Vanishing Secrets: Auto-Wipe Your Clipboard on Qubes OS

npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt

hex

1ab643ac32a96142d6c440b96db5d1b6da2bdcba87acd36b79a53127c406731e

nevent

nevent1qqsp4djr4se2jc2z6mzypwtdkhgmdk3tmjag0txnddu62vf8csr8x8sprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgst0mtgkp3du662ztj3l4fgts0purksu5fgek5n4vgmg9gt2hkn9lq9alyxc

naddr

naddr1qqgrvenp8qekgephvy6kvcmp8p3xzqgcwaehxw309aex2mrp0yhxwatvw4nh2mr49ekk7egzyzm7669svt0xkjsju50a22zurc0qa589z2xd4yatzx6p2z64a5e0cqcyqqq823cpaf9u8

Kind-30023 (Article)

2025-12-01T18:40:01Z

When you copy a password, it sits in your clipboard until you copy something else or restart. That's a problem. Any application running in your AppVM can read it. Clipboard managers might log it. And you'll probably forget it's there.

The solution is simple: automatically wipe the clipboard 30 seconds after any copy operation.

The One-Liner

Run this in your template VM (in the template directly), then shut it down and restart your AppVMs.

Debian 13 / Whonix 17:

sudo apt install xsel -y && sudo tee /etc/xdg/autostart/clipboard-wipe.desktop << 'EOF'
[Desktop Entry]
Type=Application
Name=Clipboard Auto-Wipe
Exec=/bin/bash -c 'while true; do prev=""; curr=$(xsel -ob 2>/dev/null); while [ "$curr" = "$prev" ]; do sleep 1; curr=$(xsel -ob 2>/dev/null); done; prev="$curr"; sleep 30; [ "$(xsel -ob 2>/dev/null)" = "$prev" ] && xsel -cp && xsel -cs && xsel -cb; done'
Hidden=false
NoDisplay=true
X-GNOME-Autostart-enabled=true
EOF

Fedora 42:

sudo dnf install xsel -y && sudo tee /etc/xdg/autostart/clipboard-wipe.desktop << 'EOF'
[Desktop Entry]
Type=Application
Name=Clipboard Auto-Wipe
Exec=/bin/bash -c 'while true; do prev=""; curr=$(xsel -ob 2>/dev/null); while [ "$curr" = "$prev" ]; do sleep 1; curr=$(xsel -ob 2>/dev/null); done; prev="$curr"; sleep 30; [ "$(xsel -ob 2>/dev/null)" = "$prev" ] && xsel -cp && xsel -cs && xsel -cb; done'
Hidden=false
NoDisplay=true
X-GNOME-Autostart-enabled=true
EOF

That's it. Every AppVM based on that template now auto-wipes its clipboard.

How it works

The script runs a background loop that:

Polls the clipboard every second, detects when new content appears, and waits 30 seconds
Verifies the content is unchanged (protects against wiping a fresh copy you made within the window)
Clears all X11 selections: PRIMARY (mouse highlight), SECONDARY, and CLIPBOARD (Ctrl+C/V)

Why the built-in wipe falls short

Qubes does have qvm-service --enable VMNAME gui-agent-clipboard-wipe, but it triggers 1 minute after your last paste operation. Copy a password and skip the paste step, and it stays in the clipboard indefinitely.

This approach wipes 30 seconds after the copy, whether or not you paste.

Qubes' two clipboards

Qubes has two separate clipboard systems:

Inter-VM clipboard (Ctrl+Shift+C/V): Handled by dom0, auto-wipes after paste
Local AppVM clipboard (Ctrl+C/V): Standard X11, persists until cleared

The script above handles the local clipboard. The inter-VM clipboard already takes care of itself.

Security limitations

Defense in depth, with real limits:

The clipboard is still readable for 30 seconds
X11 "clearing" doesn't cryptographically erase memory
Clipboard managers may keep history

For high-sensitivity operations, consider password managers with auto-type that bypass the clipboard entirely.

原始 JSON

{
  "kind": 30023,
  "id": "1ab643ac32a96142d6c440b96db5d1b6da2bdcba87acd36b79a53127c406731e",
  "pubkey": "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc",
  "created_at": 1777543606,
  "tags": [
    [
      "d",
      "6fa83dd7a5fca8ba"
    ],
    [
      "image",
      "https://image.nostr.build/58ca8f1087379fe0aa1d5c4830949fc78c72ed031e948aee46bcb3b4f996debc.jpg"
    ],
    [
      "title",
      "Vanishing Secrets: Auto-Wipe Your Clipboard on Qubes OS"
    ],
    [
      "summary",
      "One command in your Qubes template installs `xsel` and creates an autostart service that wipes your clipboard 30 seconds after you copy anything. Works on Debian, Fedora, and Whonix minimal templates."
    ],
    [
      "published_at",
      "1764614401"
    ],
    [
      "t",
      "austrian-economics"
    ],
    [
      "t",
      "freedom-tech"
    ],
    [
      "t",
      "qubes-os"
    ],
    [
      "t",
      "opsec"
    ],
    [
      "t",
      "privacy"
    ],
    [
      "t",
      "open-source"
    ],
    [
      "t",
      "clipboard"
    ]
  ],
  "content": "When you copy a password, it sits in your clipboard until you copy something else or restart. That's a problem. Any application running in your AppVM can read it. Clipboard managers might log it. And you'll probably forget it's there.\n\nThe solution is simple: automatically wipe the clipboard 30 seconds after any copy operation.\n\n## The One-Liner\n\nRun this in your **template VM** (in the template directly), then shut it down and restart your AppVMs.\n\n**Debian 13 / Whonix 17:**\n\n```bash\nsudo apt install xsel -y \u0026\u0026 sudo tee /etc/xdg/autostart/clipboard-wipe.desktop \u003c\u003c 'EOF'\n[Desktop Entry]\nType=Application\nName=Clipboard Auto-Wipe\nExec=/bin/bash -c 'while true; do prev=\"\"; curr=$(xsel -ob 2\u003e/dev/null); while [ \"$curr\" = \"$prev\" ]; do sleep 1; curr=$(xsel -ob 2\u003e/dev/null); done; prev=\"$curr\"; sleep 30; [ \"$(xsel -ob 2\u003e/dev/null)\" = \"$prev\" ] \u0026\u0026 xsel -cp \u0026\u0026 xsel -cs \u0026\u0026 xsel -cb; done'\nHidden=false\nNoDisplay=true\nX-GNOME-Autostart-enabled=true\nEOF\n```\n\n**Fedora 42:**\n\n```bash\nsudo dnf install xsel -y \u0026\u0026 sudo tee /etc/xdg/autostart/clipboard-wipe.desktop \u003c\u003c 'EOF'\n[Desktop Entry]\nType=Application\nName=Clipboard Auto-Wipe\nExec=/bin/bash -c 'while true; do prev=\"\"; curr=$(xsel -ob 2\u003e/dev/null); while [ \"$curr\" = \"$prev\" ]; do sleep 1; curr=$(xsel -ob 2\u003e/dev/null); done; prev=\"$curr\"; sleep 30; [ \"$(xsel -ob 2\u003e/dev/null)\" = \"$prev\" ] \u0026\u0026 xsel -cp \u0026\u0026 xsel -cs \u0026\u0026 xsel -cb; done'\nHidden=false\nNoDisplay=true\nX-GNOME-Autostart-enabled=true\nEOF\n```\n\nThat's it. Every AppVM based on that template now auto-wipes its clipboard.\n\n## How it works\n\nThe script runs a background loop that:\n\n1. Polls the clipboard every second, detects when new content appears, and waits 30 seconds\n4. Verifies the content is unchanged (protects against wiping a fresh copy you made within the window)\n5. Clears all X11 selections: PRIMARY (mouse highlight), SECONDARY, and CLIPBOARD (Ctrl+C/V)\n\n## Why the built-in wipe falls short\n\nQubes does have `qvm-service --enable VMNAME gui-agent-clipboard-wipe`, but it triggers 1 minute after your last paste operation. Copy a password and skip the paste step, and it stays in the clipboard indefinitely.\n\nThis approach wipes 30 seconds after the copy, whether or not you paste.\n\n## Qubes' two clipboards\n\nQubes has two separate clipboard systems:\n\n- **Inter-VM clipboard** (Ctrl+Shift+C/V): Handled by dom0, auto-wipes after paste\n- **Local AppVM clipboard** (Ctrl+C/V): Standard X11, persists until cleared\n\nThe script above handles the local clipboard. The inter-VM clipboard already takes care of itself.\n\n## Security limitations\n\nDefense in depth, with real limits:\n\n- The clipboard is still readable for 30 seconds\n- X11 \"clearing\" doesn't cryptographically erase memory\n- Clipboard managers may keep history\n\nFor high-sensitivity operations, consider password managers with auto-type that bypass the clipboard entirely.",
  "sig": "33b8572af7fd7fabaf05769aeb25d0bc3365c08277e6bfa5e1d896cc5d66dd3ff95375d06477de26db62f6e5b4834ce648b25abde9d5e47cd225cef295f25762"
}