To protect your privacy: email us with billing or account questions instead of posting here.

1Password.com subscriptions, where are they hosted?

Options
BlackMacX
BlackMacX
Community Member
in Memberships

I ask the question from the standpoint of (note, I currently use the standalone app (along with IOS versions) and synchronize them all via a shared DropBox account):

  1. Robustness: how distributed is your back-end system? Are you using AWS, etc?
  2. If a DDoS attack were made on 1Password.com, are you resolving to a single DNS and IP or is that again, distributed, say like Google.com?
  3. What is your data retention period and policy, for vault information, should a subscriber decide to cease usage of the service? '
  4. Are the Vaults still kept as separate data blobs, inaccessible to 1Password.com staff and government/law enforcement without the Secret Key and the Vault's respective Password?

I am thinking of upgrading to the Family subscription, from the standalone application setup that I have; but like any online service, that brings benefits and issues: single synchronizing process; but also, single point of attack/compromise, if 1Password.com or the back-end is compromised.

1Password Version: 6.7.1
Extension Version: 4.6.6
OS Version: 10.12.5
Sync Type: Dropbox

Comments

  • rickfillion
    rickfillion
    Options

    Hi @BlackMacX,

    Let me try to answer your questions...

    Robustness: how distributed is your back-end system? Are you using AWS, etc?

    Yes, 1Password.com is using various AWS services. A lot of the standard things... EC2 instances to run the server code, with a load balancer in front of those. Aurora instances for databases, Redis caches. S3 for file storage. It looks about how you would expect a modern infrastructure to look like.

    It's locally distributed, not geographically distributed for the main servers.

    If a DDoS attack were made on 1Password.com, are you resolving to a single DNS and IP or is that again, distributed, say like Google.com?

    Again we do pretty standard things here. We use Amazon Route 53 as a DNS. The 1Password.com webapp and file servers are backed by CloudFront, which is globally distributed. The main servers resolve to multiple IPs, though those are not globally distributed. Right now they're all based out of the same Amazon center.

    In the event of a DDoS attack that manages to be successful... what would break is sync between your devices, and access to the admin console. The apps all have a full local cache of all of your items so as a user you would be able to continue using the app.

    What is your data retention period and policy, for vault information, should a subscriber decide to cease usage of the service?

    We have this document that tries to go into that, but doesn't go into it deep enough in my opinion. We're working on making that better.

    Are the Vaults still kept as separate data blobs, inaccessible to 1Password.com staff and government/law enforcement without the Secret Key and the Vault's respective Password?

    The vault items are each their own separate blob, encrypted with the vault key. Without the vault key, those blobs are useless. The vault keys get encrypted with the user's keys, which can't be access without the combination of the Secret Key and Master Password. We have zero visibility into those blobs.

    like any online service, that brings benefits and issues: single synchronizing process; but also, single point of attack/compromise, if 1Password.com or the back-end is compromised.

    That's a valid concern. We have similar concerns when we design every part of it. We have to worry not just about ourselves today, but what we could do later. Let me give you an example. We'd love to have more analytics data. It would help us make a better product. But we worry about getting our hands on any data like that. I'm pretty certain that we'd do right and not abuse that, but can we guarantee that future us will be as nice? I'd love to say "absolutely!" but since we can't guarantee it... we take a very conservative approach and don't let ourselves get our hands on any data that we think could be abused in the future.

    I hope this answers your questions. Let me know if you'd like more information.

    Rick

  • VitalyG
    VitalyG
    Options

    Hi @BlackMacX .
    Technically our servers are distributed across of three independent data centres at the same AWS region . So the DDoS attacker should have the force to kick-off all 3 to bring us down.

    Vitaly

  • Ben
    Ben
    Options

    In addition to what is been said above you may find this link interesting:

    Law Enforcement - 1Password

    :)

    Ben

  • BlackMacX
    BlackMacX
    Community Member
    Options

    Thank you all for the answers. Considering how long I have used 1Password (since what, 2009 at least), I am not surprised about the good design, following the model of other, well established service providers. I just wanted to ask.

    Cheers,

    Anthony

  • Frank
    Frank
    Options

    Thank you for asking Anthony :smile: We appreciate the kind words and support over the years. Please feel free to stop by again if you have any additional questions, we're always happy to help out. Enjoy the rest of your day!

This discussion has been closed.