It’s easy to set history to 1, I meant this should better come as a default in the original Whonix VM. Or it’s another thing to fidget with each time we start with a new VM. This is a Whonix issue. If we can’t get rid of this thing, and there is no Gnome workstation or something lighter than KDE, at least make it as harmless as possible by default.
But the worse part isn’t the number of items in history, it’s the “actions” Klipper has that make it all powerful.
Klipper’s Actions can be set in a minute to run any program, the above example shows how to quickly set it up so that your clipboard’s content is published online using a keyboard shortcut. Not a tool you expect to see in a OS with an emphasis on anonymity and privacy!
Another example, add an action in Klipper’s configuration with the command:
Click ALT-CTRL-R (this can be also changed to something more common that is frequently used by the user), and you got a firefox window with google search results for the content of your clipboard.
An attacker only needs 2 minutes access to your desktop to configure that everything in your clipboard will be indefinitely sent to where ever. Or if there’s a flaw in any of the other applications you’re using, not even that.
Or, an Action can be set to replace anything that resembles a Bitcoin address in the clipboard with another address.
No fancy scripts required, no python, perl, bash, no rubber duckies, no hacking knowledge, no linux expertise, no malware - it’s already built it.
It comes down to, any data manipulated in a VM is going to leave traces (in the guest) until you roll back a snapshot. Bash history? temp files of opened docs? its all there. Disabling this feature of klipper is more likely to be nuisance to those who rely on the feature than provide any real sec improvement.
Once they’re on there they can sniff all keystrokes and exfiltrate them because X.org is a POS. If an attacker has a foothold on your system they have many more dangerous options than just reading your local clipboard.
And how exactly do you know that? Those who rely on this feature?? Did you conduct a survey how many of Whonix users (who use clipboard for passwords, crypto keys and other sensitive information), want 7 last to be saved as history in the clipboard, displayed on the screen when you hover with your mouse over the Klipper icon, and especially have it inside a tool that makes it so easy to paste this info online automatically, even as a mistake?
Is it not agreed that passwords that existed in the clipboard should NOT be displayed on screen by default or so casually when the mouse moves to the corner of the screen??
If one needs a special feature, it’s always possible to install it. But here we have a potential security hole that is IMPOSSIBLE to remove.
I am surprised and disappointed to see that. A security-centered OS puts security first, not shiny features that cannot be removed. This reminds me of $@@$% windows.
Really. Name one such attack that can be set in 2 minutes with zero knowledge in hacking, without writing any scripts, with no malware, without any bad USB hardware and such, and works indefinitely into the future on that particular OS.
That’s right, and rolling back is I think important as long as we don’t have an amnesic alternative.
And that’s why it’s so important for the user to know exactly what he shares, when and where.
If I have a browser open, I know I have to be careful. I want no traffic that comes from the browser, I can close it.
If I have a terminal open - same. I pay great attention to anything I type.
But Klipper does it’s job more casually. And it can never be turned off (as far as I know).
Passwords managers go as far as to clear the clipboard history every X seconds for increased security. Klipper disrupts this as well.
“Password manager tools like Keepassx offer an option to clear the clipboard/selection after some time, e.g. 10 seconds, after the password was copied to the clipboard. This works fine, but unfortunately the password isn’t removed from Klipper’s history. This is a great security risk, which may make the use of password managers impossible.”
Now we go to twilight zone.
I checked Klipper at the Whonix-Gateway. Actually I see that as less of a risk, because I hardly do anything on the Gateway.
But, I discovered, that everything that was saved by Klipper on the Whonix-Workstation, also appears in the Whonix-Gateway Klipper!!
More than that - I set the history on the Workstation to 1. I didn’t change the defaulf of 7 items in the Gateway. And indeed all 7 are logged there.
How come Klipper automatically shares content, from Workstation to Gateway?!
Edit: I realize that’s because of the “Shared Clipboard->Bidirectional” settings in VirtualBox.