[nightpool]

I know there are a lot of valid complaints about Manifest v3, but I don't understand this one. You're telling me that browser extensions should be able to read and write to my clipboard silently at all times, with no user activation or notification? Honestly, that's kind of horrifying, and I'm shocked to hear it existed on v2 extensions. It sounds like a great way to build a keylogger for user passwords.

What are some valid usecases for this permission? I guess "syncing clipboards between two operating systems" is one of them? But why build that as a browser extension? It seems like the wrong tool for the job.

[polote]

What is true is that if you remove all features that chrome extensions can do then you won't have any problem as extensions will be useless.

Are you too going to be shocked that any js analytics tags could record all passwords if they wanted?

Should all extensions be able to read the clipboard? No. Should some be able to? Of course

[fosefx]

Well an extension can also just send your session tokens home. In the end it's software running on your computer, but people unfortunately often times underestimate the power of add-ons (read the permissions screen folks!). Mozilla requires a manual code review before allowing add-ons into the store because of this afaik.

In my example there was direct user interaction (clicking a context menu) but the service worker (background script) has no API to interact with the clipboard at all.

I guess my point is not that it's an easy thing to fix, but the fact that it looks like nobody at Google has thought about this before forcing everybody to migrate is concerning.

[nightpool]

> Well an extension can also just send your session tokens home

Only if I give it access to the browsing origin in question, which Chrome has done a lot of work to limit and crack down on recently

> Mozilla requires a manual code review before allowing add-ons into the store because of this afaik.

This is unfortunately not actually true. They tried it for a while, but scrapped the idea after the review backlog got too unmanageable. Now all of the addons just say "This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing."

> In my example there was direct user interaction (clicking a context menu) but the service worker (background script) has no API to interact with the clipboard at all.

That makes sense—the limitation is just that nobody has built out the clipboard API in a way that it can register a context menu item as a transient activation and therefore allow access to the clipboard. This does sound like ultimately something that's possible to fix with the right plumbing, it just requires someone to take a look at it and hook up the right security plumbing.

[xg15]

The thread contains lots of mentions of clipboard manager extensions which are apparently quite popular.

It should probably be put behind a permission, but generally I don't see how this is more problematic than an extension gaining full access to the page you're viewing.

[egfx]

This. When an extension is installed the privacy sandbox is removed. Google manually audits each extensions code and looks out for bad behavior. You cannot call out to external scripts or use mangled source code.

[lelandfe]

> What are some valid usecases for this permission?

Erm. Have you read the link? There are extension authors in the comments that talk about their specific use cases

[unknownaccount]

>with no user activation or notification

What? By choosing to install the extension you are activating it.

[wnevets]

Do you also apply this logic to all other forms of hardware and software? For example TVs that spy on what you're watching.

[unknownaccount]

When I install any piece of software I assume it could do anything and everything on the system.

[madeofpalk]

I don't think most people operate under this assumption, or do not reckon with this.

[xg15]

We all do. A native app you install on a phone or desktop can do all sorts of things.

[PeterisP]

A native app you install on a phone has a strictly limited sandbox and a permission model, and if it can silently read all clipboard without user interaction, that would be a bug that needs fixing.

[xg15]

A native app on Android can install OS hooks for all sorts of things (such as, "you connected to a WIFI network", "you took a photo", etc) and thereby can silently react to events while it is not even running.

This is intended and requires the appropriate permissions to be given. In the same way, I don't see the problem with an extension monitoring the clipboard as long as the user has to give explicit permission for it.

[zzo38computer]

> You're telling me that browser extensions should be able to read and write to my clipboard silently at all times, with no user activation or notification?

Well, the user has to activate the extension in the configuration menu, and it should include the notification that this feature is enabled, in the configuration menu. (If the user disables this feature but the extension is otherwise enabled, then the extension can have its own private clipboard instead. This can also be the case for web pages, too.)

[drorco]

More than 10 years ago I built a Firefox extension that was using the clipboard. It was for Multilanguage users that accidentally type in the wrong language, once they notice they type in the wrong language, they clicked a button/hot-key, and the text would switch to an alternate language in their OS.

I was eventually in the process of switching it to a Windows app, so it could also work outside the browser, but never actually finished it.

Now that I think of it, I'm pretty sure something like a password manager would also need the clipboard.

[zx8080]

Sounds like a punto switcher tool

[shaky-carrousel]

When you log into a site using bitwarden, and the site has 2FA, bitwarden stores the code automatically in the clipboard. It's pretty convenient.

[madeofpalk]

1Password manages to autocomplete the 2FA code in the next screen, for what it's worth.