This should be titled, “The old version of the 1Password vault leaked a very small, specific part of your data (the login URLs); the new version, which has been out for awhile, doesn’t,” but that’s a bit long and significantly less catchy. (That said, if you haven’t upgraded to OPVault, now’s the time.)
Oy. Yes, despite OPVault coming out back in 2012, it turns out that while the Android version technically speaks OPVault, it only does so over WiFi sync. And I just converted, so I’ll need to unwind that. How annoying.
But it gets worse. I decided to have a look and see just how bad things were. Thanks to people having links for easy access to their keychain on their websites, Google has indexed some of these. A simple search brings up results.
If I wanted easy access, I would save it to my bookmarks, or just go to dropbox.com manually. Also, I imagine one doesn’t need to share it publicly, but can require a dropbox login to get to 1pass.html. In general, it seems to me that if you put your 1pass archive in a public Dropbox folder (or any other publicly accessible URL for that matter), and then link to it from the internet, such “leaks” are kind of on you.
This should be titled, “The old version of the 1Password vault leaked a very small, specific part of your data (the login URLs); the new version, which has been out for awhile, doesn’t,” but that’s a bit long and significantly less catchy. (That said, if you haven’t upgraded to OPVault, now’s the time.)
Don’t blindly change to OPVault if you use their Android app, or you’re in for an unpleasant surprise.
Oy. Yes, despite OPVault coming out back in 2012, it turns out that while the Android version technically speaks OPVault, it only does so over WiFi sync. And I just converted, so I’ll need to unwind that. How annoying.
“Its only metadata. Ypu can’t do anything with metadata” — Representative for the NSA
This part doesn’t make sense to me:
If I wanted easy access, I would save it to my bookmarks, or just go to dropbox.com manually. Also, I imagine one doesn’t need to share it publicly, but can require a dropbox login to get to 1pass.html. In general, it seems to me that if you put your 1pass archive in a public Dropbox folder (or any other publicly accessible URL for that matter), and then link to it from the internet, such “leaks” are kind of on you.
Also, I’m not seeing any results here:
And exactly one (now dead) url here:
So this isn’t exactly a massive leak affecting all customers.