But the issue in this thread is less about how the encryption is done compared to the amount of data that is actually encrypted. I wonder if 1Password encrypts everything, in addition to passwords.
My understanding is that they do, but there are some caveats. For example the feature that tells you if 2fa is available for a website presumably requires sending an HTTP request to 1Password servers including the domain of the website.
Although it's possible they implement this with a local bloom filter or something. I'm just speculating. And either way, those requests would only end up stored in some server logs somewhere, rather than in a database row directly linked to your vault.
Although it's possible they implement this with a local bloom filter or something. I'm just speculating. And either way, those requests would only end up stored in some server logs somewhere, rather than in a database row directly linked to your vault.
EDIT: It is in fact done locally. :) see: https://support.1password.com/watchtower-privacy/