1passwords wants to connect to erroneous site

yumfatbig
yumfatbig
Community Member
in Mac

It sort of bugs me that 1password wants to connect to services like "cloudfront.net" and I'd like to know what that is about. However my query is not about that it's about me opening 1Password and discovering that it wants to connect to "appleinsider". Let me be clear that I'm not in any way having anything to do with appleinsider when this happens. there are a hundred sites in 1Password but only this one site erroneously appears continuously for no apparent reason. Why would this be happening?

http://s3.postimg.org/gg81onzur/image.jpg

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @yumfatbig‌

    What rules do you currently have in LittleSnitch for 1Password?

    I have three rules, all of which are to do with rich icons.

    Now CDN stands for Content Delivery Network and they all work in a highly distributed manner to cope with the demand their clients place on them. Think Amazon, Netflix etc. They don't run amazon.com off a single server. I'm suspecting that the reverse IP lookup has yielded an incorrect domain name in this instance. So I'm thinking if you were to have rules like mine then that request to access forums-cdm.applesinsider.com would disappear (d2x2f6qan2kccj.cloudfront.net is connected to 93 IP addresses according to LittleSnitch).

    You could also turn off rich icons from within 1Password's preferences, it's located in the General tab in the Display section at the bottom. At that point 1Password shouldn't be making any outbound connections other than to 127.0.0.1 as that's how 1Password mini communicates to the browser extension.

    Hopefully that helps explain what you're observing. If that raises more questions or you have others please post back here.

  • yumfatbig
    yumfatbig
    Community Member

    Hi, OK well the only address I see is relevant is app-updates.agilebits.com which I have set to allow. I am syncing via wifi. If I have nothing else blocked then I get a barrage of cloudfront.net requests, all of them linking to websites that do not seem to have anything to do with cloudfront.net. Like appleinsider, or harvard.edu etc, they all resolve to markmonitor.com and for some reason it bugs me when apps want to connect to millions of unrelated websites. They all pop up only if I open 1password from the mini menu app. Why do I need to allow cloudfront.net what it is it wanting to do. ?

    Any enlightenment appreciated.

  • yumfatbig
    yumfatbig
    Community Member

    EDIT: yes it does appear to be only to do with rich icons. It may be a good idea to warn users what 'rich icons' actually mean. ie, that 1Password will connect to millions of websites.

  • Jasper
    Jasper

    Hi @yumfatbig,

    1Password downloads the rich icons from Amazon CloudFront (a very popular content deliver network), but sometimes an app like LittleSnitch may report one of the CNAME records that points to the same address that we use, since CloudFront servers are used by many companies.

    From 1Password and Your Privacy:

    There is a peculiarity of how some firewall software, Little Snitch in particular, may report these connections. Little Snitch’s Connection Inspector will display “all names currently known to resolve to one of the IP addresses of the server.”

    Given how the Cloud Front content distribution network operates, the particular cloudfront.net subdomains do not correspond to a unique IP address. Nor is an individual IP address limited to a single cloudfront subdomain. For example, one of the IP addresses associated with d13itkw33a7sus.cloudfront.net is 54.230.49.141. That same IP address may also be associated with some other cloudfront subdomain entirely unconnected to Agile Bits. That IP address may also be associated with something like example.com.

    The upshot of this interaction between Cloud Front domain names, IP address, and Little Snitch’s reporting habits is that Little Snitch erroneously reports 1Password attempting to connect to example.com in that example.

    1Password is connecting to CloudFront, but because of that peculiarity, LittleSnitch may report a seemingly random domain such as forums-cdn.appleinsider.com. But it doesn't mean that the downloads aren't coming from AgileBits, it's just a different domain that is associated with CloudFront.

    You can verify that the domains (such as forums-cdn.appleinsider.com) are actually CloudFront aliases:

    $ host forums-cdn.appleinsider.com forums-cdn.appleinsider.com is an alias for d2jrhf3ig6l2k5.cloudfront.net. d2jrhf3ig6l2k5.cloudfront.net has address 54.230.71.57 d2jrhf3ig6l2k5.cloudfront.net has address 54.230.70.11 d2jrhf3ig6l2k5.cloudfront.net has address 54.230.71.86 d2jrhf3ig6l2k5.cloudfront.net has address 54.230.69.37 d2jrhf3ig6l2k5.cloudfront.net has address 54.240.188.42 d2jrhf3ig6l2k5.cloudfront.net has address 54.230.71.8 d2jrhf3ig6l2k5.cloudfront.net has address 54.240.188.246 d2jrhf3ig6l2k5.cloudfront.net has address 54.240.188.244

    Please let us know if you have any other questions. We're always happy to help!

  • yumfatbig
    yumfatbig
    Community Member

    So, let me be clear, this is all about downloading rich icons?

    thanks.

  • Stephen_C
    Stephen_C
    Community Member
    edited November 2014

    Yes, it is about downloading rich icons.

    Edit: if you want to check that just turn off rich icons (1P > Preferences > General, and under Display un-check Use rich icons) and see what happens.

    Stephen

This discussion has been closed.