Host -> Whonix-Gateway clipboard sharing enable by default?

Perhaps we should allow pasting from host into Whonix-Gateway by default in future versions?

Why? For copying and pasting of bridge information:

From https://www.whonix.org/wiki/VirtualBox_Guest_Additions#Clipboard_Sharing

Clipboard sharing is disabled by default in the VirtualBox VM settings for Whonix-Gateway and Whonix-Workstation for security reasons.[3]
To prevent accidentally copying something (non-)anonymous and pasting it in its (non-)anonymous counter part (browser etc.), which would lead to identity correlation.

That reasoning doesn’t apply to stuff pasted into Whonix-Gateway. No client applications are supposed to be used there anyhow.

Any reasons against it?

I think there should be a complete separation between Host and VM, with the only exception being a shared folder that need root access. Let’s be real here: physical isolation is limited to a tiny portion of user and if they know how to set it up, then they will also know how to enable clipboard sharing.

The majority of users use their everyday Host OS when using Whonix. Too many things can go wrong and the initial logic of disabling it was right.

What is the specific risk?

build-steps.d/2600_create-vbox-vm: Allow clipboard copying from the host to guest to ease entering bridges.:

This is just a little suggestion for increasing a security. I think disabling a shared clipboard by default is the best way to increase security. If a user want to use shared clipboard, he will check the box from guest VM menu bar. Enabling it by default is not a good decision.

We had another lengthy discussion on this but I can’t find it anymore.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]