Bug 488485

Summary: Security issues with auto enabled clipboard history.
Product: [Plasma] plasmashell Reporter: Claus Nomi <senoraraton>
Component: Clipboard widget & pop-upAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED INTENTIONAL    
Severity: wishlist CC: nate, voidpointertonull+bugskdeorg
Priority: NOR    
Version: 6.0.5   
Target Milestone: 1.0   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Claus Nomi 2024-06-14 07:31:07 UTC
I looked for the proper place to file the issue about the clipboard applet(plasmoid?) under Plasma, but nothing seemed appropriate.  

Currently the clipboard history is enabled by default.  Traditionally most users who use the clipboard do so through shortcut keys/right clicks.  The added functionality from the clipboard manager creating a history is a security vulnerability because it may contain sensitive data that you have copied, that is now persisting because there is a history.  

There are 2 scenarios I see.  
A) You don't know this feature exists, and you assume copy/paste works as standard. Your working on a false sense of security that once you overwrite a copy, then its "gone", when in fact it is not gone.  
B) Your aware of, and use this feature.

Because of the implication that in order to use the feature, you need to be aware the feature exists, and that it has security issues if you do not know it exists, it should really be opt-in, not opt-out.
Comment 1 Nate Graham 2024-06-14 16:02:31 UTC
It's intended that the feature is on by default because remembering recent clipboard history is genuinely useful—a big productivity booster.

If you leave your screen unlocked in a security-sensitive environment, any personal data in the clipboard history is the least of your concern; an attacker has full access to all the rest of your files and personal data too. So ensure that screen locking after inactivity hasn't been turned off (it is on by default) and remember to manually lock the screen if you leave the computer unattended and don't want to wait for the inactivity timer to fire and lock the screen.