Little Snitch Report: 'This connection is not documented'. Security and/or privacy issue?

TMEI

In settings I did uncheck 'Show app and website icons'. Despite 1Password wants to connect to cachefly.net. I'd favour it if my password manager would stick to my privacy settings...

---

1Password Version: 8.10.22
Extension Version: n/a
OS Version: macOS 14.2
Browser: n/a

Dave_1P

Hello @TMEI! 👋

Thank you for reporting the issue. We do have an internal work item open to add *.cachefly.net to our Internet Access Policy file and I've added your report there so that our developers are aware that you've run into this issue. We use both CacheFly and Cloudfront to host various resources including rich icons.

In settings I did uncheck 'Show app and website icons'. Despite 1Password wants to connect to cachefly.net. I'd favour it if my password manager would stick to my privacy settings...

Just to confirm, did you recently uncheck "Show app and website icons" or is that something that you unchecked a long time ago? Let me know and I can look into this further. 🙂

-Dave

ref: dev/core/core#24295

TMEI

Positive. I checked and unchecked to make sure it didn't got stuck. As soon as I'm searching in 1P it want's to connect to cachefly.net regarding the results list.

Dave_1P

@TMEI

I'm sorry for the delay in responding. I installed Little Snitch on my own Mac and I've been able to reproduce the same issue. I've flagged this to the team and I'll report back as soon as I have an update.

-Dave

ref: dev/core/core#18541

Dave_1P

@TMEI

Thank you for your patience. Our developers have included a fix for the rich icons cache issue in the latest nightly version of 1Password for Mac. I've tested the nightly on my Mac and confirm that Little Snitch is no longer showing the desktop app trying to reach out to the cache server if rich icons are turned off.

Once the fix has been fully tested it will be included in the beta and then production versions of 1Password in the future. Let me know if you have any questions. 🙂

-Dave

Dave_1P

@TMEI

I wanted to send you a message that the rich icons issue is now fixed in the stable version. Please update to version 8.10.24 or later: How to keep 1Password up to date

Thank you again for your patience and your report. If you still see the issue after updating and restarting 1Password then please let me know.

-Dave

ref: dev/core/core#18541

TMEI

Thank you. I can confirm with version 8.10.24 rich icons are now working as expected. No connection to cachfly.net is being made.

Dave_1P

Thank you for the confirmation and for the original report!

-Dave

Ward

When Little Snitch spontaneously popped up its "Warning – This application’s Internet Access Policy does not describe this particular connection," I became concerned because I'd not seen a notice like this before. Searching this forum found numerous Closed reports about this Warning.

I'm joining this recent report to see if I should be concerned about 1Password's connecting to <b5n.prd.us.1infra.net>. I checked the 1infra site, which appears to be legitimate, but it's completely new to me.

How should we respond to these Little Snitch Warnings?

To get rid of the current Warning, I tried Deny Once – the Warning came right back. Deny For 2 Hours has taken care of it for now.

Dave_1P

@Ward

Thank you for the report. I've brought this up to the team and I can confirm that b5n.prd.us.1infra.net is our domain. It appears that Little Snitch is detecting b5n.prd.us.1infra.net instead of the canonical name b5n.1password.comwhich is listed in our Internet Access Policy (IAP) through the *.1password.com wildcard.

I've opened internal work items to update our IAP file and to update our documentation that lists the ports and domains that 1Password uses.

Let me know if you have any questions.

-Dave

ref: dev/core/core#28180
ref: dev/web/support.1password.com#4346