It’s easy to set history to 1, I meant this should better come as a default in the original Whonix VM. Or it’s another thing to fidget with each time we start with a new VM. This is a Whonix issue. If we can’t get rid of this thing, and there is no Gnome workstation or something lighter than KDE, at least make it as harmless as possible by default.
But the worse part isn’t the number of items in history, it’s the “actions” Klipper has that make it all powerful.
Look at:
https://userbase.kde.org/Special:MyLanguage/Klipper/Pastebins
Klipper’s Actions can be set in a minute to run any program, the above example shows how to quickly set it up so that your clipboard’s content is published online using a keyboard shortcut. Not a tool you expect to see in a OS with an emphasis on anonymity and privacy!
Another example, add an action in Klipper’s configuration with the command:
firefox %s - Google Suche
Click ALT-CTRL-R (this can be also changed to something more common that is frequently used by the user), and you got a firefox window with google search results for the content of your clipboard.
An attacker only needs 2 minutes access to your desktop to configure that everything in your clipboard will be indefinitely sent to where ever. Or if there’s a flaw in any of the other applications you’re using, not even that.
Or, an Action can be set to replace anything that resembles a Bitcoin address in the clipboard with another address.
No fancy scripts required, no python, perl, bash, no rubber duckies, no hacking knowledge, no linux expertise, no malware - it’s already built it.