1P connections to mystery servers [b5dev.com belongs to 1Password and it is okay to allow]

jimturney
jimturney
Community Member
edited May 2020 in Lounge

1P is now trying to connect to servers in the domain b5dev.com that has its registrant, admin and tech contact's names and details "REDACTED FOR PRIVACY" in WhoIs. The https://b5dev.com website oddly mirrors a version of the 1password.com homepage so doesn't give a clue of the purpose of this domain.
While I guess but don't know if b5dev.com is a creature of Agilebits rather than something to be worried about, why should I have to bother with checking and wondering? Monitoring connections, especially made by apps like 1P, is an important part of security and Agilebits should be striving to make that easy to monitor by limiting domains connected. Recently, 1P also started connecting to appcenter.ms but that was easy to confirm as safe, altho I would have made that connection to a server in the Agilebits constellation of domains which itself should be minimized. Like numbers, server names within a domain are unlimited so proliferation of domains isn't necessary.


1Password Version: 7.5
Extension Version: 4.7.5.90
OS Version: macOS 10.15.4
Sync Type: Not Provided

Comments

  • Hi @jimturney,

    Thanks for taking the time to write in about this. It likely isn't actually 1Password that connects to b5dev.com, but rather a process from the OS itself. This is why we're not in a position to explain the connection. We're not the process making the request. We plan to reach out to Little Snitch and other such utilities to see if there is a way to add an explanation for such connections, but at the moment there isn't a mechanism for us to do that.

    Additional details can be found in this thread:

    Latest installer/update wants to connect to "b5dev" ? [Normal; safe] — 1Password Forum

    Ben

  • jimturney
    jimturney
    Community Member

    Thanks for your quick reply, Ben, but after reading the link you provided, my points still stand.
    In addition to nsurlsessiond OS process trying to connect to b5dev.com, all browsers with 1P extensions are trying to make the connection, so this is generated by 1P code.
    I insist that proliferation of domains is not just unnecessary but a security hazard in the sense that it accustoms users to unknown domain connections and it tires users from reasonable concern and efforts to check such connections. Insult is added to hazard by Agilebits hiding registration of the domain. At least registrant info should be clear in WhoIs for those chasing down reasonable security concerns.
    Agilebits and 1P would flunk security audit if I was conducting it, just on this one pointless connection to another domain that isn't possible to confirm thru normal queries.
    Use your own well-known domains exclusively! DNS isn't so hard.

  • Thanks for the feedback @jimturney. :)

    Ben

This discussion has been closed.