Hi all,
Recently, denizens of an orange website discussed the ability of
applications to snoop on clipboard contents in commodity operating
systems:
https://news.ycombinator.com/item?id=30193091
Some of the discussion turned to object capabilities, since the problem
is rooted in each application's ambient authority to read and write a
singleton clipboard object.
There are some interesting design wrinkles to solve around the
(seeming?) tension between custom user-interface and good security
design. For example, allowing applications to add custom gestures for
"paste" without sacrificing privacy could be a bit of a design nightmare.
I could have sworn I'd seen some good past work on design of user
interface systems including secure clipboard facilities, but I cannot
seem to find it again.
Could someone here point me in the right direction, please?
Regards,
Tony