Page MenuHomePhabricator

Shared Clipboard and Drag n Drop defaults for WS and GW
Closed, ResolvedPublic


As explained in
The OVAs for WS and GW have different defaults for shared clipboard and drag n drop.

WS has both disabled.
GW has clipboard set to host-to-guest and dnd to disabled.

  1. The footnotes seem to missing. What was the reasoning? Having bidirection clipboard sharing is very important to usability and required by all new users.

My proposal is that it's on by default so that new users have one less thing to look up in the wiki, and advanced users facing advanced threats will know how to turn it off. I don't mean to open up the usability vs security discussion, but I guess I just did.


Needs Triage

Event Timeline

Footnotes were missing due to a wiki markup bug with the div tags. Now fixed.

A secure solution is how Qubes implements clipboard sharing.

Since this is a Whonix wide discussion. If we change it in VirtualBox, we should consider changing it in Whonix KVM as well.

Do you remember where this was originally discussed? @HulaHoop Or do you remember the reasoning for it?

The reasoning for the clipboard was prevention of pasting sensitive host commands or clearnet URLs into the WS and vice versa. For the drag and drop it was to reduce attack surface and prevent user mistakes by forcing them to explicitly move files they want in the guest to a specific folder in the VM.

I believe that new users are in a "practice" phase, where they try Whonix out, mess things up, remove the VM and try again. In this scenario, anything that a new user (who has a low tolerance for headache) would want to enable in order to learn how to use Whonix, should be enabled. As they learn how to be security-smart, they can make decisions about what stays on or off.

There are limits to that argument, of course, and the big downside is that they may never learn about dangers related to clipboard sharing or drag and drop.

I don't have too strong an opinion. Really, new users should learn with a guide (that someone, maybe me, needs to write) that goes over all these points. There's just no way to satisfy all concerns via defaults.

I'll defer this decision to Patrick. We can close the issue for now (and keep the current defaults) and if Patrick/you guys change your mind, I'll update the wiki and OVAs

Actually, this default setting annoys myself. It's the first thing to
turn off, after an annoying session of forget-shutdown-enable-reboot.
It's a non-solution. If users stop using Whonix because of such
usability hurdles, the whole thing shoots itself into the foot.

A real solution is how Qubes implements this. Unfortunately it's very
hard to implement, so that's out of scope for now.

TODO Whonix 15:

  • learn why Qubes does "secure copy and paste"
  • learn how Qubes implements it from a usability perspective (global

copy/paste: ctrl + shift + c | ctrl + shift + v)

  • rehash and post feature requests against VirtualBox and KVM
  • enable clipboard sharing by default in Whonix VirtualBox
  • Let's defer enabling/disabling clipboard sharing by default in Whonix KVM to @HulaHoop.

Please create a ticket.