-
Notifications
You must be signed in to change notification settings - Fork 386
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC4197: Copy Paste Hints #4197
base: main
Are you sure you want to change the base?
Conversation
8eb37d8
to
cd98dff
Compare
cd98dff
to
bb7a8d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a security concern regarding copying something else to clipboard than the user expects.
|
||
### Security Considerations | ||
|
||
TODO. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security concern: What if the text in content.body
does not match the text in content.copy_hint
, and the user then unknowingly has malicious content in their clipboard that does not match their expectation?
While alternative 5 adds more complexity to client developers, it reduces the attack surface to only be able to fill the clipboard with things that also are in the content.body
text. However, the sender could still try to use rich text formatting to send invisible text that is then copied to the clipboard.
|
||
### Security Considerations | ||
|
||
TODO. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a risk this could ease phishing attacks where people are encouraged to copy-paste official looking data into their javascript consoles...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To justify this concern, here's some well-known implementations of this attack:
- This is already common on Discord: discord.com's safety docs
- Certain types of scams already do this with Windows' Run box ("Press Win+R, press CTRL+V and enter to read this file")
|
||
None considered! | ||
|
||
### Alternatives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
might want to mention we're deliberately only letting you hint that a single thing is copyable, given you can only put one thing on a pasteboard.
|
||
### Security Considerations | ||
|
||
TODO. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
massive spam risk here; need to explicitly advise client implementors to not allow 2FA spam to create an explosion of dialogs or similar
5. Use indexes in the message | ||
* Harder to implement | ||
* Use bandwidth | ||
6. If the event is encrypted, leave the 2FA code out of the encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A nice refinement could be delete-after copying semantics, but that should be an extra MSC - probably extending the existing MSC2228 self-destructing messages MSC
"body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
"m.mentions": {}, | ||
"msgtype": "m.text", | ||
"copy_hint": "100000" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please namespace the field, just as m.mentions
is... - so m.copy_hint
once merged
|
||
### Unstable prefix | ||
|
||
While this MSC is unstable, all instances of the field name `copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this MSC is unstable, all instances of the field name `copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. | |
While this MSC is unstable, all instances of the field name `m.copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. |
"body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
"m.mentions": {}, | ||
"msgtype": "m.text", | ||
"copy_hint": "100000" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"copy_hint": "100000" | |
"m.copy_hint": "100000" |
* technical details | ||
* describe the solution (This is the solution. Be assertive.) | ||
|
||
`m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
`m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. | |
`m.room.message` contains a new field, `m.copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
* technical details | ||
* describe the solution (This is the solution. Be assertive.) | ||
|
||
`m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should probably not be limited to m.room.message. it's effectively an extensible event mix-in to provide an alternative presentation of the message specifically for proposing copy-pasting.
} | ||
``` | ||
|
||
Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. | |
Clients MAY automatically copy the contents of `m.copy_hint` to the clipboard without asking the user. This is an implementation detail. |
|
||
### Alternatives | ||
|
||
1. `hints` dictionary. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than coming up with a new taxonomy for hints, it's better to use extensible events... i.e. you'd do an m.other_hint_type
if you don't want an m.copy_hint
. Although it might be nice for them to have the same shape?
} | ||
``` | ||
|
||
Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't do this. Beyond the security ramifications of a client copying what it wants to my clipboard, is the fact it means a program can overwrite whatever is in there and I may not notice that it happened. I might have been copying a huge chunk of something important and irreplaceable and now it's gone because someone else triggered a 2FA that is registered to my account
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. I don't want my client putting stuff in the clipboard without me telling it to.
@@ -0,0 +1,65 @@ | |||
# MSC4197: Copy-Paste Hints | |||
|
|||
In Matrix today, it can be used for communication. One thing that is communicated is two-factor auth codes. In other platforms, one convenience is being able to quickly copy-paste two factor auth codes. This is not possible in Matrix today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please wrap your lines to about 80-120 characters
### Proposal | ||
|
||
* technical details | ||
* describe the solution (This is the solution. Be assertive.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these two lines need to be dropped?
|
||
### Alternatives | ||
|
||
1. `hints` dictionary. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain what "hints
dictionary" is?
} | ||
``` | ||
|
||
Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. I don't want my client putting stuff in the clipboard without me telling it to.
* Harder to implement | ||
* Use bandwidth | ||
6. If the event is encrypted, leave the 2FA code out of the encryption | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another possibility would be to add a tag to a <span>
element, say something like `Your 2FA code is 123456" which would allow the client to place a "Copy" button next to the text that is to be copied.
2. Leave things as is (please don't!) | ||
3. boolean `copy_hint` field (hint to client to copy the whole message) | ||
4. give up (similar to 2.) | ||
5. Use indexes in the message |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by "indexes"?
} | ||
``` | ||
|
||
Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there are plenty of problems pointed out with this but nobody suggesting solutions, but it feels like all the issues are readily solvable by just changing this to suggest something like searching for that text in the message and decorating it with a little copy button.
@@ -0,0 +1,65 @@ | |||
# MSC4197: Copy-Paste Hints |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could possibly be more general, ie. it's just picking out the pertinent information from a message rather than necessarily anything to do with copy/paste.
"body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
"m.mentions": {}, | ||
"msgtype": "m.text", | ||
"copy_hint": "100000" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would I be able to add multiple copy hints? Do I post extra empty messages per hint? Can I set the text to display on the copy button? Thinking for example, a moderation bot might want to provide a way to copy a list of MXIDs, it would be nice to able to say "Copy table", "Copy User IDs", ...
Additionally, i wonder if this might be better implemented using a custom HTML tag/property, eg. <p>Your 2FA code is <span data-mx-copy="100000">100000</span></p>
, with ommission of a value copying the innerText.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree HTML would be a more elegant solution. Additionally it would make it much easier for humans to send messages with copyable parts.
Rendered
Implementations
This MSC was written live on-stage during the Matrix Conference 2024! (recording TBD)