Private Domain Registrations for 1password.com and agilebits.com Should Be Public Again
Like many 1Password for Macintosh customers, I ran into the developer's certificate expiration issue where 1Password would not launch correctly. As you know, the fix is to download a copy of the 1Password application from AgileBits' web servers and install the new 1Password application over the broken version on the Mac.
Here is my problem:
When I opened my browser to get the download file, I found a "1password.com" domain in the URL. I was expecting the "agilebits.com" domain. I used the terminal to perform a "whois" lookup on 1password.com and found a private registration, not AgileBits. This is NOT comforting for someone who is about to download an application from an unknown source.
It took extra work for me to confirm that I was on the correct website, and the updated version of the 1Password Mac application that I downloaded from the private 1password.com website was genuine.
I note that agilebits.com now has a private registration as well.
Here is my recommendation:
Make the domain registrations for 1password.com and agilebits.com public again. For some people, private domain registrations can be a "red flag" that the associated domain owner has something to hide, and any downloaded applications from that website cannot be trusted.
Why would a large, well-known, and highly trusted company such as AgileBits want to hide behind private domain registrations?
1Password Version: N/A
Extension Version: N/A
OS Version: macOS
Sync Type: N/A
Referrer: forum-search:domain
Comments
-
While I agree that it seems unnecessary to hide domain registration information, what really matters is that both https://agilebits.com/ and https://1password.com/ use Extended Validation Certificate to ensure that you can trust who the site belongs to:
0 -
Thanks to @rudy for his input. I would be very pleased to see AgileBits make their agilebits.com and 1password.com domain registrations public soon.
Thanks to @pervel for his observation about the certificates. I had already noticed the website certificates, which was one factor that helped me determine that the source for the download was genuine.
Another thing that you can do is check the developer signature on the 1Password application itself, before you launch it. You can do that through the command line.
0 -
@rob: Yes, I am sufficiently convinced that AgileBits owns the two domains.
To answer @sjk's question about remaining concerns: Well, how picky should I be?
The domain registrations are now public. Thank you very much. The registration address matches AgileBits physical address in Toronto, as displayed at the bottom of AgileBits web pages.
The TLS certificates name AgileBits which is very good, but they point to an address that does not match the domain registration address or the address at the bottom of AgileBits and 1Password web pages. The TLS certificates show an address of a Telsec Business Centre, which provides various types of virtual offices, meeting rooms, hot desks, etc. - basically a "rent-an-office" space.
Does the address mismatch between the domain registrations and TLS certificates matter? Does anyone care? Will it have any affect on AgileBits' bottom line? Honestly, the answers are "No." "No." and "No."
If I were AgileBits, when it is time to renew the TLS certificates (June/July 2018), I would fix the address on them ... but the only reason to do it is to show attention to detail and pride of workmanship.
0 -
Hi @EMG.
I'm not seeing that... I show the 317 Adelaide St W, Suite 910 address on both the whois information and the EV certificate. I do believe this is the street address of our office (I've never actually been!):
Say hello to the first AgileBits Office, right in downtown Toronto at Adelaide and University (the address is in our website footer)
AgileBits Blog | Greetings from the first-ever AgileBits office!
Are you seeing something different? Could you post a screenshot?
Ben
0 -
Hi @Ben - Thanks for the response. I could have been mistaken (although I try to be very careful). I believe that AgileBits changed the 1password.com certificate since my last post.
I just checked, and the agilebits.com certificate still has the Yonge Street address that I mentioned. (I checked on 1 March 2017, 19:35 UTC.) See the attached screen captures, which show what I described.
0 -
Ah yes. I was confused by the "Telsec Business Centre" part of your previous post, but 1 Yonge Street was once our address. We haven't always had an office, so rather than put the home address of one of our co-founders back when they were the only Canadians in the company, they created a business address. Now we have a lot more Canadians and we're on our second real physical office (both were on Adelaide St).
Anyway, just a bit of interesting history trivia for you. I'll pass along the note to Tim, our sysadmin guy, and see if we can get it updated next time. :)
0 -
I talked to Tim and he said we tried to change it last time (June 2016) but apparently our legal address was still Yonge Street. I guess we got that fixed by the time we got the new certificate for 1password.com (July 2016). Regardless, the Yonge Street address was valid at the time the certificate was issued. Hopefully the next time around we'll be able to get the new office address on there. :)
0
