SUMMARY Also see https://www.reddit.com/r/kde/comments/ws99fn/can_i_make_kde_connect_ignore_copied_passwords/ Basically, I want to keep using the clipboard sync feature of KDE Connect, but unfortunately it means that passwords copied from my password manager will also be synced to the connected devices and, unlike on the machine they were copied from, won't be automatically deleted from their clipboards after 10 seconds. This is a pretty big security issue for anyone using both a PM and a synced clipboard. If there's a way KDE Connect could know where a clipboard item came from, it would be great if one could blacklist specific sources (like my Password manager KeepassXC) from being synced to other devices. STEPS TO REPRODUCE 1. Have a connected device via KDE Connect, with clipboard sharing enabled 2. Let your password manager copy something to the clipboard 3. Check the clipboard on the connected device OBSERVED RESULT The copied content (password) is synced to all other devices. On the "host" machine, password managers like KeepassXC will usually automatically delete the copied password from the clipboard after a few seconds. Also, even within those few seconds, the password doesn't show up in the Klipper history. But on all devices that KDE Connect syncs the clipboard to, the password is permanently added to the clipboard. EXPECTED RESULT If possible, KDE Connect should be able to have a blacklist of applications whose clipboard items will not be synced. Otherwise, it might be possible to get away with only syncing the actual Klipper history and not copied items that aren't added to the history (because KeepassXC passwords aren't, but manually copied stuff would be) SOFTWARE/OS VERSIONS Operating System: Fedora Linux 36 KDE Plasma Version: 5.25.4 KDE Frameworks Version: 5.96.0 Qt Version: 5.15.5 Kernel Version: 5.18.17-200.fc36.x86_64 (64-bit) Graphics Platform: Wayland
>If possible, KDE Connect should be able to have a blacklist of applications whose clipboard items will not be synced. We can't, we don't have know the source. klipper does have a mechanism supported by some password managers were we filter out any selection which contains a mimetype key application/x-kde-passwordManagerHint
(In reply to David Edmundson from comment #1) > klipper does have a mechanism supported by some password managers were we > filter out any selection which contains a mimetype key application/x-kde-passwordManagerHint Is that something that KDE Connect already filters out, that just isn't supported on the KeePassXC side? Or does KDE Connect still need to implement the filtering?
I did implement that a while ago, but ironically people complained that they *do* want to sync their passwords :) https://invent.kde.org/network/kdeconnect-kde/-/merge_requests/39
(In reply to Nicolas Fella from comment #3) > I did implement that a while ago, but ironically people complained that they > *do* want to sync their passwords :) > > https://invent.kde.org/network/kdeconnect-kde/-/merge_requests/39 Could it be made into an option then? Looking at the MR it seems like that was were the discussion was leading but nothing happened after that. I can definitely see valid points for both sides of the argument, but personally I don't like it when my passwords are visible in plain text in some other device's clipboard history (the thing is that I often have not only my phone, but also my other Linux PC connected via KDE Connect)
A possibly relevant merge request was started @ https://invent.kde.org/network/kdeconnect-kde/-/merge_requests/489
Git commit b9a089344efeb68ae4e6b5d780a39de398208fe3 by Simon Redman, on behalf of Yuchen Shi. Committed on 17/10/2022 at 21:04. Pushed by sredman into branch 'master'. Add config for clipboard plugin on content types to share. ## Summary This MR adds a config dialog for the Clipboard plugin, where the user can toggle whether to share password and/or anything else with other devices. Implements !39 According to previous discussion at !39 (and the bug linked), some users want to skip sending passwords to other devices while others rely on the existing behavior. This MR addresses that by allowing users to control those two types separately and will replace !39 if merged.  Borrowing the idea from !39, the `x-kde-passwordManagerHint` MIME data hint is used to determine whether the content is considered secret. I've tested this method with KeepassXC which [sets this correctly](https://github.com/keepassxreboot/keepassxc/blob/a6d3f973fa8449f0f7dac864b3bd3928c29c649f/src/gui/Clipboard.cpp#L62). See test plan below. In theory, MIME also can be used to test for images and another checkbox can be easily added should we decided to support images later. For now though, the enum and the config supports only passwords or "anything else". Both defaults to true, thus keeping full backwards compatibility. I've been keeping both unchecked since I only share in one direction (Android to Linux), which wasn't possible until this MR. Others may want to make their own choices. ## Test Plan Please reference the screenshot above for the steps. From the indicator, right-click and select `Configure`. Select a device from the left side (or pair one if needed). In "available plugins", make sure "Clipboard" is checked, and verify that a "Configure" icon button is now shown on the right. Clicking that icon should bring up the new config dialog, where the two check boxes can be toggled as desired. Click on "OK" to save and apply the settings. Clicking on "Defaults" should bring both back to checked (the default behavior). Copy normal plain text from your favorite text editor and it should be sent to another device if the "anything else" checkbox is checked. I've tested this on an Android phone but I see no reason it won't work elsewhere given the code for sending has not been changed. (Feel free to test on other devices.) Open KeepassXC and select an entry, right click and select "Copy password". This sets the MIME hint so it should be treated as a password, controlled by the "passwords" checkbox. I've toggled the settings multiple times on and off. Once "OK" is clicked, the next clipboard change should pick up the latest settings. I've only tested on Linux desktops (Arch Linux) since I do not own a Mac. I don't believe any OS X application sets `x-kde-passwordManagerHint` at all, so they may be controlled by "anything else". M +11 -0 plugins/clipboard/CMakeLists.txt A +56 -0 plugins/clipboard/clipboard_config.cpp [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +34 -0 plugins/clipboard/clipboard_config.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +69 -0 plugins/clipboard/clipboard_config.ui M +16 -5 plugins/clipboard/clipboardlistener.cpp M +7 -2 plugins/clipboard/clipboardlistener.h M +13 -1 plugins/clipboard/clipboardplugin.cpp M +3 -1 plugins/clipboard/clipboardplugin.h M +1 -0 plugins/clipboard/kdeconnect_clipboard.json A +39 -0 plugins/clipboard/kdeconnect_clipboard_config.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] https://invent.kde.org/network/kdeconnect-kde/commit/b9a089344efeb68ae4e6b5d780a39de398208fe3