Monitoring the copy buffer, from the background, is an overreach, and doing that and then pretending like it's the reasonable thing to do is what I describe as offensive. The point I was trying to make was that even doing less than that, but not designing with an intent to be minimally invasive from the start, sets you up to head into the "outrageous scenario" that yeah, I'll grant you I completely made up. But FWIW it is also completely in line with how I've seen people operate.
Suppose you want to offer this capability but only check the copy buffer when the user has signalled an intent to provide you with input. How is that not the least galling design decision? I'm having trouble figuring out how to express that it also serves as a personal (and team-internal) signal that "we are here to serve the user, and not to take advantage of them, even if that's inconvenient for us". Maybe that doesn't matter, or maybe lacking that is what leads to things like the Uber "Ride of Glory" blog post and worse?
Something I meant to imply in my first comment, but not the reply to you, is that furthermore limiting your exposure to user data limits the likelihood that a series of bugs puts it into your logs and then leaked out to the world. No, it's not done on purpose, but no amount of good intentions fixes it. Defaulting to being less invasive also reduces your likely level of impact.
"Is it that much to ask that you find the least offensive way to serve your user?"
So, suppose UPS is not doing anything that you've just described. Say they are regexing for UPS numbers only. How would that be considered offensive?