Encryption appears to be in the openssl "Salted__" format (and base64 encoded). I can't infer the actual encryption algorithm configured, but it's an unauthenticated block cipher with 128-bit blocks, presumably in CBC mode, padded with PKCS7.
Additionally, the same encryption key (whatever it is, I can't see it since it's stored on the server) is shared across all users (I tested this by decrypting a ciphertext from one account on a second account).
For those of us on Linux, I've built clapboard - a lightweight clipboard manager that uses whatever dmenu-like system for GUI, and plain files as a storage backend. Because all the history is just files, you can easily sync it between devices with a tool like syncthing. Probably a bit more slower than 0.1s though!
Yeah fair point. QuickClip does store data in database, otherwise syncing between devices not possible. But here is how it works:
- Data is encrypted when sending and also when sitting in database.
- Stored only so your devices can fetch it, not for me or anyone else.
- When you delete, it’s gone. I don’t keep logs of clipboard stuff.
- I don’t look at your data, only your devices can see it.
I know trust is big thing for clipboard app. I’ll write small “how it works” page so it’s more clear. Appreciate you asking this, makes sense.
Where are the keys stored? If you encrypt the data but just have the keys in another database table, I don’t really see the point of having it encrypted at all.
I agree with others. I wouldn’t use this unless I trust how you’re handling my data security. All sorts of highly sensitive passwords and security keys hit my clipboard.
I did something similar with Claude code, I did not write a single line of code and it’s hosted on cloudflare workers. With the free tier it’s enough for one person (and I feel safer to own and host my private data). Works beautifully.
Your website does not show how it works, no screenshots, it would be better with it
Same. I vibe-coded a real-time notepad thing with optional E2E with CC over a weekend. Not going to plug it unless someone asks me to, just pointing out how easy this is nowadays.
The website does not show anything on how the product is used, which is kind of important for me as a potential customer. Especially if it's going to be effectively handling my copy/pasting of sensitive information.
Does it use some client, what do I need to install on my devices (if supported) and what permissions does it need etc? Instead I'm greeted by a login page.
It's not transparent enough for me how the product is used before signing up and that's a huge turn off.
Funny, i want Apple to STOP synchronizing my clipboard between devices. I'm doing different things on them and I don't need the last piece of code on my desktop to paste in the 'where do we go out tonight' chat on whatsapp on my phone.
If I do want to move some info i'll message it to myself thank you.
No you can't. Turning off Handoff turns off everything that synchronizes between your devices, not just the clipboard. For example call and imessage forwarding.
They decided to do it Gnome style and give the user no options.
So I just wanted to take a moment and say nice work I have a solution that works for me at the moment, although I should check if it's e2ee, but this is a great example of a simple SaaS that could really catch on and meet the niche needs of users. I like the design, I like the implementation, and I really like the price. Everyone and their 3rd cousin charges $5/month for for simple functions which I usually just pass on but yours is a great price point for the job.
I sync my history between Fire/Waterfox on my phone and laptops, and since almost anything I wanna copy and paste is in the browser, I just open whatever it is from Other Devices. For files or images, I use LocalSend now for everything.
Which is not to say there's not a big use case for this, but speaking only for myself, it's not a pain point. But it looks cool!
I inspected the HTTP requests and this is absolutely not E2EE. Clipboard contents are POSTed as plaintext to https://www.quickclip.space/api/encrypt, and can be decrypted later via https://www.quickclip.space/api/decrypt
Encryption appears to be in the openssl "Salted__" format (and base64 encoded). I can't infer the actual encryption algorithm configured, but it's an unauthenticated block cipher with 128-bit blocks, presumably in CBC mode, padded with PKCS7.
Additionally, the same encryption key (whatever it is, I can't see it since it's stored on the server) is shared across all users (I tested this by decrypting a ciphertext from one account on a second account).
Also, uploaded images are publicly reachable in plaintext and without auth: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/c...
Even better, you can enumerate ALL USER UPLOADS with the token you get by typing a random email into the sign-up without verification.
List all folders in the clipboard-images bucket (there's 5, guessing for each user):
List everything in a specific user's folder: For example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/c...jfc lol
but $LLM said it was E2EE!!1!
https://www.quickclip.space/data-deletion
.>client apps are not open source
.>data-deletion page seems to imply servers are storing images/files copied to the clipboard
.>"end-to-end encrypted" in the marketing materials.
to be fair the data can be stored and still be "end-to-end encrypted", depending on delivery method
For those of us on Linux, I've built clapboard - a lightweight clipboard manager that uses whatever dmenu-like system for GUI, and plain files as a storage backend. Because all the history is just files, you can easily sync it between devices with a tool like syncthing. Probably a bit more slower than 0.1s though!
https://github.com/bjesus/clapboard
neat!
KDE Connect does that in LAN. Clipboard sync, file transfer, contacts, calls, remote control, etc.
Came that for that, how is this different (not necessarily better) than KDE Connect which I already use daily?
KDE Connect sends data directly between your devices, while QuickClip sends data through QuickClip servers using useless encryption.
Privacy minded user : "Eh... what, no."
VC funding surveillance capitalism startups : "Here, take my money!"
/$
And you can do it over any network if you pair it with tailscale. Tailscale + KDE Connect is such a time saver.
AFAIR works also behind WireGuard.
Installed. Thanks for sharing
Cool. I just wouldn't use it at all in its current form without more information on how you handle my data.
Why should users trust you?
Yeah fair point. QuickClip does store data in database, otherwise syncing between devices not possible. But here is how it works:
- Data is encrypted when sending and also when sitting in database. - Stored only so your devices can fetch it, not for me or anyone else. - When you delete, it’s gone. I don’t keep logs of clipboard stuff. - I don’t look at your data, only your devices can see it.
I know trust is big thing for clipboard app. I’ll write small “how it works” page so it’s more clear. Appreciate you asking this, makes sense.
Where are the keys stored? If you encrypt the data but just have the keys in another database table, I don’t really see the point of having it encrypted at all.
I agree with others. I wouldn’t use this unless I trust how you’re handling my data security. All sorts of highly sensitive passwords and security keys hit my clipboard.
There is only one key, common across all users, stored server-side.
Your footer “no rights reserved just kidding” is not helping with trust building either.
fixed, thanks you for comment
I did something similar with Claude code, I did not write a single line of code and it’s hosted on cloudflare workers. With the free tier it’s enough for one person (and I feel safer to own and host my private data). Works beautifully. Your website does not show how it works, no screenshots, it would be better with it
Same. I vibe-coded a real-time notepad thing with optional E2E with CC over a weekend. Not going to plug it unless someone asks me to, just pointing out how easy this is nowadays.
Thanks for your suggestions. Would work on it
The website does not show anything on how the product is used, which is kind of important for me as a potential customer. Especially if it's going to be effectively handling my copy/pasting of sensitive information.
Does it use some client, what do I need to install on my devices (if supported) and what permissions does it need etc? Instead I'm greeted by a login page.
It's not transparent enough for me how the product is used before signing up and that's a huge turn off.
Hi, Its a simple web application, nothing is required to install
So you copy/paste things into the app on one device then copy it from the app on another device?
Oh! I thought it was more like a second copy keyboard shortcut that pushed to the cloud.
And for but the price of a coffee per month you get both dark mode and markdown support!
exactly
Funny, i want Apple to STOP synchronizing my clipboard between devices. I'm doing different things on them and I don't need the last piece of code on my desktop to paste in the 'where do we go out tonight' chat on whatsapp on my phone.
If I do want to move some info i'll message it to myself thank you.
You can turn it off:
https://support.apple.com/en-us/102430
No you can't. Turning off Handoff turns off everything that synchronizes between your devices, not just the clipboard. For example call and imessage forwarding.
They decided to do it Gnome style and give the user no options.
KDE Connect works fine for me and does more than clipboard (files, mouse sharing etc.).
great
So, real time unencrypted pastes of password manager MFA digits from active user device to CC server? Cool cool.
This is definitely not 1/2 of a smishing toolkit pretending to be a convenience utility.
So I just wanted to take a moment and say nice work I have a solution that works for me at the moment, although I should check if it's e2ee, but this is a great example of a simple SaaS that could really catch on and meet the niche needs of users. I like the design, I like the implementation, and I really like the price. Everyone and their 3rd cousin charges $5/month for for simple functions which I usually just pass on but yours is a great price point for the job.
Will definitely repost on social media!
Really appreciate your insights. Thanks
I sync my history between Fire/Waterfox on my phone and laptops, and since almost anything I wanna copy and paste is in the browser, I just open whatever it is from Other Devices. For files or images, I use LocalSend now for everything.
Which is not to say there's not a big use case for this, but speaking only for myself, it's not a pain point. But it looks cool!
I also use localSend. Amazing tool
Closed source ? i mean thanks for the project but not for me
Copy API keys
I would add examples how data encryption works. This is so sensitive topic. But if you explain it nicely, people could use the service.
I would add FAQ. Boxes seem like I can read more but I can’t.
thanks, I would work on that
> For Developers
Would you mind sharing the source code?
> Copy API keys
...yeah, I think that'd be a hard requirement. I don't think there is value in a cliboard-as-a-SaaS that is not self-hostable or even auditable.
I think you are putting the cart before the horse and putting your users at risk by integrating credit card payments before sorting out the basics.
I forgot that this was a problem for some. I’ve been op iPad iPhone and macOS for too long it guess.
yup, thats still a nightmare for a lot of people
i know a gemini 3 site when i see one lol, looks good tho! Does this work if you copy an image on your phone/laptop, will it sync to the other device?
> i know a gemini 3 site when i see one lol, looks good tho!
Ha I thought the same. I created a website that's also in this neo-brutalist style and it has the same marquee.
This reminds me of when everything used to look like default Bootstrap.
Yes, It works smoothly with texts and images both
> Would honestly love to hear, how you move stuff between devices today
In cases where iOS/macOS misbehave, I use (IMAP) email without sending anything:
- create new mail message
- paste text or add attachments
- save as draft
- open draft on other device
- copy out the data
- delete draft
Works reliably for not-too-large items
cool