Security concern: why is 1Password connecting to the internet?

cmroanirgo
cmroanirgo
Community Member

Hi,

I recently noticed the following in my system logs (scroll right to see rest of message info):

Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.134.8:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.192.132.159:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.237:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.134.129:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.161:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.192.132.161:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.123:443@0 failed: Connection refused Jun 30 07:20:31 airy.local 2BUA8C4S2C.com.agilebits.onepassword4-helper[388]: tcp_connection_destination_prepare_complete 27 connectx to 54.230.133.182:443@0 failed: Connection refused

This is not surprising because I use TCPBlock (an outbound firewall) to ensure that only the traffic that I want to leave my machine actually does.

What is surprising, is that all settings in 1Password that might warrant a network connection was already off:
Watchtower = Off
Updates = Off
Sync = Folder Sync

What I have installed is:
1Password Mini & browser extensions
Use rich icons = On

To save everyone the time, all of the IPs are for cloudfront.net, so it's pretty clear that the "Use rich icons" wouldn't be the reason for this.

Question:
Why is 1Password connecting to the internet? What is it for, what is the payload, etc, etc?

It is things like this that makes one very very very suspicious.
(I have since increased my vigilance as to anything 1Password is trying to do across a network connection)


1Password Version: 4.4.3
Extension Version: Not Provided
OS Version: OSX 10.10.3
Sync Type: Folder

Comments

This discussion has been closed.