Blacklisting 1Password X browser extension in Mac OS clipboard app

PiggyPiggy Member

I can't figure out how to blacklist 1Password X from my clipboard application. It allows me to choose OS applications, but 1Password X is a browser plug-in. I previously used 1Password which I didn't have this problem with because it's an actual OS application. I switched to 1Password X browser plug-in because of the known crashing problem when using multiple profiles in Chrome (defect apple-4019). 1Password X browser extension is not usable if I can't blacklist it.


1Password Version: 1Password X
Extension Version: 1.15.6
OS Version: OS X 10.14.6
Sync Type: Cloud
Referrer: forum-search:1password x whitelist

Comments

  • ag_anaag_ana

    Team Member
    edited August 6

    Hi @Piggy!

    A bit unrelated, but since it addresses the reason why you switched to 1Password X in the first place I am going to mention this: Issue 4019 should have been fixed in 7.3.2.BETA-1, in case you wanted to get back to the desktop app. Do you mind giving that a try?

    ref: apple-4019

  • PiggyPiggy Member

    @ag_ana I just installed 7.3.2 (build #70302004). There isn't a reference to 4019, Chrome or profiles in the release notes.

  • brentybrenty

    Team Member

    @Piggy: I'm not following. Did it resolve the issue you were having? We haven't seen any more crash reports. Please confirm.

    Regarding "blacklisting", clipboard management apps are able to exclude apps, not individual extensions. So they could not record content copied from 1Password for Mac or Google Chrome, for example.

  • PiggyPiggy Member

    @ag_ana Still no mention of fixing issue 4019 in the release notes, however the problem has not reoccured.

    @brenty I think you mistyped your last reply. You stated that extensions can't copy content. I think you meant to say that it's not possible to blacklist the copy from an extension. I agree with you on the latter, which is why I switched back to 1Password 7. I cannot use 1Password X if I cannot blacklist the content. This is a major security issue for me.

  • brentybrenty

    Team Member
    edited August 10

    @Piggy: Regarding the crash, we fixed a number of them for some edge cases with some targeted changes in the beta. I'm glad to hear that helped you as well, but I'm sorry about the confusion with the specific issue number.

    Going back to my last reply, I don't believe I mistyped but rather I'm having trouble communicating what I mean. :lol: I'm trying to say that clipboard management apps can blacklist other apps. They don't have the granularity to blacklist specific Javascript running in another app, which is what a browser extension is. You just can't have it both ways: either you tell the app to not record clipboard data from the browser or you don't. Is that a clearer explanation?

    Using the 1Password desktop app/extension instead allows the app to handle this stuff, so then it's possible to exclude the 1Password app from clipboard recording. In the future, the specific problem you're asking about having may go away once 1Password X can fully integrate with the desktop app.

    However, I will say that the deeper issue is that using the clipboard at all is not secure. After all, any software running on your device can access that and record it itself. You can ask nicely for a well-behaved clipboard app to ignore data from some apps, but it doesn't have to listen; and there can be bugs that result in it not working the way you want it to. Of course, something malicious will simply not care no matter what. So while you may feel better excluding some stuff from a clipboard history, literally anything else running can record it if it wants to. So all of that is sort of irrelevant. I'd suggest using the browser extension to fill, not copy and paste, which is the actual security issue. It's not only more secure, it's also more convenient. Cheers! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file