Hacker News new | past | comments | ask | show | jobs | submit login

One of the 1Password ones (https://team-sik.org/sik-2016-040/) about leaking URLs is marked as fixed, however, that's a little misleading. It's fixed if you use their newer vault format, which has limitations, and is not selected by default when you create a new vault. I wrote this about it a while back: https://myers.io/2015/10/22/1password-leaks-your-data/



> and is not selected by default when you create a new vault.

I just tried creating a new vault and it created a .opvault. It became the default with version 6.1, released in Nov 2015 https://app-updates.agilebits.com/product_history/OPI4#v6100...


> It became the default with version 6.1

yea, but still the problem is that all users who created a vault before Nov 2015 never got any message neither is their database upgraded automatically. They will unknowingly keep using the old database format.

Seems alarming for a company who's business is security/privacy.


> and is not selected by default when you create a new vault.

I was clearly only responding to this part, which is still useful information. Nowhere I said there is no issue, there is no need to always nitpick on everything. I'll go back to not commenting on anything for another year.


i probably worded it poorly, in my defence, English is not my native language :)

I agreed with your post and was just supplying additional info.


You didn't, guy just seems incredibly sensitive.


That's the case for the OS X version, but not for the Windows version.


The windows version is so outdated it really pisses me off. Especially since you have to use it with Wine if you want 1password on Linux.

The android, iphone, and osx apps are so clean and awesome, and then everyone else just gets crap that's 2 versions behind.


They have a much newer Windows version available in beta FYI, you might want to give it a shot.

AFAICT they burned time going down a rathole with a UWP app that they have now abandoned, accounting for the delay/lag on the Windows side.


How to change to the more secure vault version:

https://support.1password.com/switch-to-opvault/




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: