Today’s post comes to us from hacker/privacy activist Griffin Boyce, and is a repost of a column on his own blog, which was inspired by spotting an egregious ClipboardSec violation, ironically in the BBC Horizon documentary on the Deep Web. I basically badgered him into writing this, so I don’t feel guilty he’s not getting paid.
This clipboard contains instructions on accessing the high-security restricted areas of ICANN’s Virginia
doom fortress office, as well as information on the devices used to update critical backbone infrastructure.
As televisions improve clarity and resolution, the threat posed by invited camera crews will only increase over time.
However, advances in technology that help mitigate the threats posed by ClipboardSec vulnerabilities:
As you can see, this clipboard is equipped with an opaque metal cover which protects the contents from cameras, curious interns, and the intense bleaching effects of the sun. Such a cover acts as an effective mitigation of presently-identified threats, although the metal composition increases overall clipboard weight and may adversely affect user experience. Initial user feedback also reports that this solution is ineffective against both rain and coffee. (More research is needed).
Sadly, ClipboardSec vulnerabilities do not just affect the backbone of the internet, but the backbone of governments as well. Earlier this year, a critical document on the UK’s stance on the Russian invasion of Ukraine was revealed after a journalist with a camera took a picture from some ten meters away. Such events have identified a need for more research into opaque document covers and related technology.
Or, you know, just put it in a fucking folder.
As sysadmin Mike Graziano quipped, “If I ever see the contents of your clipboard on television again I will shove it up your ass. As the modifier is left dangling this could be the contents, the clipboard or the television, depending on my mood.“
Griffin Boyce is an independent researcher focused on censorship, usability, and communication. He’s also an open-source software developer, with a keen interest in educating the general public about online privacy. His projects include Cupcake (wrappers for flashproxy), Satori (censorship-resistant software distribution), and Stormy (easy Tor hidden service creation).