[bitcoin-dev] BIP Proposal - Address Paste Improvement

[Jeffrey Paul]

> On Nov 7, 2018, at 13:28, Andreas Schildbach via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> 
> Copying addresses to the clipboard should be discouraged, rather than
> supported.
> 
> It is an inherently insecure mechanism. Regardless of the OS used, any
> application can monitor the clipboard for Bitcoin addresses and replace
> any address with their own, usually without any specific permission or
> confirmation by the user. Effectively this steals Bitcoins if the user
> doesn't compare addresses manually.
> 
> This is a real risk, as this kind of malware has already been seen.

One can also make the argument that if the user's clipboard is able to be read/modified, then their working environment is already compromised and that the responsibility is already not upon specific application software, but the user or OS.

Down here in the real world, an application that does not support copying and pasting of addresses is not an application that is very useful (to say the least) to many people who want to manage their own wallet, though I understand your desire to avoid such.  Perhaps offering alternatives such as supporting signed BIP70 payment requests is what you mean to do.

That said, I still think working around specific malware threats and vectors isn't the application's job, especially when doing so for a tiny, tiny fraction of users that have malware outweighs the needs of the 95%+ that need to support the "I have an address on my clipboard I need to pay" case.

Best,
-jp

-- 
Jeffrey Paul
+1 312 361 0355
+49 176 8058 2122 (signal)