Thomas Mak

Thomas Mak

Author of HTML5 Games Dev books Joined about 6 years ago

  • 3 stories
  • 8 comments
  • 1 upvote
  • Posted to Re: 1Password Leaks Your Data, in reply to Mike Johnson , Oct 20, 2015

    I checked the contents.js file again. It's only the URL is in plaintext, not even your username. I can imagine, the URL is used as some kind of index table. I think this is a good balance without the security trade-off. Your browser history and bookmarks hold all these information too.

    As the official help states:

    https://help.agilebits.com/1Password3/agile_keychain_design.html

    The more that is encrypted, the less a would-be thief can access, but it is also necessary to leave enough open to allow applications to freely access certain items without needing to decrypt every single entry each time. The Mac OS X keychain nicely balances security and convenience, so the Agile Keychain follows suit.

    And in this post:

    https://help.agilebits.com/1Password3/cloud_storage_security.html

    If your 1Password data are captured, the encrypted information is secured from any attack which professional cryptographers and security experts can imagine. However, some information among your 1Password data is not encrypted. The unencrypted information is includes the web locations (URLs) and the Titles you give to items. The unencrypted information available is similar to the information available from web browser bookmarks. Although we may not be comfortable with that information being compromised it is not a significant security risk for most people.


    As for the Dropbox issue, I think it is very clear that a Dropbox user won't make their files public by default. That's why Dropbox provides a "public" folder. And when you share files from anywhere else, you need to manually choose "Share public link", then it returns the public URL with random string inside, which make it difficult to be guessed or brute force. So only you and the recipients that you send the link to, know the path to that file. With this gatekeeper, I don't think it's a problem even for a non-tech user with some accidentally wrong files operations. Even, in the worse case, the whole 1password keychain folder is in public, then it is like making your browser bookmark/history public, which is not nice, but still secure for all the usernames/passwords.

    By the way, using iCloud is more or less the same because the files are still in the file system, under the user's library folder somewhere.

    Using a securely designed 3rd party file sync is absolutely fine. In my opinions, it is a better approach than AgileBits builds their own cloud sync method because it's not their focus.

    1 point
  • Posted to Re: 1Password Leaks Your Data, in reply to David Barker , Oct 19, 2015

    Though I don't have that expectation, it's fair point that users have expectation that everything is hidden behind the master password.

    But I think this is a potential privacy issue rather than a security issue. And it happens only when your computer (or your Dropbox account) is exposed, which the theft can actually can much much more than the login history, and makes this leak too little to care, comparing to your important files, ssh keys, logged in email session in browser etc.

    1 point
  • Posted to 1Password Leaks Your Data, Oct 19, 2015

    You won't have access to that HTML file, and the related JS code if you haven't logged into your Dropbox account. AgileBits never tells you to make the .agilekeychain public accessible.

    I just tried, you get a 403 access denied.

    p.s. I just find the essay uses a referral link to Dropbox. I really doubt the intension of the post.

    2 points
  • Posted to Show us your Homescreen, Jun 26, 2015

    Screenshot of Makzan's iPhone

    1 point
  • Posted to Flexbox.website, Jun 01, 2015

    A quick start guide for Flexbox layout. I made it for a developer workshop last month.

    0 points
  • Posted to What's your favorite email app on OS X?, Apr 30, 2015

    I use only browser with web client now.

    I used to use apps but they started taking so much storage after a while using them.

    0 points
  • Posted to Ask DN: How do you organize your Dropbox folder?, in reply to Caleb Sylvest , Jan 21, 2015

    Similar here. I used to prepend numbers (0, 1, 2) to pin directories to the top of the list.

    0 points
  • Posted to Ask DN: How do you organize your Dropbox folder?, in reply to Chris Frees , Jan 21, 2015

    I guess it means “done” projects.

    0 points
Load more comments