Jump to content

Encryption for Alfred clipboard history

Recommended Posts



Alfred's clipboard history is not encrypted on-disk, and that feels very wrong.


Everything you copy—save for exclusions from specific apps—gets written, in plain text, to a file in a non-protected Library folder. To me this feels like a severe mishandling of potentially sensitive info; even if passwords get excluded, the clipboard still sees a lot of very private data. All that data is readily available to be silently read by any process, with no permission prompt.


This has been a concern for a while, but I was reminded of it because of the recent outcry around the ChatGPT for Mac app. If conversations with an LLM warrant basic data protection, then surely, your entire clipboard history deserves at least as much.

Link to comment
Share on other sites

@Cykelero When installing Alfred, the Clipboard History needs to be manually enabled on each new Mac, ensuring that the user is explicitly aware that they're saving copied items to the clipboard.


The data is also only stored locally and cannot be included in the synced data by design, so it's as secure as your Mac is.


You have the option to exclude apps entirely so that their content is never saved to clipboard, or to rely on the apps you use to identify their content as ConcealedType and AutoGeneratedType where relevant, which Alfred ignores by default.


Sandboxed apps don't have access to Alfred's clipboard database unless you grant this access, but they would have unlimited access to watch and record your macOS clipboard directly regardless of using Alfred's clipboard history (including any passwords marked as concealed).


If you're not confident that the other apps installed on your Mac are safe, and may nefariously be monitoring your Mac's clipboard or Alfred's clipboard database, you can disable the Clipboard History altogether.


As ever, we take great care of our community's privacy and security, and keep a close eye on how macOS is evolving, so thanks for your post and for sharing this.



Link to comment
Share on other sites

Thank you for your reply!


I understand that some precautions have been taken; and that sandboxed apps can't readily access the file. (I was mistaken—apologies)


But I disagree that just because a feature is optional, it doesn't need to be secure.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...