Domains 1Password connects to

Options
aksers
aksers
Community Member
in Mac

Call me paranoid, but I worry about malware on the computer I have 1Password on. Why does 1Password connect to d36xtkk24g8jdx.cloudfront.net, d5nxst8fruw4z.cloudfront.net, d36xtkk24g8jdx.cloudfront.net, i.agilebits.com and d2focgxak1cn74.cloudfront.net (reported by Little Snitch 3.3)? I noted a list of hostnames 1Password connects to on http://learn2.agilebits.com/1Password4/Security/privacy.html, and I don't see any of these on that website.
Thanks in advance!

Comments

  • Jasper
    Jasper
    Options

    Hi @aksers,

    1Password downloads various content from Amazon CloudFront, such software updates, rich icons, news, and help files. Sometimes an app like LittleSnitch may report one of the CNAME records that points to the same address that we use, since the CloudFront servers are used by many companies.

    From 1Password and Your Privacy:

    There is a peculiarity of how some firewall software, Little Snitch in particular, may report these connections. Little Snitch’s Connection Inspector will display “all names currently known to resolve to one of the IP addresses of the server.”

    Given how the Cloud Front content distribution network operates, the particular cloudfront.net subdomains do not correspond to a unique IP address. Nor is an individual IP address limited to a single cloudfront subdomain. For example, one of the IP addresses associated with d13itkw33a7sus.cloudfront.net is 54.230.49.141. That same IP address may also be associated with some other cloudfront subdomain entirely unconnected to Agile Bits. That IP address may also be associated with something like example.com.

    The upshot of this interaction between Cloud Front domain names, IP address, and Little Snitch’s reporting habits is that Little Snitch erroneously reports 1Password attempting to connect to example.com in that example.

    Because of that peculiarity, LittleSnitch may incorrectly report a domain. Little Snitch is actually trying to be helpful. It is presenting you with all possible "names" for that IP address, hoping that you will recognize one of them. But, of course, that is not how people see that scary list.

    This doesn't mean that the files aren't coming from our CloudFront distribution, it's just a different domain that is associated with the same IP address. There have been many reports on the forums here by users experiencing LittleSnitch reporting 1Password connecting to strange domains, but they're all aliases for our CloudFront distribution.

    Please let us know if you have any other questions. We're always here to help! :)

This discussion has been closed.