Security concern: why is 1Password connecting to the internet?

cmroanirgo

Hi,

I recently noticed the following in my system logs (scroll right to see rest of message info):

Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.134.8:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.192.132.159:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.237:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.134.129:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.161:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.192.132.161:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.123:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.182:443@0 failed: Connection refused

This is not surprising because I use TCPBlock (an outbound firewall) to ensure that only the traffic that I want to leave my machine actually does.

What is surprising, is that all settings in 1Password that might warrant a network connection was already off:
Watchtower = Off
Updates = Off
Sync = Folder Sync

What I have installed is:
1Password Mini & browser extensions
Use rich icons = On

To save everyone the time, all of the IPs are for cloudfront.net, so it's pretty clear that the "Use rich icons" wouldn't be the reason for this.

Question:
Why is 1Password connecting to the internet? What is it for, what is the payload, etc, etc?

It is things like this that makes one very very very suspicious.
(I have since increased my vigilance as to anything 1Password is trying to do across a network connection)

---

1Password Version: 4.4.3
Extension Version: Not Provided
OS Version: OSX 10.10.3
Sync Type: Folder

Stephen_C

To save everyone the time, all of the IPs are for cloudfront.net, so it's pretty clear that the "Use rich icons" wouldn't be the reason for this.

This knowledge base article will disabuse you of that view. :)

What information can be collected with Rich Icons enabled?

Stephen

littlebobbytables

Hi @cmroanirgo,

Hopefully you found the link supplied by Stephen_C informative, if you have any further questions do please ask :smile:

cmroanirgo

Ha, yes, that about sums it up.
Doubly ironic that my first and only real assumption was completely incorrect.

Thanks

littlebobbytables

I'm glad we could help clear up the concern you had @cmroanirgo :smile: