MSC4197: Copy Paste Hints #4197
Conversation
anoadragon453
force-pushed
the
anoa/copy_hints
branch
from
8eb37d8
to
cd98dff
Compare
anoadragon453
force-pushed
the
anoa/copy_hints
branch
from
cd98dff
to
bb7a8d5
Compare
turt2live
added
proposal
turt2live
removed
the
needs-implementation
|
|
||
| ### Security Considerations | ||
|
|
||
| TODO. |
There was a problem hiding this comment.
Security concern: What if the text in content.body does not match the text in content.copy_hint, and the user then unknowingly has malicious content in their clipboard that does not match their expectation?
While alternative 5 adds more complexity to client developers, it reduces the attack surface to only be able to fill the clipboard with things that also are in the content.body text. However, the sender could still try to use rich text formatting to send invisible text that is then copied to the clipboard.
|
|
||
| ### Security Considerations | ||
|
|
||
| TODO. |
There was a problem hiding this comment.
There's a risk this could ease phishing attacks where people are encouraged to copy-paste official looking data into their javascript consoles...
There was a problem hiding this comment.
To justify this concern, here's some well-known implementations of this attack:
- This is already common on Discord: discord.com's safety docs
- Certain types of scams already do this with Windows' Run box ("Press Win+R, press CTRL+V and enter to read this file")
|
|
||
| None considered! | ||
|
|
||
| ### Alternatives |
There was a problem hiding this comment.
might want to mention we're deliberately only letting you hint that a single thing is copyable, given you can only put one thing on a pasteboard.
|
|
||
| ### Security Considerations | ||
|
|
||
| TODO. |
There was a problem hiding this comment.
massive spam risk here; need to explicitly advise client implementors to not allow 2FA spam to create an explosion of dialogs or similar
| 5. Use indexes in the message | ||
| * Harder to implement | ||
| * Use bandwidth | ||
| 6. If the event is encrypted, leave the 2FA code out of the encryption |
There was a problem hiding this comment.
A nice refinement could be delete-after copying semantics, but that should be an extra MSC - probably extending the existing MSC2228 self-destructing messages MSC
| "body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
| "m.mentions": {}, | ||
| "msgtype": "m.text", | ||
| "copy_hint": "100000" |
There was a problem hiding this comment.
please namespace the field, just as m.mentions is... - so m.copy_hint once merged
|
|
||
| ### Unstable prefix | ||
|
|
||
| While this MSC is unstable, all instances of the field name `copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. |
There was a problem hiding this comment.
| While this MSC is unstable, all instances of the field name `copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. | |
| While this MSC is unstable, all instances of the field name `m.copy_hint` must be replaced with `org.matrix.msc4197.copy_hint`. |
| "body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
| "m.mentions": {}, | ||
| "msgtype": "m.text", | ||
| "copy_hint": "100000" |
There was a problem hiding this comment.
| "copy_hint": "100000" | |
| "m.copy_hint": "100000" |
| * technical details | ||
| * describe the solution (This is the solution. Be assertive.) | ||
|
|
||
| `m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
There was a problem hiding this comment.
| `m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. | |
| `m.room.message` contains a new field, `m.copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
| * technical details | ||
| * describe the solution (This is the solution. Be assertive.) | ||
|
|
||
| `m.room.message` contains a new field, `copy_hint`, under the existing `content` dictionary. This new field will contain a string representing text that the client could present to the user to copy. |
There was a problem hiding this comment.
this should probably not be limited to m.room.message. it's effectively an extensible event mix-in to provide an alternative presentation of the message specifically for proposing copy-pasting.
| } | ||
| ``` | ||
|
|
||
| Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
| Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. | |
| Clients MAY automatically copy the contents of `m.copy_hint` to the clipboard without asking the user. This is an implementation detail. |
|
|
||
| ### Alternatives | ||
|
|
||
| 1. `hints` dictionary. |
There was a problem hiding this comment.
Rather than coming up with a new taxonomy for hints, it's better to use extensible events... i.e. you'd do an m.other_hint_type if you don't want an m.copy_hint. Although it might be nice for them to have the same shape?
| } | ||
| ``` | ||
|
|
||
| Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Please don't do this. Beyond the security ramifications of a client copying what it wants to my clipboard, is the fact it means a program can overwrite whatever is in there and I may not notice that it happened. I might have been copying a huge chunk of something important and irreplaceable and now it's gone because someone else triggered a 2FA that is registered to my account
There was a problem hiding this comment.
I agree. I don't want my client putting stuff in the clipboard without me telling it to.
| @@ -0,0 +1,65 @@ | |||
| # MSC4197: Copy-Paste Hints | |||
|
|
|||
| In Matrix today, it can be used for communication. One thing that is communicated is two-factor auth codes. In other platforms, one convenience is being able to quickly copy-paste two factor auth codes. This is not possible in Matrix today. | |||
There was a problem hiding this comment.
Please wrap your lines to about 80-120 characters
| ### Proposal | ||
|
|
||
| * technical details | ||
| * describe the solution (This is the solution. Be assertive.) |
There was a problem hiding this comment.
I think these two lines need to be dropped?
|
|
||
| ### Alternatives | ||
|
|
||
| 1. `hints` dictionary. |
There was a problem hiding this comment.
Can you explain what "hints dictionary" is?
| } | ||
| ``` | ||
|
|
||
| Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
I agree. I don't want my client putting stuff in the clipboard without me telling it to.
| * Harder to implement | ||
| * Use bandwidth | ||
| 6. If the event is encrypted, leave the 2FA code out of the encryption | ||
|
|
There was a problem hiding this comment.
Another possibility would be to add a tag to a <span> element, say something like `Your 2FA code is 123456" which would allow the client to place a "Copy" button next to the text that is to be copied.
| 2. Leave things as is (please don't!) | ||
| 3. boolean `copy_hint` field (hint to client to copy the whole message) | ||
| 4. give up (similar to 2.) | ||
| 5. Use indexes in the message |
| } | ||
| ``` | ||
|
|
||
| Clients MAY automatically copy the contents of `copy_hint` to the clipboard without asking the user. This is an implementation detail. |
There was a problem hiding this comment.
Looks like there are plenty of problems pointed out with this but nobody suggesting solutions, but it feels like all the issues are readily solvable by just changing this to suggest something like searching for that text in the message and decorating it with a little copy button.
| @@ -0,0 +1,65 @@ | |||
| # MSC4197: Copy-Paste Hints | |||
There was a problem hiding this comment.
Could possibly be more general, ie. it's just picking out the pertinent information from a message rather than necessarily anything to do with copy/paste.
| "body": "DO NOT SHARE THIS WITH ANYONE!!! Your 2FA code is: 100000", | ||
| "m.mentions": {}, | ||
| "msgtype": "m.text", | ||
| "copy_hint": "100000" |
There was a problem hiding this comment.
How would I be able to add multiple copy hints? Do I post extra empty messages per hint? Can I set the text to display on the copy button? Thinking for example, a moderation bot might want to provide a way to copy a list of MXIDs, it would be nice to able to say "Copy table", "Copy User IDs", ...
Additionally, i wonder if this might be better implemented using a custom HTML tag/property, eg. <p>Your 2FA code is <span data-mx-copy="100000">100000</span></p>, with ommission of a value copying the innerText.
There was a problem hiding this comment.
I agree HTML would be a more elegant solution. Additionally it would make it much easier for humans to send messages with copyable parts.
turt2live
added
client-server
Rendered
Implementations
This MSC was written live on-stage during the Matrix Conference 2024! (recording TBD)