better because it has less features will not get you a sympathetic ear in the KDE discussion board…
Excuse me, but that was most defo not the intention here! I use so many Linux desktops and i have no favorite, but different use cases. It feels unfair that you are suggesting that i think Gnome is somehow better because of THIS? No, just NO. Did not claim that, not at any point.
Me and others only pointed out a little feature that appears to be problematic, no matter how it’s explained. The copy pastes are “just there” behind a clipboard icon in the desktop.
That said a huge update just rolled in and i restarted this KDE Neon machine and what: the clipboard is gone from the lower right panel arriving the desktop
Yes, i do that often times. But most of the people who have just gotten in to Plasma (or Linux altogether that is) may care for privacy (in the end who wouldn’t really) and do not realize this.
Also seasoned users who care ALOT for privacy, not always remember to lock the screen or whatever, depending on situation.
Some privacy freaks have stated that they have pretty much compromised their “everything” like their own company for example while having a drink or two too much in the evening.
This might seem far fetched but humans are so imperfect and flawed even they had how strong convictions and so on. I still think the clipboard (and its contents) should not be there behind one click on a “picture” that in itself tells what’s in it even if not computer sawwy.
I can understand that concern…but that is not a unique thing to KDE Plasma, Linux, or even traditional desktop computing in general.
An enormous amount of mischief (at best) or truly malicious behavior (at worst) is enabled if someone leaves any personal device - desktop PC, tablet, or phone - unlocked around untrusted individuals.
Having the clipboard history turned on by default also seems to align with the general principle that if a feature was developed to be useful, then it should be turned on by default so folks can more easily discover and use it.
In my personal assessment, if clipboard history were turned off because of security concerns for folks who leave their desktops unlocked, that feels like having a car, putting a locked cover over the radio controls by default (because someone might change the station if they are inside the car)…but still leaving the ignition turned on, the doors unlocked, and the keys on the driver’s seat. Much worse problems still exist, convenience was removed, and little additional (meaningful) security was gained.
Yep. physical access to an unlocked session means practically free rein. Again, if you care about security, don’t leave your computer unlocked when you walk away from it.
And indeed, this isn’t a KDE-specific thing, it’s basic computer hygiene. Yes, people get drunk and make mistakes, and then they hopefully learn from their mistakes and do better next time. Such is life. The wisest people learn from the mistakes of others, and lock their computers when they go to the bathroom before an immature co-worker changes their wallpaper to something embarrassing.
If you favourite passwordmanager causes passwords to appear in the clipboard history tell them to add x-kde-passwordManagerHint=secret, this is already used by several projects and is a thing for 6 years
Hello everyone! Sorry for opening this issue again, but I agree with OP and this needs to be addressed as there is a certain security concern with this.
I generally run a script which after a few minutes clears the clipboard using the xclip command. I noticed that even though the clipboard becomes empty upon the clear command, klipper however continues to hold those values as long as the desktop is active. Which is understandable given a list of clips needs to be maintained in your own data structure. This tells me that it is a module built on top of clipboard and not integrated with it, and hence should be removable. That’s my assumption given standard software engineering patterns.
The ask is very simple. Without touching the usual functionality of clipboard, uninstall the frontend klipper. As it persistently holding potentially sensitive data as plain text in it’s variables is concerning.
There is a reason iOS forgets the clipboard after sometime even though the phone always remains with the user. It is a good IT security belief system of not having the ports in the first place, instead of leaving ports open to be hacked.
Kind of reminds me of the ethos of cold wallets. But then I digress.
I trust the good folks of KDE developers, and I believe klipper is a fantastic tool and must come by default with KDE, but there should be a possibility to remove this frontend (or having option to forget klipper’s copy of the clipboard after a configurable amount of seconds) for fair reasons.
You maybe can add a qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory
to your script.
On a funny side note: Always thought that Windows (I have to use at work) does not have a clipboard History (without additional software) just one entry, but just recently discovered that it has one, easily accessible, build in.
Thanks for the tip! As soon as the clearClipboardHistory line is hit, klipper goes away as it is holding nothing. I also replaced my detection line to getClipboardContents and now my script is kde specific and wholesome.
While that solves my problem, I feel the topic continues to be important.
If klipper is too tightly integrated into the kde desktop, then additional option to clear the clip contents after some configurable amount of time is a reasonable feature request.
A. iOS is attempting to be a much more secure (and therefor limiting the user’s actions) then PC operating systems (so, for example, MacOS does not share this clipboard behavior). KDE Plasma does not attempt to be in that category (Plasma Mobile not withstanding), so comparing it to MacOS is a more apt comparison than to iOS.
B. In the “ports” comment you probably mean the practice of preventing access to ports using firewalls instead of making sure you aren’t running any services you don’t actually need and could compromise your security - this is considered bad practice by good IT security people. But this is also irrelevant to Plasma’s use case - it isn’t meant to be used in a place where untrusted people can access your computer controls whenever they want (and frankly - no general purpose operating system is designed for that), but if this is a concern - this is what the screen locker is meant to help with.
I am not getting the tenacious friction in this thread against an extremely rudimentary request.
No disagreements with the specifics of what you are talking about. My takes are on simple high level observations and practices.
iOS is trying to be much more secure, macOS is not, so what? Why not give the option of making KDE as secure as iOS as well?
In the “ports” comment you probably mean the practice of preventing access to ports using firewalls instead of making sure you aren’t running any services you don’t actually need and could compromise your security - this is considered bad practice by good IT security people.
No, that is not what I mean. Something I did not mention does not mean I am against it.
IT security people keep “blocking the port” as an end all solution. Can you remove sshd from the computer which doesn’t need remote access? Good remove it, and block port 22 as well. New fancy-smart TV in the meeting room? Lot of apps? Ok, lets remove these services. Oops, propeitary firmware, can’t do that, not even an interface available to do any of that? No problem, block everything. Just keep rdp/chromecast/vnc ports open that’s all. This is afaik, the standard book of a good IT security person.
For the lockscreen argument, I just have to say that hackers don’t walk into your house and start using your unattended computer. A computer is a computer is a computer, the hacker doesn’t discriminate who and what use case is how and where.
The term “rudimentary” here is telling - you are requesting to tear out a major feature of an operating system. This is a lot of work and even if implemented correctly can massively complicate the development and maintenance of KDE software. The clipboard is a rudimentary feature, removing it isn’t. But as always - patches are welcome.
Sure, I have nothing to argue against that it is difficult to do, especially because I am not a paying customer. I enjoy KDE for free and I truly appreciate what you guys do.
What I don’t appreciate though is being provided security or workflow advises, comes off as excuses, and is not the topic in the first place. A response with the actual reason about the difficulty related to the feature is much more useful.
In case it went unnoticed, I am not talking about removal of klipper, I am talking about an optional feature in klipper to forget after sometime. While I took care of it on my end by a script, it being natively available in klipper can really add more value to the feature list of KDE.
You think brainstorm section is a good place to discuss this? While I am not a good dev, I surely would love to look into it!
I totally agree that having clipboard history turned on by default and displaying openly on mouseover is something you’d expect from Microsoft. This is exactly the kind of crap people are trying to get away from by dropping Windows. It’s also not quickly obvious how to disable it. This feature needs to be disabled by default in Linux.
Just a wild idea: how about drag&drop of text?
This bypasses the clipboard, right?
I think if kwalletmanager/it’s successor/other password managers would support drag&drop of passwords there would be a way to copy them to password fields without showing up in the clipboard.
The problem is not the clipboard itself. Windows, macOS, every Linux distro has a clipboard. Clipboard in itself is extremely useful, you will be seriously crippled without a clipboard. The problem is the feature that keeps and displays the clipboard history and that it’s enabled by default.
Hi all - this thread is a “Help” category topic, and had an accepted solution 9 months ago. The dialog seems to have moved in a direction that’s more appropriate for either:
A “Brainstorm” category thread, where the topic is detailing out what concrete and addressable-in-software security risks are posed by the current default Plasma configuration, and what mitigations might make sense
A “Development” category thread, where the topic is figuring out how to implement an approach discussed above
I think keeping things focused in that way would be more productive than combining add-ons to the original Help request, comparisons to other operating systems, and general expressed concerns all in this one thread. Please feel free to create distinct threads for discussion as folks desire, using the “Reply as linked topic” feature in Discourse if you want to link the history of this discussion into a future one.
