Support unsigned custom browsers
I would really like to use LibreWolf as my primary browser, but I cannot currently since integration with 1Password is not permitted. 1Password currently only supports properly signed and Apple-notarized browsers, and LibreWolf does not do this on principle.
Why is LibreWolf marked as broken?
It is possible that Apple Silicon users see their recently downloaded LibreWolf flagged as broken or unsafe by the OS.
This happens because we do not notarize the macOS version of the browser: we don't have a paid Apple Developer license and we don't want to support this signing mechanism that is put behind a paywall without providing significant gains.
I know there has been a lot of work recently done to make supporting new, obscure, and custom browsers much easier in 1Password, but this functionality still falls wildly short by not allowing me to actually choose the browser I want.
I know security is paramount for 1Password, but I believe it should be my decision to allow an unsigned browser if I want to.
Is there any plan to extend the functionality of custom browsers to allow unsigned or non-notarized browsers in the future?
1Password Version: 8.10.36
Extension Version: Not Provided
OS Version: macOS 14.5 (23F79)
Browser: LibreWolf
Comments
-
Hello @t3rminus! 👋
Thanks for reaching out. On macOS, the 1Password app verifies the browser’s code signature for authentication when it establishes the connection between the app and the browser extension. This authentication is designed to make it difficult for other applications and malware to intercept the account information and encryption keys that are passed through the connection. Without this authentication process, 1Password is unable to verify the app that is trying to communicate with it.
With Librewolf not being signed, the two available options are:
- Use 1Password in the browser without app integration.
- Use another browser that is signed by the developer.
That being said, I've passed your comments along internally and the team will continue to look out for ways to give users more control without compromising security.
-Dave
ref: PB-40927345
0 -
Hi Dave. I understand why this choice was made, but please pass along that I feel the reasoning is deeply flawed.
If I choose #1 and use an unsigned browser without the extension, there's nothing stopping malware from altering the browser executable and stealing all my credentials via the extension anyway. I fully understand the risks of an unsigned browser, and would like to be able to make my own choices.
There's no additional security hole that doesn't already exist by running unsigned code in the first place. All you're doing is providing a degraded experience as punishment.
LibreWolf, and other custom-compiled browsers are increasingly popular among privacy-focused individuals as more browsers add in more tracking and data collection systems. Judging by the number of comments on the closed Experiment thread (where I voiced the same opinion at the time as well), I'm far from the only one who feels this way: https://1password.community/discussion/141779/experiment-2-custom-browsers
Thank you for taking the time to reply.
0 -
When you choose to add an additional browser to the 1Password app, 1Password needs to make sure that it is communicating with the browser that you've actually chosen to add and not another app masquerading as that browser or malware that has hijacked that browser.
When you add an extension to a browser, you're making the trust determination yourself. But when you add an additional browser to the desktop app, 1Password has to make sure that it is respecting your choice by only communicating with the genuine browser that you've told it to communicate with.
Relying on the code signature may not be the only way to accomplish this goal and I've passed along your comments to the team and let them know that you'd like to see more choice be available here. Thanks again for the feedback!
-Dave
0
