Delivery-Date: Sat, 29 Aug 2015 01:18:20 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 25CEB1E0510;
	Sat, 29 Aug 2015 01:18:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 51DD436FDE;
	Sat, 29 Aug 2015 05:18:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id ABD9936362
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 05:18:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id X5EAixf71D3V for <tor-talk@lists.torproject.org>;
 Sat, 29 Aug 2015 05:18:10 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 by eugeni.torproject.org (Postfix) with ESMTP id 895B33543D
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 05:18:04 +0000 (UTC)
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG002341518.MSG 
 for <tor-talk@lists.torproject.org>; Fri, 28 Aug 2015 22:17:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1440825471; x=1441430271; q=dns/txt; h=Message-ID:
 Date:From:User-Agent:MIME-Version:To:Subject:References:
 In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=0JuFUH4dd
 c7x7eiCdQj6mOjwjWZeF3o4EFTVIfD3oZk=; b=Vflbyc7UTV7qU5zNiCHCgUx8G
 wHuF+WrZUqn6L9zYwJ6ro3AsdyqJszEvukhTyG1vPJxcvFTe4B9I+1d6tZREKzrr
 m81CraCto+SBX6yA4aXAanZaeI0z6OEccvyofiqHZTc649G61ALV+79DDwmUk4k3
 /2p0+k8gCEfIkJJy5E=
Received: from [x.x.x.x] ([184.68.44.226])
 by VINCENT.hireahit.com ([23.19.120.58])
 (Cipher TLSv1.2:AES-SHA:256) (MDaemon PRO v15.0.3) 
 with ESMTPSA id 51-md50000023472.msg for <tor-talk@lists.torproject.org>;
 Fri, 28 Aug 2015 22:17:49 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Fri, 28 Aug 2015 22:17:49 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <55E1407C.6000509@hireahit.com>
Date: Fri, 28 Aug 2015 22:17:48 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
 rv:25.4) Gecko/20150524 FossaMail/25.1.5
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <59C7C746-7C63-4E88-9A8F-9E9BB376FCB9@me.com>
In-Reply-To: <59C7C746-7C63-4E88-9A8F-9E9BB376FCB9@me.com>
Subject: Re: [tor-talk] 1PassWord Firefox extension
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-08-28 13:55, Graham & Heather Harrison passed on what 1Password 
support wrote:

> As with most proxy/firewall software that customers add to their computers to increase security, we can tell them to add an exception to the whitelist for localhost (127.0.0.1), but in the case of Tor, I just don't know enough about the internals of how it goes about blocking things it deems potentially harmful to know whether adding an exception for 127.0.0.1 would be considered voiding the protection offered by Tor. The Tor proxy itself is contained on 127.0.0.1, port 9051, so bypassing for localhost might inadvertently induce a whole host of other, non-1Password applications/utilities/helper programs to pass information outside of the Tor channels, potentially exposing your real IP address. I just don't know. In my own testing just now, i can confirm that adding 127.0.0.1 to Tor's Preferences => Advanced => Network Settings does indeed allow the 1Password extension to work...but at what cost to the anonymity afforded by Tor, I have no idea.

This here is why I love 1Password, they're actively understanding their 
customer's desire for the security of Tor over their own needs. It would 
be trivial for them to simply add 127.0.0.1 (either in the extension, or 
by documentation) without caring about the implications or impact on the 
user.

As an alternative, while it's clunky and annoying to use, you could 
consider using 1Password's "Autotype", which allows the 1Password client 
to "type" username and password data into the browser (or other 
application) without using the clipboard or any extension.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

