Open & Fill mangling URIs - appending query string - garbage or security issue?

volts

Super Contributor

4 years ago

Thank you for the detailed response. The communication makes sense.

I'm concerned that you may be dismissing a privacy & tracking issue.

Because the sent "value" is durable and consistent, it becomes an identifier.

It leaks that I'm using a specific saved item. It is a great way to identify and de-anonymize me specifically.

And the sent "value" stays the same when sharing an item to another user, revealing the relationship between us.

This isn't limited to logins. This information is sent when filling a simple form field or opening a website with no fields at all.

If I use 1Password to visit http://gov.ru those visits can be specifically correlated to me.
If I share my vault with other members of my team of journalists, our relationship can be seen.
This is dangerous!

Forum Discussion

Open & Fill mangling URIs - appending query string - garbage or security issue?

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

YouTube login not working with 1Password

Bug? Browser extension not unlocking or filling in password

"1password quit unexpectedly" at every startup

Ongoing Autofill Issues on Android

Storing PGP Keys