Can AgileBits see what I put into 1Password?

d37

Just wondering if the company can see what I put into 1Password. I'm trying to feel better about using the application to put my most sensitive passwords in it. Does AgileBits in any see or store any of my information on there computers, etc...?

d37

[quote name='d37' timestamp='1308173347' post='29267']

Just wondering if the company can see what I put into 1Password. I'm trying to feel better about using the application to put my most sensitive passwords in it. Does AgileBits in any see or store any of my information on there computers, etc...?

[/quote]



My question has been answered. Thanks.

[Deleted User]

[quote name='d37' timestamp='1308173562' post='29268']

My question has been answered. Thanks.

[/quote]



That's good to hear, please do let us know if you have any further questions at all <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

[Deleted User]

Hello d37 and welcome to the Forums!



I'm glad your question was answered, but for others who come across this thread, the answer is "NO!" <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



The 1Password data file is located on your device, and is not stored on an AgileBits' remote server. Even when using Dropbox syncing, the data file is encrypted on your device [b][i]before[/i][/b] it is synced to the cloud. So, you are safe there too.



Furthermore, AgileBits does not know your Master Password either, so if you forget it, the company does not have a way to help you. [url="http://help.agilebits.com/1Password3/forgot_password.html"]What do I do if I forgot my master password?[/url]



I hope this helps you feel better about your data security. Please let us know if you have any other questions or concerns!



Cheers!



Brandt

khad

Not to beat this into the ground too much, but I just want to make sure that this is properly addressed for future forum members and others coming across the thread via Google. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



While our [url="http://help.agile.ws/1Password/agile_keychain_design.html"]Agile Keychain Design[/url] document doesn't directly address the question of whether or not there is a backdoor in 1Password, it does show that we are as open as possible about our data formats, which are fully available for inspection.



However, that is only part of an answer. There are, in fact, two parts to the question. One is about a backdoor which someone at Agile would maliciously put in the code, the other is about a third party supplying you with a modified version of 1Password. For the latter, we use Apple's codesigning system as well as have our updater verify each download against a digital signature. I can give you more detail about those if you wish, but I suspect that you are more interested to know that we are not the bad guys ourselves.



The simple truth is that you can never be absolutely certain that there is no backdoor. There isn't one, but if we would do something so evil as to put in a backdoor, we certainly would be willing to lie about it. So you can't simply take our word for it. Nonetheless, there are things that I can point to which are strong indicators that there is no backdoor. I know that we at Agile are all good people, but simply stating that does not prove it. Therefore, let me point to reasons that go beyond reliance on our virtue.



It would be incredibly foolish of us from a business perspective to put in a backdoor. The trust that we have from our customers is our livelihood. There are very sophisticated security researchers out there scrutinizing 1Password for security flaws. If they were to discover a backdoor, our reputation and business would come to an end. Consider the effort that has gone into developing 1Password over the years. Our business is about providing a quality product and support. If we were seeking credit card numbers and online banking credentials, we would be conducting our business differently. These are some great reasons to avoid low-cost password managers from fly-by-night companies who don't offer a lot of detail about their formats and methods.



We have never had any government pressure to put in a backdoor. We are a Canadian company, and we have an international staff. If one government were to try to pressure us, we could easily relocate the business to another jurisdiction.



Lots of people within Agile Web Solutions have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it. At the same time, only a few people have the ability to sign the code that gets distributed, so all changes do get reviewed.



We can't be as fully open as an open source project, but within the constraints of our business we try to be as open as possible. With our Chrome extension, where more code is written in JavaScript, that source is available for inspection (although parts of it are obfuscated).



For [url="http://help.agilebits.com/1Password3/network_activity.html"]network operations[/url], you can monitor all network traffic coming from 1Password and its components. You will only find three cases where 1Password opens a network connection.



1. For WiFi syncing (if you use it) 1Password for Mac will pick up host information over Bonjour and then open up a connection on the local network to 1Password on an iPhone, iPad, or iPod Touch but only when you have set things up for Wi-Fi syncing.



2. Our updater will check for new updates, fetch them, and verify their signature. You can disable this if you wish (Preferences > Updates > Automatically check for updates).



3. Thumbnail previews are retrieved when you create a new Login. 1Password will attempt to create a preview of that page (with no form filling). This can also be disabled (Preferences > Logins > Login Previews).



All of the encryption and security protocols we use are from well known and well reviewed libraries. This means that it would be harder for us to conceal a backdoor as we just aren't in a position to make subtle changes to the actual encryption algorithms and protocols. Our practice of not "rolling our own" encryption implementation is also an overall security advantage.



I hope that this goes some way to reassuring you. As I said, we know we are honest, and we want you to know that too. Caution and skepticism are healthy habits, though, especially when it comes to security.



Please let me know if you would like any clarification of any of these points or if there is anything else I can help with. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

karlF

Thanks for this information. The backdoor is indeed a concern to some of my clients.



I have one additional question, we noticed that the update check uses an encrypted protocol. If there was a bock door this is how it would call home.



We would feel a lot better if it used straight http protocol since there is no confidential information in checking the latest version.



Could you tell us why you need the upgrade call to be encrypted ?



Best,

Karl

khad

Welcome to the forums, Karl! It is great that you are thinking about these things. The connection is encrypted to prevent a man-in-the-middle attack during an update, but I have pinged our resident Defender Against the Dark Arts who who may be able to shed some more light on the specifics.



I think he is still out of town for the holiday with his family, but I know he will reply as soon as possible.



Cheers,

jpgoldberg

Hi Karl!



Khad is exactly correct. Over the past two years we've migrated all aspects of updates to use HTTPS. This is to make sure that software copy you get is really and truly from us. Upgrade processes can be hijacked by evil entities on the network if we don't make sure that we have the site authentication that is provided by using SSL.



If you remain concerned that 1Password is phoning home during these upgrades, you can simply fetch the upgrade from our servers, instead of using the built-in upgrade mechanism. Also if a backdoor were built into the upgrade mechanism, it would have been detecting by someone with the tools to look for it. That is, a security researcher could inspect the data before it is encrypted (or could get the SSL session key from their system) and inspect the traffic. If we had such a back door, it would only take one security researcher publishing a demonstration to put an end to it (and us). So even if that checking is beyond the ordinary user, the free flow of information on the Internet is what protects the ordinary user from such a trick.





The simple truth is that you can never be absolutely certain that there is no backdoor. There isn't one, but if we would do something so evil as to put in a backdoor, we certainly would be willing to lie about it. So you can't simply take our word for it. Nonetheless, there are things that I can point to which are strong indicators that there is no backdoor. I know that we at Agilebits are all good people, but simply stating that does not prove it. Therefore, let me point to reasons that go beyond reliance on our virtue.



It would be incredibly foolish of us from a business perspective to put in a backdoor. The trust that we have from our customers is our livelihood. There are very sophisticated security researchers out there scrutinizing 1Password for security flaws. If they were to discover a backdoor, our reputation and business would come to an end. Consider the effort that has gone into developing 1Password over the years. Our business is about providing a quality product and support. If we were seeking credit card numbers and online banking credentials, we would be conducting our business differently. These are some great reasons to avoid low-cost password managers from fly-by-night companies who don't offer a lot of detail about their formats and methods.



We have never had any government pressure to put in a backdoor. We are a Canadian company, and we have an international staff. If one government were to try to pressure us, we could easily relocate the business to another jurisdiction.

Lots of people within AgileBits have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it. At the same time, only a few people have the ability to sign the code that gets distributed, so all changes do get reviewed.



We can't be as fully open as an open source project, but within the constraints of our business we try to be as open as possible.



I hope that that helps.



Cheers,



-j

karlF

Thanks Khad and Jeffrey, your answers make sense. Much appreciated.

khad

Thanks for letting us know, Karl! We're happy to help and love discussing these things. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

LosInvalidos

Update process sounds reasonable. But I wouldn't put my keychain (I know it's encrypted) on dropbox with servers on US soil.