Wayland support [Not yet implemented]

edited August 10 in Linux Beta

I Downloaded the AppImage and ran it, looks like it runs in X11 mode, even though my desktop is Wayland.

This has two issues, the first being a security issue which I think would concern you the most.

On X11, any application can easily "see" what other applications are rendering on-screen. This means that any other local application can spy on what the 1Password window (e.g.: other local applications can see my secrets!).

The other problem is that XWayland doesn't support scaling, so the 1Password window is super blurry (I guess that wouldn't be the problem if you have low resolution screens).


1Password Version: latest
Extension Version: n/a
OS Version: ArchLinux
Sync Type: n/a

Comments

  • MitchMitch

    Team Member
    edited August 9

    Hey @WhyNotHugo,

    Yes please! I also use Wayland on my desktop and appreciate its better performance and security over X11.

    You might already know that the front-end for 1Password for Linux is rendered in Electron, which is based on Chromium. Full Wayland support came to Chromium just recently in version 83 and work is ongoing to support it in Electron. We're tracking the progress closely and will be the first to support it when it's available upstream. (Perhaps even sooner with a feature flag -- this is a development preview after all.)

    Still, we expect X to stick around and be the default for most users for a long time. And even with Wayland, desktop Linux can be a hostile environment for apps. (What I'd give for a secure clipboard protocol!)

    The possibility of screen recording was taken into account when designing the UI and behaviour of the app. We've taken care to hide all secrets until they are explicitly revealed by the user -- concealed field values are not even sent to the front-end until and unless they need to be displayed. The data available to the front-end is strictly scoped to the sidebar selection in the top left to prevent exposing information from other accounts or collections, and we've added more fine-grained control over which accounts are unlocked if you have more than one. I am sure there is much more we can do to strengthen the app against both screen recording and shoulder surfing.

    As for DPI scaling, I don't know what window manager you use, but I'd recommend disabling scaling for 1Password if possible, and simply using the built-in zoom (Ctrl+=) to bump up UI elements and text while preserving their sharpness.

    -Mitch

  • As for DPI scaling, I don't know what window manager you use, but I'd recommend disabling scaling for 1Password if possible, and simply using the built-in zoom

    It's not possible to disable scaling on a per-app basis on Wayland. Scaling is per-display.

    This is why things like Chromium and Electron-apps are just a no-go on Wayland.

    My main concern is security though -- the 1Password app is LESS SAFE than using the Firefox browser extension. I find it somewhat alarming that this is considered fine, and the release app is being pushed like this (e.g.: only supporting older protocols with far no security at all).

    Still, we expect X to stick around and be the default for most users for a long time. And even with Wayland, desktop Linux can be a hostile environment for apps. (What I'd give for a secure clipboard protocol!)

    Agreed completely. There's no proper keyring protocol on Linux either (the existing one gives unlimited access to all applications, which is kind of as safe as having a text file with everything).

    You guys are most welcome to have a go at it! ;)

  • I wanted to note that initial wayland support has been merged in electron. It is only initial, and there are likely a few issues to be resolved before wayland is enabled by default.

    More info can be seen in the merged PR. https://github.com/electron/electron/pull/26022

    The flags for enabling wayland in electron are:
    electron --enable-features=UseOzonePlatform --ozone-platform=wayland

    There is also this chromium bug which will enable ozone by default for x11 and wayland (making one of the above flags redundant).
    https://bugs.chromium.org/p/chromium/issues/detail?id=1096425

    Can’t wait to try out native Linux 1password on wayland when it is ready!

  • BenBen AWS Team

    Team Member

    That is encouraging news, @vincent_chernin. Thanks for sharing! A number of us internally are running Fedora w/ Wayland so we're excited to see this as well.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file