Clipboard security

log · December 5, 2024, 4:44am

Is there a way to clear the clipboard completely? In addition to that, any option to also have a timer based auto-clean of clipboard too? Often times, the guest OS is not trusted or Whonix itself is used to store sensitive info such as private keys. Having something to deal with this would be really a welcome move. What you think?

rideordie · December 19, 2024, 1:14pm

My strong recommendation is to run Whonix in QubesOS, where secure cut and paste is a solved problem. I don’t know anything about running Whonix in a non-Qubes environment.

whonixuser6 · December 29, 2024, 3:54pm

I believe KeePassXC has an auto-clear clipboard function

FranklyFlawless · December 29, 2024, 9:03pm

Yes, KeePassXC has a 10 second clipboard timeout by default:

KeePassXC Clipboard

I also suggest Qubes-Whonix like @rideordie if the option is available for you.

log · January 17, 2025, 1:44am

Can we rely on KeePassXC? Tails had faced issues with this exact thing. Yes, still this is an option but for this to work the program needs to run. If that is correct, than any malicious website or any other factor can get clipboard info.

FranklyFlawless · January 17, 2025, 2:06am

Yes if you use Qubes-Whonix as already mentioned in this topic.

log · January 17, 2025, 10:28pm

A solution covering all deployment would help so many more here. Qubes in itself a hardened environment leaving others vulnerable to such issues. Hope Whonix gets a way to perform a thorough wipe of clipboard so more users can be protected.

FranklyFlawless · January 17, 2025, 11:50pm

Solving your issue by providing a practical solution takes precedence in this topic.

Patrick · January 20, 2025, 5:37am

Should be unspecific to Whonix.

Solutions can be investigated as per:

nani · May 2, 2025, 6:02pm

Just use BleachBit - it will quickly clear clipboard, cache, log, and so on. I think BleachBit should come pre-installed in Kicksecure and Whonix - it is the most well-known and proven cleaning tool, tested by millions of users.

FranklyFlawless · May 3, 2025, 12:15am

nani · May 3, 2025, 1:39pm

So, what is the best way to clear clipboard and cache on VM so that size of virtual disk decreases on host? Problem of cleaning and reducing size of a virtual disk is very important when running Whonix in Kicksure-host-live

Patrick · May 3, 2025, 2:19pm

Off-topic. This topic is about clipboard security. Not virtual disk size decrease.

Ticker · May 9, 2025, 3:44pm

I’m all for auto-cleaning the clipboard, due to many various issues that can occur, some specific to VM architecture (including operations such as snapshots, cloning and so on) and others aren’t (sharing between applications, websites, accidental paste of old info into chats of a messenger app and what not).

keepassxc is relevant only for stuff that originates there.

But a timer based service that isn’t application specific isn’t trivial. If it runs in the background, how does it know when to start counting? it can’t just run every X seconds regardless of the time we performed the copy operation, or it will clear the clipboard at seemingly random times, sometimes right after we copied, rendering the clipboard’s behavior unexpected or useless.

If we can have a tool that starts the count whenever a copy operation was performed (=clipboard content changed), and have that included in Whonix (with an easy way to control the interval) then we have something of value.

Maybe something based on xsel or xclip (not if Wayland is integrated).