Klipper's defaults and missing "clear all traces" functionality — a structural privacy concern

I want to raise a structural concern about Klipper that goes beyond two bug reports I have filed on bugs.kde.org (linked below). This is not a complaint about the existence of Klipper or the value of clipboard management — it is a focused argument that Klipper’s current defaults and architecture create a privacy problem that the KDE desktop should take seriously, and that there is a straightforward path to addressing it.

The problem in plain terms

Klipper, as shipped and configured by default on Kubuntu 24.04 LTS, silently records everything that passes through the clipboard — passwords, authentication tokens, personal correspondence, API keys, sensitive document content — with no entry limit, no expiry, no first-run notification to the user, and no default prompt to clear history on session end.

Furthermore, the standard OS-level tools that users and sysadmins reach for to clear clipboard contents — xsel, xclip, and equivalent X11 utilities — do not interact with Klipper’s history store at all. A user who diligently runs a clipboard-clearing script, or follows advice from a security guide, will clear the X11 clipboard buffer and believe they have cleared their clipboard. They have not. Klipper has retained everything in ~/.local/share/klipper/history2.lst, silently, across reboots.

This is not a niche edge case. It affects anyone who:

• Uses a password manager with clipboard-based copy (virtually all of them)
• Works with API keys, tokens, or credentials at the command line
• Handles confidential content in any professional capacity
• Operates on a shared or multi-user machine
• Follows any security hygiene guide that recommends clearing the clipboard

The defaults problem

The default configuration ships with unlimited clipboard history entries, history persistent across reboots, no notification to the user that history is being maintained, and no session-end clearing option.

These are, respectfully, the wrong defaults for a privacy-respecting desktop operating system. The Linux desktop user base skews strongly toward people who care about data control. The defaults should reflect that. A reasonable privacy-respecting default would be something like: 20 entries maximum, cleared on session end, with a clear opt-in path for users who want persistent unlimited history.

The missing feature

There is no built-in “clear all clipboard traces” function anywhere in the KDE desktop — not in Klipper’s own interface, not in System Settings, not as a keyboard shortcut. A user who wants to definitively clear the clipboard and its history must either know the DBus interface or manually delete a file in ~/.local/share/klipper/.

To illustrate how non-trivial this is in practice, I worked through the following layers before arriving at a reliable solution:

1. The “Disable clipboard history” toggle in System Settings does not work (filed as bug)
2. sudo systemctl stop klipper fails — there is no systemd unit; Klipper is embedded in plasmashell
3. xsel and xclip do not touch Klipper’s store
4. The correct DBus method (clearClipboardHistory()) silently fails in scripted contexts without explicit DBUS_SESSION_BUS_ADDRESS export (filed as bug)

The working solution, once fully debugged, is this script:

#!/bin/bash
# clear-traces.sh — wipe clipboard and shell history for user + root

export DISPLAY="${DISPLAY:-:0}"
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u)/bus"

# ── Clipboard (xsel + xclip) ──────────────────────────────────────
clear_clipboard() {
    if command -v xsel &>/dev/null; then
        xsel --primary --clear
        xsel --clipboard --clear
        xsel --secondary --clear
    fi
    if command -v xclip &>/dev/null; then
        echo -n "" | xclip -selection primary
        echo -n "" | xclip -selection clipboard
        echo -n "" | xclip -selection secondary
    fi
}

clear_clipboard

# ── Shell History (current user) ──────────────────────────────────
history -c
history -w

for f in \
    ~/.bash_history \
    ~/.zsh_history \
    ~/.sh_history \
    ~/.local/share/fish/fish_history; do
    [ -f "$f" ] && > "$f"
done

# ── Root account ──────────────────────────────────────────────────
sudo bash -c '
    history -c
    history -w
    for f in \
        /root/.bash_history \
        /root/.zsh_history \
        /root/.sh_history \
        /root/.local/share/fish/fish_history; do
        [ -f "$f" ] && > "$f"
    done
    export DISPLAY="${DISPLAY:-:0}"
    command -v xsel  &>/dev/null && xsel --primary --clear && xsel --clipboard --clear
    command -v xclip &>/dev/null && echo -n "" | xclip -selection clipboard
'

# ── Klipper ───────────────────────────────────────────────────────
shred -u ~/.local/share/klipper/history2.lst
touch ~/.local/share/klipper/history2.lst

# Must be last — prevents Klipper recapturing terminal output before the wipe lands
qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory

echo "Done. Clipboard and history wiped for user and root."

This works. But a user should not need to reverse-engineer four layers of the desktop environment and debug DBus environment variable inheritance to achieve what amounts to: clear my clipboard.

A constructive proposal

I am not asking for Klipper to be removed or disabled. I am asking the KDE team to consider the following:

1. Add a “Clear all clipboard history” button to the Klipper interface and/or System Settings → Clipboard. One click. Immediate. No scripts required.

2. Add a “Clear history on session end” option to System Settings → Clipboard, defaulting to enabled or at minimum prominently offered.

3. Revise the default entry limit from unlimited to a reasonable bounded number (20–50 entries).

4. Fix the broken UI toggle — if “Save clipboard history” is unchecked, it should actually stop saving clipboard history. This is filed separately as a bug.

5. Consider a first-run or post-install notice that clipboard history is being maintained, with a direct link to the relevant settings. This is standard practice for features that collect user data.

None of these are radical changes. They are the kind of privacy-respecting defaults and controls that users of a serious Linux desktop environment should be able to take for granted.

I have enormous respect for the work the KDE team puts into Plasma, and I raise this in the spirit of making an already excellent desktop environment better. The Linux desktop is increasingly important as a refuge for users who want genuine control over their computing environment. Klipper’s current behavior works against that goal in ways that I believe are unintentional rather than deliberate — which is exactly why I think they are worth fixing.

Related bug reports

• Bug #1: “Klipper clipboard history cannot be disabled by any documented or discoverable method — 9 reproducible failure modes”
• Bug #2: “clearClipboardHistory() DBus method silently exits 0 without clearing history when called from a shell script”

Jonathan Brown — GitHub: github.com/black-vajra

This is a rather long read and unfortunately looks as if it had been generated or “assisted” by AI. Which will make a lot of people just skip it given that many such postings are often just a waste of time.

I would suggest to stick with a shorter format next time, for example just the proposed changes.
Much easier to read and understand, thus much more likely to be read at all, and for yourself much easier to check for inaccuracies, e.g. the incorrect claim about the default entry limit.

That already exists in Klipper’s context menu

That exists in Klipper’s options:

The default is 20.

This could probably be added to the welcome screen.

In which environment did this happen?
Usually the bus address should be part of the environment or any shell opened from within the desktop session.

In any case something to report against the tool you’ve used for the call.

i think OP’s point is that while those klipper GUI controls are great, but they don’t appear to work (or at least don’t seem to deliver what they promise).

i’ve been using kubutnu for 2+ yrs now and just checked my klipper file …i was shocked to find it is almost 6000 lines long!

that said, i did parse it with strings and found nothing of note … it’s all gibberish to me but does not appear to be encrypted (evident formatting).

the point is the limit of 20 items in the GUI only seems to apply to what is shown in the GUI, not what is kept in this file…. maybe that’s the action here.

—

also, while i’m concerned about bash histories, and some kind of easy GUI access to managing them… that would seem a separate topic from klipper and more toward the system settings GUI.

perhaps the welcome screen directing you toward both sets of settings is a worthy addition, or a privacy/security section of settings devoted to these kinds of adjustments/defaults.

You’re framing this as a security issue, which it is not. It’s fundamentally a privacy and workflow issue.

It means the ATTACKER must have local access to your user account… in which case, the contents of klipper history are the least of your concerns don’t you think?

I mean, at that point they already have your SSH keys, browser cookies, password manager vault (if unlocked)…

Klipper isn’t a clipboard buffer, it’s a clipboard manager - it explicitly maintains history - that’s a feature.

Defaults are about creating a usable desktop, not a privacy desktop…

Klipper is a productivity tool for me. I like to have things ready to paste…

Like this:

Legibility Tip

```
pasted text
```

~~~
pasted text
~~~

Clearing a clipboard isn’t the same as clearing the history - you conflated two completely different things.

Your ideas about xsel are talking about the current clipboard buffer meaning that if someone sits at your terminal they can’t paste your password.

So let’s assume you’re in an environment where you must make sure no history persists after a session:

1. Use the Live USB, or guest account.
2. Kill klipper entirely.
3. Script a call to clear the history on logout.

Personally I’d have a separate script, I’d name it ‘cleanexit’ and put it in my ~/.local/bin folder…

Then instead of my usual ‘Meta_F2’ script for ‘set volume and suspend’ I could do ‘Meta_ALT_F2’ script for ‘cleanexit’.

But these are not ‘sane defaults’ for anyone - they’re enhancements specific to you.

There’s a bit of a “my preferences are universal” thing going on here, along with an AI vibe, which as other people have mentioned, will make many ignore what you have to say. Best to avoid those in the future.

Ultimately it sounds like you should disable Klipper entirely; that will resolve basically all the concerns you have and make the cross-desktop tools work as you expect.

Also note that Kubuntu 24.04 LTS ships versions of KDE software that are over 3 years old at this point. That software is frozen in amber, and a lot can change over the course of time. So it’s best to complain about the current version of a piece software because they developers can actually change it. Complaining about an old version is often not actionable for developers because many of the complaints may not even apply to the current state anymore.

Assume your homedir is on an unencrypted partition. Someone gets your device, but not your user credentials. Then:

• They have your SSH key files, but don’t have the corresponding passphrases
• They don’t have the passphrase for your encrypted password manager vault
• They do have your browser cookies
• They do have your clipboard history if you saved it across sessions

If your security needs actually require hardening against an attacker gaining physical control of your device, the very least you should do is turn on full disk encryption, which protects against virtually all of those cases.

But I think for the vast majority of people, this is a fantasy scenario. The far likelier attacks will be scams and phishing from from email, texts, and social media. And even likelier than those risks are the everyday non-attack-based risks like forgetting your passwords, getting sucked into conspiracy theories on social media, or having your device rendered unusable by a bad update.

Indeed. I’d also put “reusing the same password for multiple websites” very high on the list of things to avoid.