Deskdrop syncs clipboard content and transfers files strictly across devices on the same LAN or VPN. Understanding what it protects against is essential to evaluating its posture.
A passive listener tries to read raw Wi-Fi packets broadcasted across the local network.
Once trust is established, a compromised peer can push data. You must manually revoke compromised devices.
If an attacker can read your `trust.json` or process memory, they can impersonate trusted devices. Full-disk encryption is highly recommended.
The current implementation pins the ephemeral public key from the first session. A sophisticated MITM reusing that pinned fingerprint is not defended against until Long-Term Identity Keys ship.
Device names in mDNS records are unencrypted. Observers can see which devices are running Deskdrop, though not the content being synced.