A few weeks ago I installed Reaper on my new computer. Installation requires you to receive a code that you copy to your clipboard. Then when you start Reaper it says “you have the installation code in your clipboard” and you say yes to install the paid version. I run Ubuntu Studio Linux.
Is this use of the clipboard a security or privacy risk? Does software such as Reaper get access to everything else on the clipboard? I changed some passwords that were in my clipboard at that time.
I am using Reaper as an example. I have watched interviews with the developer and he is trustworthy. I would worry more if Reaper changed hands or if it was some other software.
If you’re running x11, every application has Clipboard Access, by default. Even worse, some applications can add things to your clipboard, which can lead to malware.
This is one of many reasons why containerisation and moving to Wayland is so important. X11 is far from secure, being old code, hacked together into its modern implementation.
Yes, under system it says x11. I am running Ubuntu Studio. If the clipboard is so insecure can I do anything? e.g restrict its permissions?
Not that I’m aware of. Best I can advise is to use a Clipboard Manager, and periodically delete your clipboard history. KDE has one built in, which I think is what Ubuntu Studio uses. You’ll find the Clipboard Manager in the System Trey. If you didn’t understand a word I just wrote, this video might be able to help:
Is it some kind of script that you’re running from the clipboard, or are you just pasting in some kind of validation code to use the paid version? If it’s the later I don’t think this is a concern at all. Seems weird for the application to identify the code in your clipboard, though. I don’t like that at all.
Also, +1 on avoiding X11 for security reasons if you can.