I’ve had a site A and a site B opened in the same browser in a vm. I have accounts on both sites belonging to the same identity. I switched over to my passwords vault vm and copied the password for site A, then pressed ctrl+shift+c to copy it to global clipboard, switched over to the browser vm, pressed ctrl+shift+v to pass the password to vm’s clipboard, pasted the password and logged into the site A. Then I switched over to my passwords vault vm again, copied the password to the site B, pressed ctrl+shift+c, switched to the browser vm again, pasted the password and logged into the site B. Except, I did not really, because as you might’ve noticed I forgot to press ctrl+shift+v and so I just send my password to site A to site B instead. I’ve noticed and changed both passwords immediately, but if I haven’t a malicious owner of site B could take over my account on site A.
If you are to mess up you will do it either way is what I’m trying to say. I’m still a noob, but I can see myself making the same mistake just as easy after years of using Qubes. Especially since its superior security is sure to make me lazy and unfocused over time.
Don’t get me wrong I’m not complaining, the secure clipboard might be the best QOL feature of all.
Regardless if autocopying/autopasting gets implemented in any capacity, I’d like to see an option to have a nonintrusive dialog popup any time you try to pass anything from the global clipboard to a vm. It should (be able to) show the name of the target vm as well as the contents of the clipboard. I know this goes against the general idea in this thread, but personally I think it’d be a fantastic optional addition for people who do not care about having their shoulders looked over, but do worry about pasting a wrong thing in a wrong spot very much.