1password10.sqlite in %appdata%

Whats the purpose of the url's listed in the database?


1Password Version: 7
Extension Version: Not Provided
OS Version: win10
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @filament360: Can you tell me what URLs you're referring to?

  • filament360
    filament360
    Community Member

    In the %appdata%/1password/data/ folder there is a sqlite file and when you open it up there is a load of url's like examples below.
    www.flvs.net,3,5,1518393600
    autocentrum.pl,3,5,1517702400
    www.autocentrum.pl,3,5,1517702400
    theflyonthewall.com,3,5,1514678400

  • @filament360 this is cached version of sites flagged in Watchtower as compromised.

  • filament360
    filament360
    Community Member

    That makes sense, however there are a couple of dubious URL's in the cache I did not list. I don't wish to have them on my PC.
    Watchtower or not I am uncomfortable having them listed.

  • @filament360: Watchtower uses this cache to check your Logins against the list of compromised sites locally rather than sending the URLs for your items off somewhere else, so without this cache the compromised Logins feature of Watchtower won't work on your PC. That said (and @SergeyTheAgile may correct me on this later if I'm misremembering), I believe toggling Check for Compromised Logins off in Settings > Watchtower will clear this cache. Again, though, your Windows app will no longer check for Compromised Logins with this disabled.

  • @filament360 I'm not sure I see the exact reason to be uncomfortable about cached list of bad URLs that 1Password is using to alert you of issues. It's not part of your data, it's like a virus signature in anti-virus software. Having that signature in local database does not mean you have a virus. As of today turning that "Check for Compromised Logins" needs that data to run the checks and turning it off does not clear it from database.

    However, we may not see the whole picture and you might have valid reasons for us to make an improvement. After all this is why we discuss it here - we like to listen to our users. We may consider obfuscating that data (so it will not be shown in some 3rd party scanning software), but obfuscation is not security. We may consider clearing it from database if user turns off that feature (it won't save much disk space, but will remove undesirable data). What are your thoughts on this?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @filament360: Put another way, what you're seeing is not at all specific to you; rather, it's a local copy of the Watchtower database used by all 1Password clients to check logins against locally.

    The very same entries exist for me as well. For example, autocentrum.pl,3,5,1517702400 corresponds to https://watchtower.1password.com/report/autocentrum.pl

    This way 1Password isn't sending your login URLs to our server to check them; it downloads the database and compares it on your machine to your own (encrypted) data in your vault(s).

    Since all of this is publicly available information (these breaches are known, and Watchtower and HIBP are freely accessible on the public internet) and not specific to you in any way, it's not something we encrypt in 1Password. But as Sergey mentioned, if there is some other concern you have we'll be happy to consider it. :)

  • filament360
    filament360
    Community Member

    Thanks for your views, if someone asked if I had dubious URL's on my system I would have denied it.
    Its been explained fully how the system operates and the reason for the database cache.

    Just not comfortable with URL's in plain text that I am not aware exist on my PC such as:
    bestialitysextaboo.com,3,5,1521417600
    www.bestialitysextaboo.com,3,5,1521417600

    Plus some others URL's, what other stuff could you potentially end up with stored in the cache in plain text?

    If it was encrypted and you could show it was part of the 1password software package and I was unable to view it I would feel more comfortable with it. As brenty said the same entries exist for him and I suppose every 1password user across the globe.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited February 2019

    @filament360: That's a really good point. Thank you for making it. We'll see what we can do to improve the situation.

    ref: opw/opw#3464

This discussion has been closed.