Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
Internet Access Policy outdated?
Hi there,
I use Little Snitch on my Mac to track internet connections made by apps on my machine, and alert me when they start doing something different. This morning I received alerts about two unknown connection attempts by 1Password to the following hosts:
- app-updates.us.svc.1infra.net
- 3.232.154.196
The 1Password app contains an https://www.obdev.at/iap/index.html to document and explain the connections it makes, but neither of the connections above are listed in it.
Given the sensitivity of data stored in 1Password, it's important that any possible data flows outward from within the secure environment of the app be well-understood.
Can someone on the 1Password team explain what these connections are used for, and hopefully ping whatever internal team manages the IAP so it can be brought up-to-date?
Thank you for reaching out! Our 1Password ports and domains article has now been updated to include the app-updates.us.svc.1infra.net subdomain. The subdomain is part of 1Password's normal operation and is used to provide 1Password app updates.
The team is working to update our Internet Access Policy with this information as well.
-Dave
9 Replies
Good catch! Keeping the IAP updated is super important for transparency. Hopefully, the 1Password team can clarify what these connections are for.
- 1P_Dave
Moderator
Thank you for reaching out! Our 1Password ports and domains article has now been updated to include the app-updates.us.svc.1infra.net subdomain. The subdomain is part of 1Password's normal operation and is used to provide 1Password app updates.
The team is working to update our Internet Access Policy with this information as well.
-Dave
- 1P_Dave
Hello Enceladus! 👋
Thank you for reaching out! The domain that you're seeing is part of an ongoing internal migration to new infrastructure for the app-updates service. This change will have no impact on the 1Password app's functionality or security.
The team is working to update both our website, as well as our Internet Access Policy, to document this subdomain going forward. I'm sorry for any confusion or alarm.
-Dave
This has now been nearly 2 weeks since being reported, and this issue persists, yet I find no trace of documentation for "app-updates.us.svc.1infra.net" on your site. The implication with your statement is that this is a change during migration, but it's not clear if this means this is temporary or will be a permanent domain that must be whitelisted at some point in the future. So far, blocking this domain does not seem to have an impact, but it's not easy to determine if everything is working as intended, based on one user's workflows.
Could you please be crystal clear with what domains 1Password must have accessible for the application to function correctly? This really should have been defined in your documentation well ahead of scheduled maintenance. It's honestly a bit concerning that there isn't higher priority on the transparency here.
- 1P_Dave
Thanks for reaching out. You can find the *.1infra.net domain, and all other domains that 1Password requires in order to function, documented on our website: 1Password ports and domains
An issue is filed with our documentation team to specifically add the http://app-updates.us.svc.1infra.net subdomain to that page, but you'll find *.1infra.net (with the asterisk being an indicator that various different subdomains may be used by 1Password) already documented there.
I'm sorry for the delay and thank you for continuing to follow up here. I'm made myself a note to update this thread as soon as the change to our documentation is live.
-Dave
- 1P_Dave
Thank you! And thanks again for reporting the issue.
-Dave
