Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement

[Jeffrey Paul via bitcoin-dev]

> On Nov 7, 2018, at 13:28, Andreas Schildbach via bitcoin-dev 
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> Copying addresses to the clipboard should be discouraged, rather than
> supported.
> 
> It is an inherently insecure mechanism. Regardless of the OS used, any
> application can monitor the clipboard for Bitcoin addresses and replace
> any address with their own, usually without any specific permission or
> confirmation by the user. Effectively this steals Bitcoins if the user
> doesn't compare addresses manually.
> 
> This is a real risk, as this kind of malware has already been seen.

One can also make the argument that if the user's clipboard is able to be 
read/modified, then their working environment is already compromised and that 
the responsibility is already not upon specific application software, but the 
user or OS.

Down here in the real world, an application that does not support copying and 
pasting of addresses is not an application that is very useful (to say the 
least) to many people who want to manage their own wallet, though I understand 
your desire to avoid such.  Perhaps offering alternatives such as supporting 
signed BIP70 payment requests is what you mean to do.

That said, I still think working around specific malware threats and vectors 
isn't the application's job, especially when doing so for a tiny, tiny fraction 
of users that have malware outweighs the needs of the 95%+ that need to support 
the "I have an address on my clipboard I need to pay" case.

Best,
-jp

-- 
Jeffrey Paul
+1 312 361 0355
+49 176 8058 2122 (signal)
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev