People may not realize the importance of privacy but if I
could give you one example of how your privacy is invaded, it's
this. Cliboard hijacking.
Basically, when you visit a website you can give permission to
paste what's in your clipboard. Did you copy a password for
something? A website can steal that data without you knowing. Did
you copy and paste something very personal (could even be a private
image) to some other place on your computer? Your clipboard still
remembers and websites can easily steal that from you.
Web browsers in the past few years have allowed people to
drag-and-drop and paste the full contents of their clipboards.
Microsoft also released a history version of their clipboard so
make sure you don't enable that, as the data in that clipboard not
only can be shared on websites you go to, but Microsoft steals that
data from you! Always block Microsoft from all of their keyloggers
by using OOSU10 which is free to use (optional donation).
Now that you know that websites can steal what's on your
clipboard, how can they inject code? Simple! There's a copy to
clipboard function in browsers which is pretty convenient if you
like to copy blocks of code or information from websites and paste
it on your computer with ease. BUT the catch is, they can hide code
and paste viruses on your computer instead.
Now, even if the website is safe to use and you trust it with
all your heart, its security may not be up to par. If it isn't,
then it could experience one or more different vulnerabilities
where user javascript is hijacked without their knowing. So if you
read someone's post, it looks fine -- but if it wasn't well
validated to prevent javascript attacks, then you could be
unknowingly sending your clipboard data to some third party
website.
The copy and paste function is pretty bad and unfortunately
it's only going to keep getting worse.
-------------------------------------------------------------
WHO DOES THIS?
Tik-Tok is known to do this at every key press.
Facebook is very likely to be doing this since they are always
watching what you're doing.
Google / Youtube is most likely doing this as well.
Twitter is most definitively doing it.
Most major companies are doing this! BEWARE!!!! EVEN ON
PHONES!!!!
Imagine copying and pasting an image of yourself somewhere on
your computer and the clipboard data is still in memory and then
you go type something on tik-tok and there it goes, uploaded for
whoever wants to see it. This is bad!
If you ask if Jappleng has ever done this, the answer is no.
I'm a privacy advocate! I also enforce a lot and i mean a lot of
protection on each and every form and feature you use on the site
which is why it takes forever to complete a new feature. Hurray for
being a seasoned securty expert I guess? :P
-------------------------------------------------------------------
HOW TO PROTECT YOURSELF.....
You can disable websites from secretly copying and pasting in
your browser.
In Firefox type in the url... about:config and press enter.
It'll ask you if you accept the risk of changing stuff... Just say
yes. Then search for dom.event.clipboardevents.enabled and click on
the arrow looking thing on the right and it'll set it to false.
This will disable clipboard events in firefox.
The downside is you won't be able to copy and paste anymore
through events BUT you will still be able to right click > copy
/ paste or use ctrl+c / ctrl + v.
Be safe!
