>What's full-disk encryption do if Facebook et al are going to funnel the data off your devices anyways?
Serious answer: the threat model FDE aims to address is cold physical attacks. That's it, everything hot (or even warm) and online is outside of scope. Facebook would be more akin in class to gray non-persistent malware, although they aren't actually malware in the strict sense and do face some bounds from the law which should make filtering and keeping them off a sensitive system more straightforward. At any rate, FDE is a good idea for a bunch of reasons given how cheap it is at this point, but it's just one of many needed pieces.
More fundamentally and beyond Facebook specifically, we need better ways to control data exfiltration and transfers from our datastores to and between software and services, period. Whitelisting should be the default. Data channels like clipboard APIs should either simply not exist at all or at least require explicit user per-application sign off (and preferably even then with restrictions like requiring code signatures, timeout options etc). While single purpose hacks are generally not justified, the specific instance of passwords & keys might be important enough in reality to justify operating systems providing some much more explicit "secure pasteboard" system that is far more heavily mediated.
The Firefox Focus app for iPhone pushed out an update a few months ago that showed an active clipboard tray below the URL bar, which was shocking and freaky to see.
Anyone know whether the update had added the API or just made it visible? With the desktop browser it's enabled by default, but at least can be disabled through about:config.
Serious answer: the threat model FDE aims to address is cold physical attacks. That's it, everything hot (or even warm) and online is outside of scope. Facebook would be more akin in class to gray non-persistent malware, although they aren't actually malware in the strict sense and do face some bounds from the law which should make filtering and keeping them off a sensitive system more straightforward. At any rate, FDE is a good idea for a bunch of reasons given how cheap it is at this point, but it's just one of many needed pieces.
More fundamentally and beyond Facebook specifically, we need better ways to control data exfiltration and transfers from our datastores to and between software and services, period. Whitelisting should be the default. Data channels like clipboard APIs should either simply not exist at all or at least require explicit user per-application sign off (and preferably even then with restrictions like requiring code signatures, timeout options etc). While single purpose hacks are generally not justified, the specific instance of passwords & keys might be important enough in reality to justify operating systems providing some much more explicit "secure pasteboard" system that is far more heavily mediated.