this post was submitted on 13 Apr 2021
8 points (100.0% liked)
Asshole Design
1180 readers
1 users here now
Nothing comes before profit -- especially not the consumer.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's actually for security. Otherwise websites could grab whatever you happen to have in your clipboard. You might have a copied password from a password manager, or a private key for a wallet. I don't want sites having defacto access to the clipboard for that reason.
Yeah, there was actually a password stealing attack that happened in Chrome and Firefox (and maybe a few others) a while ago. Probably a few years ago, by this point. It’s what led to browsers default disabling clipboard access.
Basically, a malicious website would scrape your clipboard data. This was possible because sites were allowed to request clipboard data. And then if the scraped data included a password, (like from a password manager) then you were compromised simply via a drive-by attack.
So basically, using the right click menu would be the site requesting the clipboard info, which it isn’t allowed to do anymore. Because the right click menu is a part of the site, so using it would prompt the site to request the clipboard. But the keyboard shortcut is like the inverse operation; That prompts the OS to tell the site what is on the clipboard. The site doesn’t need to request that info; the OS simply hands the info to the site without any prompting on the site’s end.
As for why it still exists as a right click option? Eh, that’s probably just to inform users like OP who would be otherwise stuck. Like if the options simply disappeared from the menu altogether, some people would believe the function was removed entirely, rather than simply using the keyboard shortcut.
Similar there was another hack where a site would have a visible input for like email, and you could choose auto complete to fill it in, then there were hidden fields for all the other info that could be auto completed that the site would unknowingly take from the user too, also fixed, but I found it interesting when I heard about it.