Rich icon image server: Privacy
On your help page you state the following:
Although it may not be possible for us to collect IP addresses of requests
coming in to the Rich Icon image server, uses should assume that it is
possible for Amazon to do so if they wish to or are compelled to.
I understand that you maintain a server which caches the rich icons.
As a customer of course I would love to see rich icons in the 1Password apps
but I don't want to transfer any information about websites I use to third parties
e.g. Amazon.
I would suggest to offer one of the following options for customers
concerned in privacy:
1) Users can ask 1Password to download a set of the 10.000 most requested
rich icons. Then 1Password would pick rich icons from this downloaded set
and NOT request the image server on the internet then
(if the user has logins for websites which aren't listed in this set
he can still add icons manually)
or
2) The 1Password app sends an encrypted request for the required
website icons to the 1Password server. Then the server fetches the
relevant icons from the rich icon image server and sends back an
encrypted set of rich icons. (i.e. there's a proxy so that
Amazon never get the IPs of the end user)
I have a question additionally to the feature request above:
Let's say I have a login for http://myusername.hoster.de
Will 1Password currently only submit hoster.de to the
Rich Icon Image Server or myusername.hoster.de?
Thanks a lot in advance!
Comments
-
Hi @HappyUser,
1) Users can ask 1Password to download a set of the 10.000 most requested rich icons.
That's actually how 1Password handles Watchtower, we download a database file from our server and run the data locally on your side.
However, downloading 10,000 icons is not sustainable because keep in mind these are image files, which means they're not compressible. Not everybody have 10,000 items and unlimited bandwidth. Even 100 sites would be around 50-100MB to download,
That's why we built it the way we did, to reduce the amount of bandwidth being used.
2) The 1Password app sends an encrypted request for the required website icons to the 1Password server. Then the server fetches the relevant icons from the rich icon image server and sends back an encrypted set of rich icons. (i.e. there's a proxy so that Amazon never get the IPs of the end user)
The traffic is being handled via SSL, so the middle part between 1Password and our image service is secured already. However, our image service is being run from Amazon's CDN network, there's no way you can bypass the IP being logged there by Amazon. We don't keep logs like that.
In the recent updates to the Mac and iOS app, we restricted the access to the cache service to only authorized copies of 1Password. So, no other apps can access our service either. We continue to investigate for more solutions to protect the privacy of our users.
Let's say I have a login for http://myusername.hoster.de: Will 1Password currently only submit hoster.de to the Rich Icon Image Server or myusername.hoster.de?
We send the subdomain with the domain name (nothing else). If the subdomain doesn't exist, we automatically check the main domain. Sometime we have rules on our server to avoid checking the subdomain and automatically pull the icon for the main domain name.
0 -
@MikeT Thanks for your detailed answer.
I had expected that one image in e.g. 3 different thumbnail sizes would highest need 50kb - depending on file type, resolution and content maybe less.
Nevertheless you are right that high image counts would result in high traffic as well.Therefore some kind of anonymous proxying probably would be the simplest solution:
user ===> encrypted request to 1Password server ===> anonymized+encrypted request to image serverThe image server would then send the response back to the 1Password server which is the only one which knows the IP of the user.
This way one could ensure that the image server never gets the user's IP or other sensitive information.0 -
Hi @HappyUser
@MikeT may be much better placed to answer your queries as I don't deal with any of the backend matters. There was one aspect that puzzled me though. We're using Amazon for CDN services and I believe you do that for bandwidth and uptime more than any other reason. If everything was going via a 1Password server so we could anonymise it doesn't that defeat the purpose of using a CDN in the first place?
0 -
Without knowing the technical details:
If Amazon doesn't offer the required high level of privacy maybe the price you have to pay is not to use an Amazon CDN.0 -
Hi @HappyUser
If there were such a change it would probably take time to fully implement. Given your feelings on this matter I feel it best to check and see if you're aware of the Rich Icon setting in 1Password's preferences. You probably are but just for the sake of completeness. In the General tab of 1Password's preferences there is a setting titled Use rich icons. Unchecking that box will mean you can be confident that Amazon are not involved at all. Custom icons are not impacted either for those you've added in the past or add in the future. For the present that would seem your best option.
0