1Password for Safari - Permissions
Hi, took the plunge last night with beta 8 on my Mac so opted for 1Password for Safari 2.1.0. My question relates to the significant security warnings that Apple are throwing my way, especially about reading webpages, altering webpages I visit and having access to all my history. I know I trust the vaults with a lot of personal data but cannot help but wonder if this is a step too far.
I have no other experience of Safari extensions, 1Password is the only one I use. Can all other browser extensions read all browser data in the same way or is this unique to 1Password? Does 1Password for Safari have any additional access to the extension that was bundled with v7?
I am sure you will assure me that 1Password for Safari is safe and secure but I'd be grateful if you could point me towards information where I can read about this further.
Thank you for your help.
_Incidentally and completely unrelated I did try search the community for similar posts but the search engine just would not return any results even when searching for key words like Safari which I could see in the titles of some of the posts :( _
1Password Version: 8.2.2
Extension Version: 2.1.0
OS Version: macOS 10.15.7
Comments
-
Hey @iwaddo ,
Great questions!The permissions description that are given by the browser(s) is very general and vague, and I can definitely understand why you find it threatening.
Although our permissions article is a tad outdated (it lists the permissions for the 1Password 7 extension in Safari), it is still relevant here: https://support.1password.com/browser-permissions/You'll want to look at Firefox/Chrome/Edge/Brave's permissions there as they are more relevant to the new extension's permissions in Safari.
The gist of it is that 1Password needs permission to do very specific tasks, but there are no specific descriptions for such permissions, only several major and general permissions descriptions that the browsers provide. So if 1Password needs to be able to autofill on a page, it will need to be able to read the page's content, locate the relevant fields, then inject your data into the fields. Simple, right?
Well, from a permissions perspective, that translates to "1Password needs to be able to read the data on all webpages you visit and modify data" - sounds much scarier than it actually is.
To answer some of your other questions:
- Some other extensions require the same permissions, other require other permissions. Depending on the extension's purpose and what it does. For example, an extension that keeps the browser from being idle will not need access to web pages content so there's no need for the permission to read/write all websites data. But an extension that blocks ads will indeed require that permission.
- 1Password for Safari does require more permissions than the 1Password 7 extension because it is an independent extension that can function without the desktop app, and therefor requires it own permissions. The 1Password 7 extension is bundled up in the desktop app, to which you already granted permissions on your computer.
At the end of the day, it is great that you remain vigilant and are not blindingly approving stuff and granting permissions without asking questions. You just need to make sure that you know and trust the vendor of the software you are granting permissions to, and that you have installed the official software from that vendor and not some dubious knockoff/fake version that might be malicious.
0 -
Hi there -- I was coming to ask about this too (though will note it applies for iOS, iPadOS, and macOS all the same-- I'm concerned about both). The description above and linked reference article on permissions makes sense... can you verify officially that website content and browsing history are not saved locally or uploaded to 1passwords servers at any point though? I presume website content and browsing history are parsed live, and not saved / cached / uploaded anywhere? Can we confirm? Thanks!
0 -
B
That's right! 1Password does not save anything related to your browsing history, and nothing is uploaded back to our servers, except changes that you make to your vault items while browsing. :smile:
0
