Re: [w3ctag/design-reviews] Raw Clipboard Access API (#406)

We are discussing in a TAG breakout with @hadleybeeman @hober and me today. Major concerns here with the privacy and security aspects of this and as well possibly with async clipboard API  #222 as well.

One concern we see is the following (ab)use case:

1. User copies some text (say a URL) in order to paste it into another application. That URL remains in the clipboard.
2. Later, the user returns to a tab where clipboard access permission had already been granted (user activation).
3. This text in the pasteboard (the URL) is now available to the web application running in this tab - the application harvests this data and adds it to the user profile and proceeds to spin ads to the user based on the contents of that URL.

I think we raised this and similar issues in our review of Async Clipboard (see comment from @triblondon https://github.com/w3ctag/design-reviews/issues/222#issuecomment-379436560). The feedback from that review was registered in clipboard API in a few issues there that are still open:

https://github.com/w3c/clipboard-apis/issues/52 User gesture requirement for Clipboard API access  
https://github.com/w3c/clipboard-apis/issues/51 Clipboard Permission  
https://github.com/w3c/clipboard-apis/issues/78 Explicitly require current focused document check in algorithm  

...which seem related.

Considering that the raw clipboard access adds additional power to the clipboard API, and that these privacy and security issues remain unresolved in the clipboard API itself, it seems even more important that those issues are resolved and that the types of data leakage that I've outline above are locked down. Any comment, @dway123 or @garykac?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/406#issuecomment-542303588