Recently, denizens of an orange website discussed the ability of
applications to snoop on clipboard contents in commodity operating
Some of the discussion turned to object capabilities, since the problem
is rooted in each application's ambient authority to read and write a
singleton clipboard object.
There are some interesting design wrinkles to solve around the
(seeming?) tension between custom user-interface and good security
design. For example, allowing applications to add custom gestures for
"paste" without sacrificing privacy could be a bit of a design nightmare.
I could have sworn I'd seen some good past work on design of user
interface systems including secure clipboard facilities, but I cannot
seem to find it again.
Could someone here point me in the right direction, please?