Support for Vivaldi snapshot releases

NSPredicate
NSPredicate
Community Member

Up until today, Vivaldi snapshot releases worked flawlessly with 1Password. In order to separate the stable channel and the snapshot channel a bit better from each other, Vivaldi snapshot releases are now named "Vivaldi Snapshot.app" instead of "Vivaldi.app" and they use "~/Library/Application Support/Vivaldi Snapshot/" instead of "~/Library/Application Support/Vivaldi/" as their settings/profile folder.

As a consequence of this change, 1Password now throws a "1Password can't verify the identity of your web browser" error message when using a Vivaldi snapshot release. The snapshot releases are still signed and notarized, so I am hoping all that would need to be done is to be allow-list the app name "Vivaldi Snapshot.app" inside 1Password.

If you could make 1Password compatible again with Vivaldi snapshots, it would be greatly appreciated. Having to chose between waiting for great new Vivaldi features for up to 6 weeks after they are released and being able to auto-fill passwords with 1Password is not a great situation to be in. :smile:


1Password Version: 7.5
Extension Version: 4.7.5.90
OS Version: macOS 10.14.6
Sync Type: Dropbox

Comments

  • Hi @NSPredicate

    I'm sorry to hear about the trouble resulting from the change to how Vivaldi snapshot releases are handled. As far as I'm aware we're not considering adding additional code signatures for browsers to 1Password for Mac at this time. I will see if I can get confirmation on that from our development team, though. For now the only way to use 1Password in such a release would be with our 1Password X extension (requires 1Password membership), which does not communicate with the 1Password for Mac app, and as such doesn't require code signatures to be added there.

    1Password X

    I'm sorry I don't have the answer you were probably hoping for, but I hope 1Password X helps.

    Ben

  • NSPredicate
    NSPredicate
    Community Member

    Thank you for the swift reply, @Ben, but I really hope that this will not be the final answer, since a 1Password membership is not an option for me.

  • emb4c
    emb4c
    Community Member

    I would also like to request that "Vivaldi Snapshot" is added to 1Password for macOS. If y'all are updating the application for macOS, it wouldn't seem like an unreasonable request to do this. 1Password membership is not an option for me neither. Thank you for considering.

  • henderea
    henderea
    Community Member

    I'm also having this issue. I really don't like the design of 1Password X, so I would rather be forced to use the stable channel of Vivaldi than resort to 1Password X. That said, I don't see what the issue is with adding Vivaldi Snapshot support. Is it really that hard to add a new browser? I'm not expecting an immediate release to fix this, but I would really appreciate it if you could include it in an upcoming release that you were already working on anyway. I'm going to be unable to use Vivaldi Snapshot until this gets fixed, and I much prefer the snapshot version over the stable one.

    Honestly, if you could just bring back the option to allow unsigned browsers again, even if it's only as a hidden option that you need a shell command or other special steps to activate, that would be good enough. Being limited to browsers that the 1Password team specifically adds support for is less than ideal, and the 1Password X extension isn't any better.

  • Thanks for the feedback, folks. I'll hit on a couple of the points here:

    1Password membership is not an option for me

    This issue aside, membership is the way forward. I'd strongly urge you to reconsider if you want to stay up to date with 1Password. If you have questions about that I'd encourage you to reach out to us at support@1password.com.

    Is it really that hard to add a new browser?

    I don't believe that the act of adding the code signature is at all difficult or time consuming, but rather the vetting process that we have in place in order to consider doing so. This ties into my next point:

    Being limited to browsers that the 1Password team specifically adds support for is less than ideal

    I understand that, however, the whole purpose of checking code signatures against a known database is to make sure that we aren't turning 1Password data over to an untrusted or potentially malicious process, such as malware. By only allowing connections from signatures we've verified we're able to significantly increase the security of the process.

    I'd encourage everyone to make their decisions based on the current state, as it doesn't sound like this will be changing, at least not in the immediate future.

    Ben

  • henderea
    henderea
    Community Member

    @Ben You seem to have overlooked my comment about adding a hidden option to disable the code signature check. Note the term "hidden", as in you have to actually know what you're doing in order to find it. Either that or maybe add a hidden functionality that lets expert users add specific code signatures into their local database? As I said, I really don't like the design of 1Password X and would rather be forced to use the stable channel of Vivaldi than resort to using 1Password X. It's fortunate that I have the stable channel of Vivaldi as an option, but it's definitely less than ideal.

    I think adding some sort of functionality that can only be used by people who really know what they're doing would be the best way to handle cases like this if you don't want to go through the vetting process for obscure browsers. I really liked the old option for ignoring unknown code signatures, and would appreciate a way to bring that back in some form or another. I'm perfectly fine with using a command-line tool to make the change and having to confirm my intention 20 times before it accepts that I understand the risks and allows the change. I think most people who use browsers that you haven't vetted are probably not casual computer users, so it shouldn't be an issue to put the functionality for allowing un-vetted browsers behind some sort of super-hidden undocumented option/behavior, but it would be nice to have that functionality. Some people want to use uncommon Chromium browsers, and not everyone is able or willing to use 1Password X.

    Alternatively, you could make the ability to enable individual custom browsers be an add-on service that people have to pay for. I'd totally be willing to pay extra to be able to use 1Password with whatever browsers I want. If you put the add-on service behind a user agreement that absolves you of any responsibility for data getting sent to malicious browsers (and make that point very clear), then anyone who gets their data taken because they misused the functionality would only have themselves to blame and wouldn't be able to sue you. You could also collect data on what custom browsers people are enabling and use that to inform vetting decisions. If enough people are paying for custom browser support, then that would surely help offset costs for vetting browsers that a sufficient portion of those users are enabling.

  • henderea
    henderea
    Community Member

    On another note, @emb4c and @NSPredicate, what is it that prevents you from using a 1Password subscription? Maybe something could be done to enable you to use 1Password X in Vivaldi Snapshot. Is the recurring payment the issue, or is there some sort of functionality you rely on that you can't get with the subscription service?

    Personally, my main issue with 1Password X is that the UI (and keyboard shortcut) don't match the traditional 1Password experience I rely on, and adapting to the differences doesn't feel worth it to me. If I could get a version of 1Password X with the cmd-backslash keyboard shortcut I rely on heavily for filling in the passwords and an overall UI similar enough to 1Password, I wouldn't be opposed to switching. I use the subscription service, so my only reason for not using 1Password X is that I just don't like the way it currently is, but that's a pretty major factor for me.

  • NSPredicate
    NSPredicate
    Community Member

    When I wrote the OP, I was a bit tongue-in-cheek with the "please don't make me wait for 6 weeks for great new Vivaldi features", because I didn't expect the request to get denied. What I should have written instead is that 1PW is no longer compatible with Vivaldi snapshots, and that since it is important to detect potential issues between 1PW and Vivaldi before a stable release is pushed to everyone, it would be really good for Vivaldi snapshots to get whitelisted again in 1PW.

    In other words, the request was not to add support for a new browser in 1PW, but just to whitelist the app name "Vivaldi Snapshot", so that 1PW testing can continue unimpaired with Vivaldi. There have been a few issues between 1PW in Vivaldi in the past, and it was really helpful to become aware of them and be able to report them them 6 weeks before the issues would have been pushed to everyone in the regular stable releases.

    1PW generally supports pre-release channels for all the browsers it supports. For Opera, for instance, even three channels are supported: Opera, Opera Beta, and Opera Developer. So excluding Vivaldi pre-releases with a "Sorry, they changed the name of the snapshot version a bit too late" does not strike me as particularly reasonable.

  • We do support Vivaldi Snapshot builds in 1Password X. From what I'm hearing from our development team, the situation beyond that is unlikely to change. I do apologize as I know that isn't the answer folks here would like to hear. We are not currently adding any new code signatures to 1Password for Mac. The same situation applies to Opera GX. We will also not be adding a preference, hidden or otherwise, to disable code signature checking.

    If you'd like to use browsers for which we do not already have a code signature in 1Password for Mac, 1Password X is the only alternative solution we're able to offer. I apologize for any inconvenience that causes.

    Ben

  • dragon1
    dragon1
    Community Member
    edited January 2021

    Hi,

    first of all thx for your nice product. (this is my first post).

    I'm using it since a long time.

    But a few weeks ago I changed to a Mac and use Vivaldi as a browser. As I found out, there is no direct 1PW Vivaldi browser extension.
    I can find the extension for Safari (built in), Chrome, Firefox, Brave Browser but no dedicated Vivaldi extension.

    As far as I understood, I can select the 1PW extension from the chrome store.

    But it's latest version ist from may 2020. But there are also other extensions like 1Password X and 1Password X beta.

    So what 1PW do I need now?

    And did I understand it the right way, that you will give up on 1Password for mac and everything has to be 1Password X?

    So what is the best way to use your app as a Mac user (who uses other browsers besides safari like vivaldi)

    Thx
    Dragon

  • @dragon1

    Welcome to the community!

    You could install 1Password X. The latest build I show available from our update server is 1.22.3 (build #20130) – released 2020-11-12. I actually use 1Password X and 1Password 7. I use the Mac app for my heavy lifting needs and editing, and I use 1Password X for my filling needs. We previously had what we called Desktop App Integration that allowed 1Password X to work alongside 1Password 7 and use Touch ID for unlocking. That feature has been temporarily removed while we work to bring it up to date with new code.

  • dragon1
    dragon1
    Community Member

    Thx for your feedback.

    Kind of confusing... So the new version does not have the Touch ID function for unlocking?

    Why should I use the new version? Always entering the whole Master Password... I was really happy to have Touch ID feature.

    So it's better to use 1Password for Mac with the old 1Password extension for Chrome, Firefox, etc.
    And with Safari there is the "new" browser extension.

    And then there does exist 1Password X, what does work with browsers but not with Safari?

    It's very complicated.... :(

  • Yes, 1Password X does not support Touch ID at this time. We are all as anxious to see it return as you are. I can speak from a personal perspective. :wink:

    If Touch ID is your desired approach, the companion app extension would be the best until the feature returns to 1Password X. We had hoped to have the feature return late last year. The Safari Extension, along with the Companion App Extension for Chrome (and its variants), Firefox, etc., will work with Touch ID. It can become a bit confusing at first. I have confidence you will be up and going in no time. :chuffed: I might recommend working with one browser to familiarize yourself with 1Password and then working with additional ones.

This discussion has been closed.