On 2015-08-28 13:55, Graham & Heather Harrison passed on what 1Password
support wrote:
As with most proxy/firewall software that customers add to their computers to
increase security, we can tell them to add an exception to the whitelist for
localhost (127.0.0.1), but in the case of Tor, I just don't know enough about the
internals of how it goes about blocking things it deems potentially harmful to know
whether adding an exception for 127.0.0.1 would be considered voiding the protection
offered by Tor. The Tor proxy itself is contained on 127.0.0.1, port 9051, so
bypassing for localhost might inadvertently induce a whole host of other,
non-1Password applications/utilities/helper programs to pass information outside of
the Tor channels, potentially exposing your real IP address. I just don't know. In my
own testing just now, i can confirm that adding 127.0.0.1 to Tor's Preferences =>
Advanced => Network Settings does indeed allow the 1Password extension to
work...but at what cost to the anonymity afforded by Tor, I have no idea.
This here is why I love 1Password, they're actively understanding their
customer's desire for the security of Tor over their own needs. It would
be trivial for them to simply add 127.0.0.1 (either in the extension, or
by documentation) without caring about the implications or impact on the
user.
As an alternative, while it's clunky and annoying to use, you could
consider using 1Password's "Autotype", which allows the 1Password client
to "type" username and password data into the browser (or other
application) without using the clipboard or any extension.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
