Archive for May 30, 2017

Tuesday, May 30, 2017

iPhone SE Tops Customer Satisfaction Survey

Joe Rossignol:

Despite a shift towards smartphones with larger screens, the iPhone SE has topped all other smartphones in the annual American Customer Satisfaction Index (ACSI).

Apple’s four-inch smartphone received a customer satisfaction score of 87 out of 100 to finish just ahead of Samsung’s 5.7-inch Galaxy S6 edge+ and the 5.5-inch iPhone 7 Plus.

Previously: Switching to an iPhone SE.

Update (2018-04-20): Steven Frank:

I’ve put my iPhone SE back into service due to Reasons, and I now believe this was the pinnacle of iPhone form factors.


You forgot, ‘no round sides, so you can actually hold it’

PSPDFKit for macOS


PSPDFKit is a cross-platform solution for everything related to handling PDFs in your apps and services. The macOS version offers great interoperability with PSPDFKit for iOS, Android, the web, and future PSPDFKit products. By providing just our core, we think we cover many of the use-cases particularly of interest to macOS developers, including manipulating PDF documents and filling out forms programmatically.

This has the potential to help developers work around the bugs and limitations in Apple’s PDF Kit. However, it does not include a replacement for the top-level PDFView class, and that would be a lot of work to reimplement well.

1Password Travel Mode

Rick Fillion (MacRumors):

Travel Mode is a new feature we’re making available to everyone with a 1Password membership. It protects your 1Password data from unwarranted searches when you travel. When you turn on Travel Mode, every vault will be removed from your devices except for the ones marked “safe for travel.” All it takes is a single click to travel with confidence.


Your vaults aren’t just hidden; they’re completely removed from your devices as long as Travel Mode is on. That includes every item and all your encryption keys. There are no traces left for anyone to find. So even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.


Travel Mode is limited to accounts, and there’s no way to directly interact with it within the apps themselves. It’s an example of a feature that’s now possible with a centralized service that can coordinate everything for all of your devices, and provide a place to control settings outside of the apps themselves.

Tom S:

While I can’t speak for the AgileBits team, the major theme behind Travel Mode seems to be the fact that the data isn’t present on your device and that there’s no possible way to get around it. Even if a comparable, modified approach could be managed by splitting up vault files, all of that data could still be accessed indirectly via Dropbox/iCloud. There’s no way around that without third-party access.


Unless you logout of Dropbox on your phone/laptop/other devices, trash the 1Password files in your ~/Dropbox folder on your laptop, and remove your Dropbox info from 1Password, the data is still indirectly accessible. And as such, border agents have a viable—albeit indirect—route to access it.

So it seems like there’s a good reason that this particular feature is only available when syncing via I can see why is the future, as it provides a better experience for most users, requires less support from the developer, and has a subscription business model. Yet it’s sad that the old syncing methods are basically in maintenance mode, when they offered some advantages of their own.

1Password is an essential app for me, so I wouldn’t really mind paying for a subscription except that I’m not that keen to use their cloud service. I like that I don’t have to give them my (encrypted) data or depend on their server for syncing to work. I like having direct access to the sync files. I like that I can deny the 1Password app network access (at least on the Mac). I like that, thanks to 1PasswordAnywhere, my passwords are accessible offline without the need for an app. This was a deciding factor in getting me to start using 1Password back in the day. It still gives peace of mind, even though it’s no longer viewable on Dropbox. Unfortunately, it doesn’t sound like there are any plans to support it with

Also unfortunately, the file format that 1Password uses with Dropbox is slower and less secure. It’s not the focus of development, so it’s unlikely to get any new features, even where they would technically be possible.

I much prefer the way 1Password has evolved compared with what happened with TextExpander. The latest versions of the apps still work with the old syncing methods, and they’re even still selling standalone licenses. But though those of us who prefer the old design have not been abandoned, it still feels like we’re being left behind.

Update (2017-06-01): Bruce Schneier:

Everything you do along these lines is problematic, because 1) you don’t want to ever lie to a customs official, and 2) any steps you take to make your data inaccessible is in itself suspicious. Your best defense is not to have anything incriminating on your computer or in the various social media accounts you use.

@dkhamsing pointed me to pass, which can synchronize via Git and has an open source iOS app.

Update (2017-07-10): Kenn White:

1Password’s decision to sunset local credential storage for a 3rd-party cloud model alienates its most vocal allies — security professionals

It increasingly sounds to me like us standalone users have been abandoned. They’re just waiting until something breaks before they tell us.

Update (2017-07-12): Lorenzo Franceschi-Bicchierai (via Jason Snell, AppleInsider, MacRumors, Hacker News):

Last weekend, though, several security researchers tweeted that 1Password was moving away from allowing people to pay for a one-time license and have local password vaults, in favor of its cloud-based alternative that requires a monthly subscription.


I know it’s not the answer you want, but we will never publicly commit to Dropbox, iCloud, or local vaults for the future. Even if we bring local vaults forward in a hypothetical new version of 1Password which does not yet exist, that’s not to say that the subsequent version will continue that, especially if the costs we put into building that into a new app far outweigh the return we get on that work in license sales.

Doug Lhotka:

The design of the new cloud based system appears robust, and they’ve had audits done on the code and service. Good so far. […] But that statement is based an overly simplistic user base and threat model. The truth is far more nuanced, and for substantial minority of users it’s not a good option. These include folks who are prohibited by corporate policy from using non-contracted third-party cloud services (extremely widespread), and individuals willing to put up with the minor hassle of local syncing to reduce their risk. Having all the vaults in a single place makes it a tempting target for an attack, breach and disclosure. Unfortunately, Agilebits asserts in forum posts that compromised vaults are “useless” to an attacker. That’s grossly oversimplified, and I quickly came up with three ways they aren’t useless[…]


I give many briefings on future ‘plans’ and have the legal boilerplate about commitments and forward looking statements memorized. ‘No plans to remove’ does not equal ‘plan to keep’. We understand that things change, but there’s a very important intent and nuance in the language you’re using. One breeds confidence, the other raises concerns.

Clearly the development effort will focus on the subscription client, not the standalone, and a browser, iOS or OSX update will break it at some point (much as High Sierra has). How long will you continue to support the standalone client for those changes? We don’t know.

Update (2017-07-13): Juanjo López:

Unbelievable comment by a @1Password employee. People are not really concerned about local vaults, [they] just want to be “security gurus.”

Update (2017-07-15): Kenn White (Hacker News):

Nowhere in that process did I remember being specifically prompted to sync or backup my dummy accounts in the 1Password app to the 1Password cloud. It just happens. Automatically. When you respond to that initial “New to 1Password? Get started with your free trial of subscription” splash screen by clicking on the “Start My Trial” button, what you you are really saying is: auto-sync & backup everything by default into the 1Password cloud. In this theater, it’s a package deal. Popcorn comes with the Coke.


From a geek perspective, it’s kind of amazing that the HTML5 WebCrypto API has evolved enough to allow that. But there’s still a fundamental problem. Unlike, say, Signal Desktop which is a Chrome App with a known signature and a well-understood body of code, this is on-demand web-based javascript which gets pulled down anew every time I visit the 1Password site (which is presumably a lot, since it’s also where you manage your monthly billing and any other cloud syncing sorts of things that one does).


The security chief at 1Password seems to be saying that he’s not a big fan of the browser client either, or at least acknowledges the inherent additional risks that this particular type of host-based javascript crypto (i.e., live web page loads, versus a fixed browser extension or app) introduces.

Glenn Fleishman:

There’s one significant way in which syncing via Dropbox or iCloud has an advantage over syncing: in the latter case, you have to trust AgileBits to do what it says it will. When 1Password native apps use local vaults and sync via Dropbox or iCloud, your password never touches AgileBits’ login Web page. Because 1Password itself is freestanding, security researchers can test (and have tested) it in ways that aren’t possible with

AgileBits says that your password never leaves your browser, and while trusting the company is reasonable, Thomas H. Ptáček noted to me via Twitter that the point is to not have to trust them.

Update (2017-07-16): My1:

2) you are using a CDN ( -> IP -> amazon AWS), meaning you are not in control of what happens in the transit meaning the CDN has the ability to (it doesn’t matter whether they promise not to do so or whatever, just that they have to ability to) add or change scripts in a way that the master password is sent directly to a rogue server, they could even go one step further and just sent a decrypted wallet along the way.

Dash for iOS Returns to the App Store

Bogdan Popescu (tweet):

Quite a few “developers” have even added it to the App Store themselves, violating the GNU GPL license in the process. Apple has been very responsive in removing these apps, but the developers kept adding it back in different shapes and forms and I got tired to fill the same copyright claim forms over and over.

Previously: Apple Removed Dash From the Mac App Store.

Resolving Modern Mac Alias Files

Daniel Jalkut:

There’s a big catch, however, which is that you must take care to pass the alias file’s URL as the “relativeTo:” parameter when resolving the bookmark. Otherwise the bookmark will resolve as expected in typical scenarios, but will fail to resolve in all the scenarios where bookmarks really shine, as for example in the case of moving a bookmark and its target to another volume.


The safety of ignoring staleness is supported by the fact that, starting in macOS 10.10, there is a new convenience method on NSURL specifically for resolving “alias files”[…]