https://bugs.kde.org/show_bug.cgi?id=410360
Pedro V <voidpointertonull+bugskde...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |voidpointertonull+bugskdeor
| |g...@gmail.com
--- Comment #2 from Pedro V <voidpointertonull+bugskde...@gmail.com> ---
(In reply to René from comment #1)
> 2. members don't want to be permanently connected to avoid clipboard paste
> conflicts
> 3. privacy issues in Android
Part of this is covered by Bug 392164 .
It's not really a small office or household specific issue though.
Android is no longer really open source, phones are more of magical blackboxes
nowadays instead of portable personal computers they were a decade or so ago.
The "soft unpair" (I'd rather say pause) approach would be okay as a quick
workaround, but I believe that finer-grained control is what's more desired
here. For example the Run commands plugin gets it right, the user needs to
whitelist commands first. Some examples of what's way too coarse-grained:
- Clipboard: The lack of "single shot" sends just makes it too much of a
security risk. Generally I'd also expect the automatic synchronization to drain
phone battery quite a bit.
- MprisRemote + Multimedia control receiver: Would be great to start/stop/pause
music and maybe some videos, and also adjust the volume, but that comes hand in
hand with sending info on every piece of multimedia playing with no exceptions.
There's no way to disable metadata sending even though the multimedia buttons
on some keyboards already work quite well without knowing what's playing, and
there's also no whitelist to limit to just some specific programs as metadata
can be useful after all.
- LockDevice: Just recently found out that this isn't just for locking, it's
also for no questions asked unlocking, going both ways. The "Locks your
systems" made it look like a security feature I figured I'd use one day as it
sounds great to be able to lock a remote host, but there aren't any settings so
I ended up with a huge security hole of connected devices being able to unlock
each-other.
Generally KDE Connect is way too trusting, and the default settings are really
not secure. I really appreciate the handful of features I use, but I just keep
most of the plugins disabled as it's too risky to have them enabled.
Speaking of which, relevant heads up: With LockDevice I got to know the hard
way that disabling plugins don't actually unload them, so highly likely it's
not enough to just temporary disable Clipboard either to achieve what's desired
here.
Also, there's a potential clipboard-specific solution Wayland "promised", but
unfortunately it's not here (yet?). If clipboard reading would need user
interaction, then clipboard contents simply just couldn't spread
unintentionally.
While this would break interaction-free automatic clipboard synchronization,
I'd enable such a secure clipboard option in KWin without a second thought, and
the KDE Connect Clipboard plugin would also become more useful by not sending
everything.
--
You are receiving this mail because:
You are watching all bug changes.
