The Clipboard

Modern user interfaces rely on the clipboard for many purposes. In our multi-world context it needs special attention. We don’t intend to prevent moving information from context to context but for high security situations we may need to drag the user thru some contortions. Remember the case where someone released a redacted pdf document where black marks were used to cover secret text. The text remained in the released document and commands familiar to a regular pdf user recovered the secret text.

Modern systems ship internal representations on the clipboard and the external form is generally an incomplete representation of the information within. There may be more than meets the eye. There may be no general solution other than to nag the user but there are ways to help the user do the right thing. A ‘clipboard guard’ can riffle thru clipboard content and report to the user. It can delete everything that is not unambiguous text in the alphabet of the user. It can show the plain text to the user. It can log transfers.

There may be reason to trust the sending or receiving context; otherwise one must guard against steganography. (It is like carrying a USB stick between air-gapped computers.)