DEV Community: Nowshad Hossain

Why We Built a Zero-Knowledge Clipboard Manager for Developers (And Dropped Native Mobile Apps)

Nowshad Hossain — Thu, 21 May 2026 16:55:25 +0000

As developers, our system clipboard is a live, running history of our most sensitive data. On any given day, you and I are copying and pasting AWS keys, database connection strings, .env variables, and proprietary code blocks.

The problem is that traditional, consumer-grade clipboard managers treat this data like ordinary text. If they offer cloud syncing, they usually pass your raw data to a centralized database where it is stored or decrypted on their servers. One data breach on their end means every secret you’ve copied over the last year is exposed to threat actors.

We built Encrypted Clipboard Manager (ECM) to completely change this architecture. It is a local-first browser extension designed explicitly to give developers a secure clipboard history without compromising data privacy.

💻 How It Works Under the Hood

To bridge the gap between convenience (syncing across devices) and absolute security, ECM relies on a Zero-Knowledge, Privacy-by-Default framework:

Local-First History: The extension intercepts and caches your clipboard data entirely inside a local browser sandbox. No network access is required for standard operations.
Client-Side Encryption: If you choose to enable cloud syncing, the payload is encrypted on your machine before it ever hits the network. Using the native Web Crypto API, your data is transformed into ciphertext using a password only you know. The sync server acts as a blind relay-it cannot read, parse, or decrypt your history.
Smart Sharing (New in v4.0.0): When you need to securely send a credential or snippet to a teammate, ECM generates a secure link directly from your sidepanel. The recipient prompts for a password, and the browser decrypts the stream natively, mapping the original file type (MIME-type) seamlessly for instant download.

📱 The Mobile Strategy: Why We Dropped Native Apps for a Web Dashboard

A common question we get is: "Where are the native iOS and Android apps?"

The answer comes down to modern operating system sandboxing. Both iOS and Android no longer allow background applications to automatically and silently sniff the system clipboard for security and privacy reasons. To sync a clipboard item on modern mobile OS layers, a native app would require you to manually open it every single time just to trigger a clipboard read.

Because background automation is dead on mobile, there is fundamentally no functional difference between a native app and a secure web app.

Instead of bloated native mobile clients, we built a secure, mobile-responsive web dashboard. Through this dashboard on iOS or Android, you can:

Decrypt & Access: Securely pull and view your existing synced history on the go.
Add & Sync Back: Manually add new sensitive items or snippets directly into the web dashboard. The moment you save them, they are encrypted client-side and synced seamlessly back to your desktop environments via the browser extensions.

🔍 Auditing the Crypto Core

We believe you should never blindly trust a security tool just because the landing page says "encrypted."

While the core browser extension interface and frontend client code are closed-source, we have open-sourced the entire cryptographic engine driving the application.

We did this so the developer community can directly audit the mathematical implementation, inspect the Web Crypto logic, and verify that there are absolutely no backdoors in how keys are generated or handled.

You can review the repository, audit the code, or pull it into your own security pipelines via npm:

npm i @encryptedclipboard/crypto

Let’s Chat Architecture!

We are building ECM in public and want to tailor it perfectly to developer workflows.

How do you feel about the changing landscape of OS clipboard restrictions? Does a local-first extension + web dashboard setup fit how you move secrets between devices? Let’s talk in the comments below!

Why I Chose Svelte and Zero-Knowledge Encryption for My New Chrome Extension

Nowshad Hossain — Mon, 26 Jan 2026 03:50:02 +0000

Building a clipboard manager sounds simple until you consider the two biggest constraints in 2026: Privacy and Browser Performance.

I just launched the Encrypted Clipboard Manager, and I wanted to share some of the technical decisions I made while building it-specifically why I moved away from common extension patterns in favor of Svelte and E2E encryption.

1. Why Svelte for a Chrome Extension?

Most extensions use React or Vue, but for a tool that lives in the Side Panel and interacts with every page you visit, bundle size and "cold-start" time are everything.

Svelte was a non-negotiable choice for me because:

No Virtual DOM: Svelte compiles to highly optimized vanilla JS. When the Side Panel is opened, it's interactive almost instantly.
Reactive State: Managing clipboard history updates across multiple components (Sidebar, Floating Notch, Settings) is incredibly clean with Svelte’s $state and $effect signals.

I used a centralized Svelte store to handle real-time updates from the background service worker, ensuring that the UI always reflects the local IndexedDB state without unnecessary re-renders.

2. Implementing Zero-Knowledge Encryption

"Privacy by design" is hard. For this extension, I implemented a Zero-Knowledge Architecture using the Web Crypto API.

The flow works like this:

Local Encryption: Before an item (text or image) is synced to the cloud, it is encrypted locally in the background service worker using a user-defined master password.
PBKDF2 Derivation: I use PBKDF2 to derive a strong encryption key from the password, combined with a local salt.
No Keys on Server: The raw password and the derived key never leave the user's browser.

This ensures that even if my backend was compromised, the data stored in MongoDB is just unreadable blobs.

3. Utilizing the Chrome Side Panel API

One of the biggest UX improvements I made was moving away from the traditional "Popup" UI. Popups are ephemeral—they close as soon as you click the page.

By utilizing the Side Panel API, the extension now has a persistent home.

// Opening the side panel on command
await chrome.sidePanel.setOptions({
  path: 'sidebar/index.html',
  enabled: true
});

This allows for a true multitasking workflow where you can drag and drop items from your history directly into your active tabs.

4. Performance & Memory Management

Handling images in a clipboard history can quickly bloat memory if not handled correctly. I used IndexedDB for local storage and implemented a proper thumbnail generation service in an offscreen document.

This keeps the main background script lightweight while offloading the heavy lifting of image processing to a separate thread, preventing browser jank.

The Result

The result is a clipboard manager that is:

Fast: Svelte-powered and Side-Panel native.
Private: Zero-knowledge encryption by default.
Reliable: Handles binary data and complex sync logic without breaking a sweat.

I’d love to hear from other extension devs, how are you handling E2E encryption in your apps?

Check out the project: EncryptedClipboard.app

or upvote us on Peerlist!

Chrome DevTools is missing these features, so I built them myself

Nowshad Hossain — Sat, 27 Dec 2025 18:16:14 +0000

The Struggle with Default DevTools 😫

If you are a full-stack or frontend dev, you know the limits of the Chrome "Application" tab.

IndexedDB is a black box. You can view data, but creating a new Database, adding a Store, or importing/exporting a full DB? Impossible without writing console scripts.
Testing multiple accounts is painful. To switch users, you have to clear site data, refresh, and log in again. Or juggle 5 different Incognito windows.
Sharing sessions is hard. If you want to move your logged-in state from Chrome to Brave, or send a session to a co-worker to reproduce a bug, you're stuck copy-pasting cookies one by one.

It felt like the tooling was stuck in 2010.

So, I Built the Ultimate Solution 🛠️

I created Easy Local Storage Manager.

It started as a simple JSON editor, but it has evolved into a complete Storage & Session Management Suite. It handles LocalStorage, SessionStorage, Cookies, and now IndexedDB.

Here is why it’s a game-changer for your workflow:

1. Complete IndexedDB Management 🗄️

Most extensions ignore IndexedDB because it's complex. I didn't.

Full Control: You can create new Databases and Object Stores directly from the UI.
CRUD Actions: Add, edit, or delete data records easily.
Import/Export: You can export an entire IndexedDB (or just a specific store) and import it back later. This is a lifesaver for debugging offline-first apps (PWA).

2. User Profiles (Switch Accounts Instantly) 👥

This is my favorite feature for QA and testing.
You can create isolated "User Profiles" for any host (e.g., localhost:3000 or production.com).

How it works: Save your current storage state (Local + Session + Cookies) as "User A". clear it, log in as "User B", and save that.
The Magic: Click "User A", and the extension automatically wipes the current storage and injects User A's data.
Result: You switch accounts instantly without logging out/in manually or using Incognito windows.

3. Cloud Sync as "Access Sharing" ☁️

The Cloud Sync isn't just for backup; it’s for moving access.
You can sync your LocalStorage, SessionStorage, and Cookies to the cloud (End-to-End Encrypted).

The Use Case: Login to a site on Chrome. Sync it. Open Brave (or another device), hit "Restore", and boom - you are logged in automatically.
Note: It requires webNavigation permission to apply cookies correctly, but it effectively lets you "teleport" your session across browsers.

4. The Basics (But Better)

JSON Tree Editor: Edit storage values as objects, not strings.
JWT Decoder: Built-in decoding/encoding for tokens.
Deep Search: Find values nested deep inside JSON objects.

Why use it?

It replaces the need for separate extensions (Cookie Editors, Storage Cleaners, Session Managers) and puts everything into one professional dashboard. It operates on a Freemium model—core features are free, while Cloud Sync and advanced profile management are for power users.

Try it out

I’d love to hear your feedback, especially on the IndexedDB features!

👉 Download Easy Local Storage Manager

(Drop a comment if you have specific feature requests!)