> Officially our view is "if a malicious process with user privileges is running on the users machine when they use 1Password, there is little we can do".
I'm curious about whether you guys can address the distinction between "a malicious process with user privileges is running on the users machine" and "a malicious process with some other user's privileges is running on the machine.". That is, is there a threat that your TCP server could be impersonated, and what could happen in this scenario. It's easy to dismiss a scenario where you already have pwnd the 1password user, or worse, root, but TCP listeners aren't scoped to a user, they are scoped to a (potentially multi-user) machine.
I'm curious about whether you guys can address the distinction between "a malicious process with user privileges is running on the users machine" and "a malicious process with some other user's privileges is running on the machine.". That is, is there a threat that your TCP server could be impersonated, and what could happen in this scenario. It's easy to dismiss a scenario where you already have pwnd the 1password user, or worse, root, but TCP listeners aren't scoped to a user, they are scoped to a (potentially multi-user) machine.