What is 1PasswordThumbs and why is it contacting ad networks?

I utilize a network sniffer on my Mac called Little Snitch, for those not familiar with this software it both shows and stops, until permission is given, all network traffic leaving your computer.

For trusted applications and OS activities I tend to give permanent permission for the application or OS process to communicate. Once or twice a year, I delete those and watch what the application may be doing.

Today, I created an account with an online Mac parts supplier, one I have done business with for years. As part of that process I created the account/login information in my 1Password so that it would be available on all my devices.

Immediately, after pressing the Save button in 1Password, a dozen windows began to open for stats.g.doubleclick.net, www.google.com counter.hitslink.com, ads.p.veruta.com and a number of other sites, identified and unidentified.

In the Little Snitch details 1Password was identified as the parent application.

I would be stating the obvious to say that a password vault and its operations are a highly sensitive service and I hope AgileBits would understand why I might find this troubling.

Can you please explain what is taking place?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Here is a screenshot from Little Snitch.

  • I don't know why particular site should be contacted, especially the ones that seem to be associated with ad servers. But if you have Rich Icons enabled, that will generate new traffic while 1Password contacts the icon server to see if there is an icon for your newly saved site login.

    Perhaps you'll find the section about Little Snitch in 1Password and Your Privacy of interest. If those particular contacts don't make sense after reading that, perhaps someone who knows more about the stuff under the hood of 1Password will be able to respond.

  • You haven't said what version of 1P you are using. Is it by any chance 1Password 3?


  • Hello @Garrett Cobarr,

    I've moved your thread from our Mac forums to the legacy section that deals specifically with 1Password 3. As you can surmise Stephen_C is on the right track as not only is that the icon for 1Password 3 for Mac but 1PasswordAgent is also the helper app we used in 1Password 3 only (later versions have a helper process titled 1Password mini).

    In 1Password 4/5 we moved to a system where we store a number of icons for popular sites and this allowed us to restrict Rich Icon requests to a single URL under our control. It would seem things were quite different with 1Password 3 where I was a user myself but but not part of the team or privy to the mechanisms used. This page, Why is my outbound firewall reporting a connection from 1Password – are you ‘phoning home’? will hopefully explain matters. Let us know if that was or wasn't helpful :smile:

This discussion has been closed.