Big privacy issue with 1pass / dropbox sync

Options
concrnd
concrnd
Community Member
in Mac

Dropbox/1password/1password.agilekeychain/data/default/contents.js

Any program which can read filesystem is able to list all sites I visit simply by reading this file.

This is totally not nice. Why don't you encrypt this file too?

Comments

  • hawkmoth
    hawkmoth
    Community Member
    Options

    There is an updated database format coming as soon as all versions of 1Password can use it. It is the one that is used by iCloud now, so you can gain access to it by switching to iCloud for syncing. And there is a process described in the forums here to convert Dropbox to its use also. That can be read in this thread. But you will lose access to 1PasswordAnywhere if you do either of these. This newer format takes care of the issue you have raised.

    Since I don't work for AgileBits, I don't know the status of getting to a uniform deployment of the new format (opvault). And I don't know what the future plans are for 1PasswordAnywhere.

  • sjk
    sjk
    1Password Alumni
    Options

    Hi @concrnd,

    This post from @JasperP has more information about the Agile Keychain (being phased out) and Cloud Keychain (being phased in) formats that @hawkmoth was referring to:

    Post #2

    I hope that helps answer your question. If you have other questions or concerns please let us know and we'll be happy to address them. :)

This discussion has been closed.