Latest installer/update wants to connect to "b5dev" ? [Normal; safe]

ayembee
ayembee
Community Member
edited May 2020 in Mac

1Password Update: b5dev.com belongs to us and it is safe to allow macOS's swcd process to connect to this domain.


.

After asking permission (LittleSnitch) for access to 1password.com, the installer for the latest update also asks for permission to "b5dev.com". Is this safe/legit? Seems a little peculiar, so I've denied it for now, seemingly with no ill-effect. Thanks.

Specifically: version 7.5 (70500003)

Comments

  • Lars
    Lars
    1Password Alumni

    @ayembee - that's one of ours; you can whitelist it. I can't say why it's being flagged in Little Snitch in this version of 1Password for Mac, but the process being flagged is likely swcd -- the Shared Web Credentials Daemon. That means, it's on a list of associated domains app links, and theoretically shouldn't be getting flagged -- but we can't control how macOS processes that list, or what LS chooses to flag/show you. It's one of the reasons I'm not the biggest fan of software like this that flags everything -- and sometimes doesn't label it the way the developers have, resulting in confusion and even app malfunctions due to denied access to necessary resources under the guise of security.

  • gross
    gross
    Community Member

    Same question. What is b5dev.com? It has a 1Password site on it, but WHOIS privacy is enabled so...

  • Ben
    Ben
    edited May 2020

    @gross

    b5dev.com is where we develop and test updates for 1Password.com. 1Password 7.5 has a new item sharing feature. In order to facilitate that, macOS and iOS query the supported sites for the app-association file. b5dev.com being where we develop and test this feature, is one of those supported sites.

    This download is attempted by the OS once per update, so if you allow/deny once (instead of always) you may see this prompt again the next time 1Password updates. Unfortunately, because iOS and macOS do this download (swcd specifically) we can't put an entry in our "Little Snitch explanation file" as to what this is / what it is for. There is no harm in either allowing or denying the connection. Unless you're a 1Password developer, you won't be needing to connect to it.

    Ben

  • jimpm
    jimpm
    Community Member

    @Ben Thanks for the info. I too was wondering why Little Snitch popped up with this. I've blocked it for b5dev.com (I'm not a 1PW developer, so if I understand you correctly, it doesn't seem necessary here). Why is SWCD also wanting to connect for 1Password.com though?. I see that SWC is Apple's Shared Web Credentials, which I would assume form the 1PW Release Notes might have to do with Sharing items for 1PW Accounts; I have a stand-alone 1Password license because I don't want this kind of thing happening.
    @Lars doesn't seem to understand that connecting to b5dev.com looks extremely suspicious; that's why I like having Little Snitch, to keep apps in line!!!!!! and not just assume that every connection is a-ok!!

  • Ben
    Ben
    edited May 2020

    @jimpm

    I'm sorry for the alarm.

    Whether you are using 1Password standalone or with a membership the OS (swcd) is going to connect to each domain we specify as being supported for the purpose of downloading the above mentioned app association file (to make sure we are actually associated with the domain the software says we are). The fact that you don't have the proper licensing to use this feature doesn't weigh into the OS's determination that it needs to validate the domains referenced in the software. If you'd like, you can view the file swcd is downloading, here:

    http://1password.com/.well-known/apple-app-site-association
    http://b5dev.com/.well-known/apple-app-site-association

    If you don't work at 1Password, you can block b5dev.com. If you aren't using a 1Password membership, I don't see why you couldn't also block swcd from connecting to 1Password.com, though that may interfere with other features in the future that you may want to use. If you allow those connections, all it is doing is downloading the above referenced file.

    We'd very much like to be able to explain why this happens, when the connection attempt happens. Because swcd isn't us, Little Snitch doesn't offer us a mechanism for explaining the connection. It only gives us that opportunity for connections the 1Password software makes directly. It sounds like our security team intends to reach out to Little Snitch to see if there is any way around this limitation.

    More details about this can be found on Apple's developer docs:

    Supporting Associated Domains in Your App | Apple Developer Documentation

    Ben

    P.S. I realized I had a typo in my last post. I had svcd instead of swcd. I've now corrected that.

  • jimpm
    jimpm
    Community Member

    @Ben, Thanks again. I appreciate your reply.

    I don't have a problem with 1Password connecting to 1password.com or agilebits.com... My surprise is that it the swcd process (not 1pw) was asking to connect, something I hadn't seen before. (There's too many app developers that add spy or tracking to the apps, something I am not very fond of... I'm not saying that's the case here, it's just that swcd was unknown to me).

    I believe LittleSnitch has some Apple Processes whitelisted by default (such as iCloud and macOS services)... Perhaps they need to consider swcd, if that's something that Apple has recently introduced (I don't recall seeing it before).

    Thanks.

  • I believe LittleSnitch has some Apple Processes whitelisted by default (such as iCloud and macOS services)... Perhaps they need to consider swcd, if that's something that Apple has recently introduced (I don't recall seeing it before).

    That's certainly a thought. :)

    I don't have a problem with 1Password connecting to 1password.com or agilebits.com... My surprise is that it the swcd process (not 1pw) was asking to connect, something I hadn't seen before. (There's too many app developers that add spy or tracking to the apps, something I am not very fond of... I'm not saying that's the case here, it's just that swcd was unknown to me).

    Totally understand where the concern comes from. Folks are right to check. In this case it is nothing nefarious, but better safe than sorry.

    Ben

  • ayembee
    ayembee
    Community Member
    edited May 2020

    All sounds good; appreciate the confirmation.

    As @jimpm says, there have been far too many well-publicised cases of processes/connections you don't expect turning up in places you don't expect (accuweather et al.) over the last few years, so I tend to opt on the side of caution (no suggestion 1Password would be doing anything sketchy, just that a more obviously-connected domain like "1pdev" wouldn't have made me want to double-check in the way that "b5dev" did... ;)

    (My most recent WTF moment along these lines was discovering that Docker, of all things, embeds usage trackers (wootric & segment.io) that -despite claims to the contrary- it neither disclosed up-front, nor asked for consent. Apparently there may now be some kind of opt-out buried in the settings, but still. Nobody appreciates being surreptitiously tracked. https://github.com/docker/for-mac/issues/2122)

    Anyway, thanks again! Still a big fan of 1Password... 8-)

  • Thanks @ayembee. :)

    Ben

This discussion has been closed.