Don't fuck with paste
Core reaction to “don’t fuck with paste”
- Strong consensus that blocking paste is infuriating and user‑hostile.
- People especially resent it on login, signup, banking, gov, and 2FA forms, where it fights password managers, encourages weaker/memorable passwords, and forces users to expose passwords in plaintext or write them down.
- Many see it as security theater: it demonstrably worsens real-world security while satisfying checklists and auditors.
Purported reasons for blocking paste (and criticisms)
- Claimed motivations:
- “Security” in vague terms, or to stop malware/clipboard attacks.
- Prevent users from pasting the same typo into both “email” and “confirm email” fields.
- Force users to carefully type a project name before destructive actions (e.g., deleting a repo).
- Critics argue:
- These problems are better solved by autocomplete, good error messages, undo, or confirmation flows.
- Blocking paste and imposing baroque password rules leads to predictable user workarounds and lower security.
Browser UX abuses beyond paste
- Many complaints about hijacking standard shortcuts: Ctrl/Cmd‑F, Ctrl‑K, right‑click, scrolling, or even redefining Ctrl‑V.
- Some note limited legitimate cases (virtualized lists, web apps like docs/IDEs), but still prefer a way to get native browser behavior on demand (e.g., pressing Ctrl‑F twice).
- Suggestion: browsers should expose robust “force” options (force copy/paste, select, right‑click, native search).
Workarounds and tools
- Browser extensions: the discussed extension, its original version, and alternatives like StopTheMadness, plus Safari/Orion/Brave features and Firefox about:config flags.
- Bookmarklets and user scripts are popular as lighter‑weight, auditable, on‑demand fixes.
- OS-level tools (Hammerspoon, AutoHotkey, Keyboard Maestro, “type clipboard” scripts) bypass web restrictions by simulating keystrokes.
- Cruder methods: disabling JavaScript, using devtools to set input values, dragging text from URL bar, middle‑click paste on Linux.
Extension security and permissions
- Debate over extensions requesting broad permissions (“read and change all data”).
- Concerns: auto‑updates, possible project sale or maintainer compromise.
- Mitigations: loading unpacked extensions, using package managers, or preferring bookmarklets.
- Some argue the real problem is coarse-grained browser permission models.
Naming and tone
- Mixed views on the profanity in the project name and thread.
- Some see it as fitting anger toward hostile UIs; others note it’s hard to recommend in professional or family contexts.