Bug 488485

Summary: Security issues with auto enabled clipboard history.
Product: [Plasma] plasmashell Reporter: Claus Nomi <senoraraton>
Component: Clipboard widget & pop-upAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED INTENTIONAL    
Severity: wishlist CC: goodaqua, ilikefoss, nate, voidpointertonull+bugskdeorg
Priority: NOR    
Version First Reported In: 6.0.5   
Target Milestone: 1.0   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Claus Nomi 2024-06-14 07:31:07 UTC 
I looked for the proper place to file the issue about the clipboard applet(plasmoid?) under Plasma, but nothing seemed appropriate.  

Currently the clipboard history is enabled by default.  Traditionally most users who use the clipboard do so through shortcut keys/right clicks.  The added functionality from the clipboard manager creating a history is a security vulnerability because it may contain sensitive data that you have copied, that is now persisting because there is a history.  

There are 2 scenarios I see.  
A) You don't know this feature exists, and you assume copy/paste works as standard. Your working on a false sense of security that once you overwrite a copy, then its "gone", when in fact it is not gone.  
B) Your aware of, and use this feature.

Because of the implication that in order to use the feature, you need to be aware the feature exists, and that it has security issues if you do not know it exists, it should really be opt-in, not opt-out.
Comment 1 Nate Graham 2024-06-14 16:02:31 UTC 
It's intended that the feature is on by default because remembering recent clipboard history is genuinely useful—a big productivity booster.

If you leave your screen unlocked in a security-sensitive environment, any personal data in the clipboard history is the least of your concern; an attacker has full access to all the rest of your files and personal data too. So ensure that screen locking after inactivity hasn't been turned off (it is on by default) and remember to manually lock the screen if you leave the computer unattended and don't want to wait for the inactivity timer to fire and lock the screen.
Comment 2 Fushan Wen 2025-03-05 06:47:15 UTC 
*** Bug 501030 has been marked as a duplicate of this bug. ***
Comment 3 John 2025-03-05 09:11:10 UTC 
I disagree that the default should be opt-in instead of opt-out!
As Nate said, this is very useful feature that a lot of us need.
Though a few changes to improve the security and awareness could be made:
1. Make it keep all copied things in memory (meaning in RAM only) by default, so if will not survive between reboots of if there's a sudden power loss or a forced shutdown.
2. When something is copied to the clipboard, make that "Clipboard contents" widget icon change color o wiggle for a second so more new users are aware that for the time of the session the copied stuff can be found there.

What should be opt-in:
1. Saving the database to disk instead of the RAM memory.
2. Keeping the clipboard history between reboots.