Sandboxed application can't communicate with browser extension

Hi @Savanni , it's been more than a month since we talked about this. Should we be hopeful that this feature will make it into a release? :)

Hi @ASMad, my pleasure. Thanks for the considerate reply, as well. Your points here are well-taken.

About export and import: this is definitely something we're working on improving, so it's likely that the current export / import functionality that exists in 1Password 8 will be expanded going forward. We not only want to make this more flexible, so that folks can more easily move their data where it needs to go, but we think we can do this more securely than the standard .CSV import/export process too. I can't say too much more about this, but we're looking forward to showing what's possible with the new app.

Thanks again, and best regards from our team!

Wow squared. Thank you for the time you put into that - definitely above and beyond.

Before I move to email, as you suggest, brief notes:

Yes, I'm clear about your security model. The centralization is the risk. You're a better (and known) target in 2022 compared to what you were in 2013 when I bought my first 1password license. Also, the value of even a few vaults > $100K bug bounty.

Yes, I'm familiar with monetization strategies, selection criteria, their implications, etc. I think it's important to at least have a buy-the-thing outright option and/or standardized formats for full export and import across competitive products.

Hi @ASMad, thank you for raising these concerns with us. There's a lot to address here; I'll do my best.

I have this issue on Linux - Ubuntu 21.10. Here's the issue: when you need to add another account to the Linux desktop app (at least when you can't get into the first account and hence you had to create the second) you can't.

This sounds distinct from what other folks in this thread have reported, which has more to do directly with sandboxing features present in Linux. Let me know if I'm misunderstanding, though. And whatever the cause of your issue, our team will be happy to help you resolve it. You can reach us at support+linux@1Password.com for in-depth troubleshooting. 👍

And now, my rant because I used to love you(1password) and talk you up to everyone and now you anger me greatly

First, thank you for the long-time support - it means a lot to us! And I'm sorry to learn that you're feeling this way about our approach currently. I hope to address your concerns here.

I found I can't have 1Password without putting all my passwords in the cloud. It scares me shitless to have the passwords that control my life in the cloud.

I get that. I'm not sure how much you're familiar with our security design regarding this, so forgive me in advance if I'm sharing things you already know. Otherwise, I hope this is helpful. 👇

It's worth asking, "what exactly is securing your data, when it's in the cloud?"

In our case, our security experts looked over the options and went with an encryption-based approach. This means that your data (which is present on your local devices, as well as in our servers) is chiefly protected by encryption, not authentication.

In short, if someone doesn't have both your account password AND your Secret Key, they can't decrypt your data. Since you're an engineer (cool!), I'll provide both the short summary of our security model:

https://support.1password.com/1password-security/

as well as our more in-depth technical whitepaper here:

https://1passwordstatic.com/files/security/1password-white-paper.pdf

A TL;DR of our model is: "We don't want the security and privacy implications of us being able to decrypt your data. So we have provided no means for ourselves to do so. This also makes things way way harder for an attacker."

This is even the case in situations where an end user might understandably think that they're somehow decrypting their data on our servers. For example, if you sign into 1Password.com, you can look over your items, and there are your passwords, plainly displayed on the screen. This seems like you're looking at a decrypted version of your data on our servers. Can't we see it if you can see it? Not so! All the decryption happens client-side, in the browser session. We never see your decrypted data, ever. Again, this is by design.

It's worth pointing out a couple extra additional security-salient things as well:

1. 1Password has never been hacked
2. Even if we are hacked, we have designed the app not to share the critical security ingredients - your account password and Secret Key - that are necessary to decrypt your data.
3. We threat model different type of attack scenarios, and design our infrastructure, the app itself, and our internal practices so that if (or when) a breach occurs, it won't impact the security and integrity of your data, and that issues of availability will be limited as well - because your data is cached locally on your devices, and the decryption process occurs only there.

Also, regarding audits and other forms of security testing, besides our own internal reviews we are also regularly pen-tested by external security firms. We also just announced the largest bug bounty in Bugcrowd's history here.

Of course, there's no such thing as completely impenetrable security, but we do our best to raise the standard as high as we possibly can, such that the balance of probabilities that a compromise of user data will happen is very very small.

I have 0 issue with paying for a software that made my life so easy. I have a real problem with the subscription-ization of modern life and the implications for IP and the model of corporate servitude it depends on.

I can't really speak to the broader critique here. But I can say that we'd love to make things easy for you again, and that our focus remains on building the most secure and performant app we can, and providing world-class support for you as well. That's part of what recurring revenue from a subscription makes possible. You can probably think of other security-oriented apps that use a similar model, and in any case we intend to keep ourselves in line with customer priorities, first and always. We also find it to be far preferable to other models (like selling customer data) which are incompatible with our ethos.

I went to make a new account. I can't log into it in the 1password app on Ubuntu because it still has the old account and no way to add a new one.

We should likely be able to help you with this - you can find our Linux team (including myself) at support+linux@1Password.com. We'll do our best to expedite a solution for you!

I figured if I could get the app and the browser, where I'm logged in, to talk to each other the app could pick up the new account.

Ah, now I understand. Your most likely path to success here, if you're sure you can't remember the password for that old account, is to get a successful sign-in on the desktop app with the new account. After which, the browser extension (sandboxing issue notwithstanding) will acknowledge that account and things will work across the board.

Could I please get confirmation that when I delete the original subscription account I made that the billing will also be turned off for it?

My understanding is that this is correct, but I'd also be happy to connect you with our Billing team to ensure everything is taken care of. We never want to bill you for an account or service you're not using!

This one went a bit lengthy, but I thought the concerns you raise here are valid, in addition to the technical snarl, which we'd love to straighten out for you. I hope this conversation goes some way to showing that you're still our priority.

Right now I have this issue on Linux - Ubuntu 21.10. Here's the issue: when you need to add another account to the Linux desktop app (at least when you can't get into the first account and hence you had to create the second) you can't.

And now, my rant because I used to love you(1password) and talk you up to everyone and now you anger me greatly: I've been a 1Password user since Aug 2013 - when we could pay flat fees. When I got a new computer(frame.work - all the love) I found I can't have 1Password without putting all my passwords in the cloud. It scares me shitless to have the passwords that control my life in the cloud. (Yes my local is on the cloud. It's about layers. Someone is going to hack you one day whereas my computer is a no-one you'd have to target specifically.) I'm an engineer and I know too much. I can't even export my existing file and import it on the new computer because you made the app not work without logging into the subscription billing account. So I started the slow, painful process of moving to a browser-based password manager. It's also in the cloud and stores 3 text fields with 0 features, but it doesn't operate on a subscription model and I know their risk audit program is solid and 1password made me dependent on having a password manager. 6 months later I still have to keep going back to the old computer to get passwords. Yet I'm still being charged for 1password every month! I have 0 issue with paying for a software that made my life so easy. I have a real problem with the subscription-ization of modern life and the implications for IP and the model of corporate servitude it depends on. In any case, I went to login to the account that's charging me but apparently you can't reset the password and I (in best practice) made the account password different from my vault and now can't remember what super secret thing my brain came up with for it. So I went to make a new account. I can't log into it in the 1password app on Ubuntu because it still has the old account and no way to add a new one. I figured if I could get the app and the browser, where I'm logged in, to talk to each other the app could pick up the new account. But I ran into this issue. And writing this out I realize that making a new account to be able to cut off the credit card charge on a previous account makes 0 sense. But I'm still so mad that a great software company moved to a subscription model that I started going down this rabbit hole.

Could I please get confirmation that when I delete the original subscription account I made that the billing will also be turned off for it? I had a client not update the CC information in an AWS account after I handed the project over to them once and I don't want to go through that again.

Hi @illutron, no ETA to share on this yet. But we'll be happy to notify of future updates in our release notes, which are here:

https://releases.1password.com/

and news about forthcoming updates will be pinned at the top of the relevant forum channel here as well!

Is there an ETA?

Yay - this would be a welcome functionality change.

Fortunately, we don't need that keychain any more, but may need it again for future features.

When we originally put up browser integration, though, that keychain was how we ensured that the data was encrypted when crossing the socket and that other applications wouldn't be able to connect to the socket to evesdrop on the connection. The new secrets management that you linked to looks very interesting, though.

Anyway, we can set that aside. Now it's just a matter of me modifying 1Password to know how to find the helper when inside of a flatpak. After that, I have to add a few parameters to the flatpak entrypoint so that we can launch multiple different executables that are stored within the Flatpak.

Short answer: I largely know what I need to do. I just have to find the time to do it.

I see. Communicating with a root-owned keyring sounds like a violation for flatpak but I'm not really an expert on this. There is a portal to keep secrets inside the user's keychain but I'm not sure that's secure enough for you. I'm also not sure whether the sandbox allows you to communicate with a keyring inside the kernel.

https://opensource.com/article/19/11/secrets-management-flatpak-applications