How secure are clipboards on Linux?

[jermanuts]

https://old.reddit.com/r/PrivacyGuides/comments/13hmegt/any_privacy_differences_in_desktop_environments/jk5x5pg/?context=3

KDE has clipboard history enabled by default and saves it across reboots. That is a security risk because it may save sensitive clipboard content to disk. Just disable "Save clipboard contents on exit" and choose "ignore selection" (right click the clipboard icon in the system tray and click "Configure Clipboard... "). KDE also has file history that you might want to disable. And you might want to configure it to start with an empty session (System Settings > Startup and Shutdown > Desktop Session > Start with an empty session).

But all of this is local and no spying, just a poor choice od defaults.

And this really detailed article: https://www.ctrl.blog/entry/clipboard-security.html

[wj25czxj47bu6q]

There is no clipboard security on desktop Linux except in two known cases:

• Qubes OS clipboard isolation between VMs
• virt-viewer/remote-viewer's toggle to enable and disable clipboard sharing from the host

Even on GNOME Wayland which implements security restrictions for several dangerous APIs, an app can read the clipboard simply by being in the foreground, and this allows utilities such as wl-clipboard to work without any user notification or approval.

Clipboard history is a separate issue entirely. In reality it is not any more dangerous than browser cookies, which also contain numerous secrets that can be trivially extracted by any unsandboxed app. If shoulder-surfing is a concern, then clipboard history should absolutely be turned off, but "saving sensitive clipboard content to disk" is not a real issue at all if you have disk encryption (which you absolutely should) — password managers also save sensitive data to disk.