[HN Gopher] 1Password to Add Telemetry
___________________________________________________________________
1Password to Add Telemetry
Author : zan5hin
Score : 183 points
Date : 2023-04-24 18:36 UTC (4 hours ago)
(HTM) web link (blog.1password.com)
(TXT) w3m dump (blog.1password.com)
| 35803288 wrote:
| This is a big, hard NO. Bye bye 1P.
| AwaAwa wrote:
| Lock folk in with 'cloud' based 'subscription' models, and then
| do what you will.
|
| 'Climate change' in 'cloud' world.
| tptacek wrote:
| The only reason we're talking about this is that 1Password wrote
| a blog post about it. They're not dumb, they know that this is
| the reaction they can expect from a blog post about how they're
| doing telemetry. They compete with a raft of products that not
| only use telemetry, but do it sneakily and with SAAS vendors that
| add attack surface to their products. But nobody talks about
| telemetry in those products, because those vendors don't want to
| have the conversation.
| moaf wrote:
| Exactly. Just look at Bitwarden's privacy policy, for example:
|
| > We use data for analytics and measurement to understand how
| our the Site and Bitwarden Service are used. For example, we
| analyze data about your visits to our Site to do things like
| optimize product design. We use a variety of tools to do this,
| including Google Analytics. When you visit the Site using
| Google Analytics, we and Google may link information about your
| activity from that site with activity from other sites that use
| Google Analytics services.
| JohnFen wrote:
| > But nobody talks about telemetry in those products
|
| Sure they do, and a lot. But they don't talk about with with
| the companies doing it. What would be the point?
| VincentEvans wrote:
| How about an ability to resize the width of the column that lists
| the names of the secrets in the vault so that I can see what they
| are. That'd be higher on my priority list.
| adoxyz wrote:
| I've been a 1Password customer for many years. Their product is
| super solid. The family plan is very generous. I personally don't
| have an issue with them collecting some telemetry to improve the
| product. And they've stated they'll offer ways to opt-out.
| closewith wrote:
| I'd accept making it opt-in, but opt-out is ridiculous. I can't
| imagine how they're going to get this past EU regulators.
|
| I love (although loved more in the past) 1Password and have
| deployed it in two separate companies. Between this and recent
| UI updates (well, over the last couple of years), maybe it's
| time to look at alternatives.
| Negitivefrags wrote:
| If you don't collect any identifiable data, then the EU has
| nothing to say about it.
| closewith wrote:
| Unless they have a non-IP based communication system, then
| they'll fall afoul of the same thing all online analytics
| services do - they'll be collecting, at least ephemerally,
| personal data under the EU definition.
| Negitivefrags wrote:
| It is my understanding that if you do not log the IPs
| that connect, then you are not collecting personal data.
| abigail95 wrote:
| What about anonymous logging of which buttons people click on
| is illegal in the EU?
|
| Citation needed on this one.
|
| That would make any dashboard that showed which api endpoints
| are the most popular also illegal.
|
| Anomyous telemetry is not PII. GDPR is personal data.
| nness wrote:
| As long as there's no "session identifier," even if unique
| and completely unmarriable to the PII, it doesn't matter.
| Any session ID where an ID represents one person runs
| afoul. Makes meaningful telemetry really hard without
| consent.
|
| Everyone just consents anyway...
| abigail95 wrote:
| My position is they can indeed get meaningful telemetry
| with opt-out anonymised data and that the GDPR does not
| prevent this.
|
| I am countering the position of the parent poster and
| asking for a citation that would indicate you don't need
| to sneak this around the EU regulators to do it.
| alpaca128 wrote:
| > Everyone just consents anyway...
|
| Unless you don't lie to them and don't use every dark
| pattern in the book to trick them into clicking the
| checkbox.
| miken123 wrote:
| > Anomyous telemetry is not PII. GDPR is personal data.
|
| How are you exactly going to submit it anonymously? Will it
| connect over Tor? Because if you just send it over your
| internet connection, it arrives with your IP address on the
| packets, which is PII, which makes it data processing of
| PII, which makes it require a legal basis to process. And
| it is legally uncertain that 'legitimate interest' is a
| valid ground for telemetry data, leaving only opt-in
| consent.
| abigail95 wrote:
| That would make any EU company running a server in a
| country without an EU data processing treaty illegal,
| because the IP address would be in the TCP handshake.
|
| Edit: It would also violate using any networks that
| transit such countries, because TLS and TCP handshake
| info might be PII too. I find that such a ridiculous
| position to have re GDPR.
|
| 1P already has consent from users for its apps to use the
| network to connect to their services.
|
| They do not need an additional agreement ie _opt-in_
| consent. If they are collecting non-PII they can use the
| current opt out.
| JohnFen wrote:
| > Anomyous telemetry is not PII.
|
| That depends. First, no data collection is "anonymous" when
| it is transmitted. Any anonymity must come later, and then
| is only possible if the company aggregates the data with
| other users _and_ deletes the original data that was
| collected.
|
| PII/Personal Data are squishy terms. In the US, anyway, the
| legal definitions of what counts as "PII" leaves out an
| awful lot of actual PII -- so any claims that "no PII is
| being collected" is meaningless without additional
| explanation of what data items are being collected.
| abigail95 wrote:
| We are talking EU and I specifically asked for Citation
| needed, and I realize you aren't the poster but this
| doesn't really answer my question.
|
| Are we assuming 1Password is lying about anonymisation?
|
| My point is they didn't "sneak it past the regulators",
| it's plainly legal to do this under GDPR, and if it isn't
| I need a citation.
| JohnFen wrote:
| > Are we assuming 1Password is lying about anonymisation?
|
| I wouldn't put it that way. Rather, I'd say that you
| shouldn't assume something is true just because a company
| claims it is. Especially when that thing can have a
| material effect on their profit margin.
| abigail95 wrote:
| In simplest terms.
|
| 1P says they are collecting non-PII.
|
| Higher poster in this thread says "I can't imagine how
| they're going to get this past EU regulators."
|
| I'm saying there is no problem, and someone needs to
| provide proof that the opt-out here is illegal.
| abigail95 wrote:
| > First, no data collection is "anonymous"
|
| Because no network connection is anonymous but as long as
| you aren't handling PII, GDPR has nothing to say about
| it.
|
| I could sell an app in the EU that just pinged my server
| once a day. As long as I wasn't keeping a record of who
| pinged what when, there is no PII.
|
| Otherwise everything is PII and you would need consent
| before every TCP handshake.
| miken123 wrote:
| > I could sell an app in the EU that just pinged my
| server once a day. As long as I wasn't keeping a record
| of who pinged what when, there is no PII.
|
| Data processing is not just about 'keeping a record'.
| Processing even for a millisecond is also processing.
|
| > Otherwise everything is PII and you would need consent
| before every TCP handshake.
|
| Consent is not the only ground for data processing.
| Normally, it would just be performance of a contract, as
| the user wants something from you.
| abigail95 wrote:
| I still haven't got my citation of how the GDPR someone
| applies to non-PII, which is _the entire point of what 1P
| is saying they are collecting_.
|
| Data processing _of personal data_ is what the GDPR is
| concerned about.
|
| I'm sorry for getting frustrated but for fucks sake,
| someone cite me something that proves my original point
| about the opt-out being illegal.
|
| I don't care if I'm wrong but I'm not taking downvotes
| for questioning someone flatly accusing 1P of bypassing
| EU regulations.
| JohnFen wrote:
| > Because no network connection is anonymous but as long
| as you aren't handling PII
|
| It's not the network connection that eliminates anonymity
| (although that, too), but the data itself. Even if
| there's no single piece of PII involved, fingerprinting
| is still a thing. That's why, if you want a hope at
| anonymity, you have to add the collected data into an
| aggregate collection and delete the original data
| records.
| version_five wrote:
| It's enough to make me at least look for alternatives. If I'm
| paying for something, I'd strongly prefer to do so on my terms.
| I use Microsoft office in spite of the fact that it's basically
| just an industrial spying platform, because I don't have any
| other options. If I can find a password manager that's easy to
| switch too that doesn't spy on me, I'll do so. We shouldn't be
| rewarding companies for this.
| mdaniel wrote:
| > Their product ~~is~~ used to be super solid.
|
| Don't get me wrong, it's still _light years_ ahead of the
| Bitwarden clients and extensions, and that 's why I stay, but I
| for sure would not use the present tense for their quality
| arepublicadoceu wrote:
| > it's still light years ahead of the Bitwarden clients and
| extensions
|
| I'm quite possible a simpleton but I can't see how it's light
| years ahead of Bitwarden. Can you provide an example of such
| difference?
|
| Every time I used to check 1password (before the Great Purge
| of local vaults) I always arrived at the same conclusion.
| It's a bit more beautiful but not 3x or 4x (whatever the
| price is) more beautiful then Bitwarden.
|
| Functionality wise I couldn't see much of a difference. Both
| save passwords, both share passwords, both generate passwords
| and both have Totp support.
| gaws wrote:
| I've been a 1Password customer for five years. The move to
| 1password 8 has been beyond disastrous: terrible extension
| integration, browser constantly crashing when trying to log into
| the web panel, and the mobile app integration hardly works with
| mobile browsers.
|
| Add the recent announcements that the company will no longer
| support their last stable version -- 7 -- and move to using
| telemetry -- I'm out.
|
| I've jumped to Bitwarden; open source, cheap, and competitive
| features. It was a no-brainer.
| SomeHacker44 wrote:
| i have literally over 5,000 passwords going back almost 30
| years in a dozen vaults in 1P. How easy was it to migrate to
| Bitwarden? Any issues with Windows, Android, Linux, i(Pad)OS
| with the move? thanks!
| gaws wrote:
| I can't speak for multiple vaults, but it was extremely easy
| for me to import my single vault: 1. Export
| 1P passwords to a 1pux file 2. Import file into
| Bitwarden 3. Done.
| RoyGBivCap wrote:
| Wow. I thought I had a lot with over 900. Mostly exported
| from Brave because I just started using a password manager
| less than a year ago.
| nikanj wrote:
| After taking in ridiculous amounts of money, they must figure out
| what features are most crucial for users - so that those features
| can be monetized the hardest
| Tagbert wrote:
| Where are those "ridiculous amounts of money"? The price of
| 1password seems very moderate so they must selling enormous
| number of licenses to amass so much money.
| detaro wrote:
| 2022: "1Password with $620M Series C, now valued at $6.8B"
| https://techcrunch.com/2022/01/19/1password-series-c-
| funding... (following a $200M Series A and a $100M Series B
| in 2019/2021)
| nikanj wrote:
| Hence the "must monetize" part. The investors expect to
| wring at least 5x their money, and selling $49 lifelong
| licenses does not net you billions
| hammyhavoc wrote:
| Or so they can ditch lesser used features to eliminate
| technical debt.
| ValentineC wrote:
| Relevant xkcd: https://xkcd.com/1172/
| Nicksil wrote:
| This is very simple: Present a one-time prompt asking to opt-in.
|
| Explain to me how my admittedly naive solution fails to deliver
| for all consenting parties.
| Entinel wrote:
| It doesn't deliver for the company. Opt in telemetry is the
| same as not doing telemetry. Not because people are morally
| against telemetry but most people just click through. You might
| say that is a good thing or that is how it should be but that
| is exactly why it doesn't deliver the desired result for the
| company.
| xyzzy_plugh wrote:
| Seems fine to me. Opt out is reasonable, I trust 1password to not
| fuck this up versus, say, LastPass. If you already trust
| 1password to store your credentials, I see little to no impact to
| your risk exposure by having them collect anonymized telemetry.
| Curious if others have thoughts here?
|
| Their UI has changed a lot in recent years, maybe this will
| enable them to make more informed design decisions so that one
| day grandparents stop getting lost in their horrible menus.
| JohnFen wrote:
| > Opt out is reasonable
|
| I strongly disagree with this and think much less of companies
| who do it that way. That said, that battle is already lost
| anyway.
| xyzzy_plugh wrote:
| Opt in is the same as not doing it at all. TFA explains their
| approach decently well and it seems sane to me.
|
| It's not like this is telemetry in some open source thing for
| nefarious reasons. It's literally for their customers. They
| already know who you are, it's not like they're using this
| for targeted ads.
| alpaca128 wrote:
| > it's not like they're using this for targeted ads.
|
| Prove it. Right, you can't, because once telemetry runs you
| have no insight or control over what happens with the data.
| And trust is definitely not an option anymore after all
| that happened over the years.
| anonymousab wrote:
| > Opt in is the same as not doing it at all.
|
| That is more of a statement about the detestability of
| telemetry as a concept than anything else.
| JohnFen wrote:
| > It's literally for their customers.
|
| This is said by every company that does telemetry.
| ptx wrote:
| > _little to no impact to your risk exposure by having them
| collect anonymized telemetry_
|
| The key word there is "anonymized". What is the risk of the
| collected data accidentally being less anonymous than intended?
| What is the risk of accidentally collecting more data than
| intended? Microsoft has already had both types of accident
| [1][2], so I think it's fair to assume a risk close to 100%
| over time.
|
| Even if users opt out, what is the risk of the opt-out
| mechanism at some point containing a bug that causes it to
| fail? Or the risk of the user at some point failing to properly
| configure the opt-out mechanism?
|
| Is the company going to put as much effort into minimizing
| these risks as the end user would like? Is anonymization of
| telemetry going to be the top priority for the company?
|
| [1]
| https://github.com/dotnet/sdk/issues/6145#issuecomment-22010...
|
| [2] https://news.ycombinator.com/item?id=23260548
| AlexandrB wrote:
| > If you already trust 1password to store your credentials
|
| I don't, so I'm never upgrading to 1Password 8. The telemetry
| news only validates my decision. What I consider important in a
| security product and what AgileBits considers important
| diverged a while ago and that's ok I guess.
| dijit wrote:
| 1password 8 definitely feels like a massive UX downgrade over
| v7. Though I can't put why into words.
| kitsunesoba wrote:
| I think it's that v8 feels less an app crafted for
| individuals and more like yet another generic SaaS made for
| corporate customers.
| mdaniel wrote:
| Oh, I can: it's the experience of the edit button
| mysteriously appearing and disappearing, along with the
| _unforgivable_ experience reported on r /1Password of some
| user having edits applied to the wrong item. There but for
| the grace of God go I, but I for sure have experienced the
| oft-reported edit button comes and goes nonsense
|
| We shall not even get started on their extension losing its
| mind for no good reason. Still better than Bitwarden, and
| they should thank their lucky stars for it or I'd take my
| money elsewhere
| pinkcan wrote:
| it's no longer a native app
| krger wrote:
| Only one word needed: Electron
| flinner wrote:
| The latest version seems optimized for keyboard shortcuts
| at the expense of easily accessible 1-click copying of
| username/password/one-time password. To me, this introduced
| a large additional cognitive load where instead of a click,
| click, click, I now have to remember that CMD+C is
| username, CMD+Shift+C is password, and (something else?)
| for One-Time Password.
| oefrha wrote:
| If telemetry can tell them 1Password 8 UX is a downgrade from 7,
| I'm all for it.
| myhf wrote:
| What would they even do with that information?
|
| "It is difficult to get a man to understand something, when his
| salary depends on his not understanding it." - Upton Sinclair
| samcat116 wrote:
| Just wanted to add my voice that I really like the newer
| 1Password stuff. I haven't had any issues I've seen people
| complaining about, and don't have any of the philosophical issues
| that a lot of others seem to have. If you're one of those people,
| you should be definitely just move to Bitwarden.
| sashk wrote:
| > At that point, we'll also provide guidance on how you can opt
| out if you'd like to.
|
| Well, at least there is opt out. Probably, will be on account-by-
| account basis, not family/organization-wide.
| smileybarry wrote:
| It sounds like they're planning it to be as general as possible
| (more just "how much is each feature used"), but it'll also be
| fully opt-in:
|
| > And, of course, once this functionality rolls out to customers,
| you'll be able to control whether or not telemetry is active on
| your account.
|
| ("account" sounds like you can turn it off family-wide or even
| organization-wide)
|
| [ Reposted my comment from duplicate post:
| https://news.ycombinator.com/item?id=35685170 ]
| robbiep wrote:
| The vc funded slide into oblivion started a while ago and
| continues
| favorited wrote:
| The slide into Enterprise(tm), you mean. Lots of big companies
| use 1Password as an IT solution for secrets management. That
| $6.8 billion valuation has to come from somewhere.
| squeegee_scream wrote:
| > Over the years, we've relied on our own usage in conjunction
| with your feedback to inform our decision making. This presents a
| challenge, though: we don't know when you run into trouble unless
| you tell us. And sure, we have an extensive user research
| program, and listen to all of the feedback you share online and
| in conversations with our team.
|
| > But there are millions of people using 1Password now, often in
| cool and innovative ways! If we're going to keep improving
| 1Password, we can no longer rely on our own usage and your direct
| feedback alone.
|
| I wish I were in the room when these arguments were being made. I
| would like to see the data that led them to this conclusion. I
| used to work at 1P, I was a happy user before I started working
| there and I continue to be a happy user. But I can remember so
| many conversations about telemetry and how we'd never use it...
| nickstinemates wrote:
| The quote isn't a reflection of the conversation they were
| having; it's merely a justification they're using for the
| decision they made.
| rekwah wrote:
| "1Password Unlocks $620M Round, Reaches $6.8B Valuation" would
| be my guess.
| raverbashing wrote:
| > But there are millions of people using 1Password now, often
| in cool and innovative
|
| It's a password manager, what's "cool" about it?
|
| 1Pwd always rubbed me the wrong way in the way they "take
| themselves too seriously" and overrate their importance
|
| It's a password manager. They wouldn't even sync to cloud at
| first iirc, no?
|
| The more boring the better
| themagician wrote:
| You can use it for a lot more than just passwords, which IMO
| is what makes it stand apart from Bitwarden. You can store
| notes, credit cards, photocopies of IDs, software licenses,
| key pairs, etc. You get 1GB of storage. They really have
| turned it into a "vault" for anything digital.
| VincentEvans wrote:
| You can store anything you want in it, as long as you are
| ok with seeing just the first 15 or so characters of the
| name you give it. Because the column that contains the
| contents of the vault is thin and non-resizable. Probably
| because they didn't have telemetry so they didn't know.
| ldhough wrote:
| > thin and non-resizable
|
| I just checked and this works fine on macOS
| themagician wrote:
| It's resizable for me.
| tweetle_beetle wrote:
| Fairly sure Bitwarden has done all that for some time.
| Having had to use both at work, I can't see any killer
| features that 1Password has in my use case and there are
| various small things that slow me down when using it.
| nickvanw wrote:
| I have my issues with what 1Password has become as a product, but
| this seems like a very good stance to take. As a product owner,
| it's essential to know what and how people are using the product,
| collecting some straightforward telemetry that's anonymized and
| doesn't contain and Vault data strikes me as reasonable.
| favorited wrote:
| If it is so essential, how have they been so successful since
| 1P was released nearly 20 years ago?
| d1l wrote:
| They didn't have an army of UX fuccbois back then. Now they
| do and this is an endless stream of makework to justify
| themselves.
| illiarian wrote:
| > As a product owner, it's essential to know what and how
| people are using the product
|
| You can ask the users. You can apply some common sense (which
| 1Password team increasingly doesn't). They can look at the
| support forums listing the many issues (especially with UX)
| which are condescendingly dismissed. Etc.
| TkTech wrote:
| My history with 1Password:
|
| - Purchase a stand-alone license, getting well-performing and
| feature-complete native clients with several options for vault
| sync that are under my control.
|
| - Upgrade to 1Password 8, a version that sounds great, but has
| quietly removed local sync unless you checked forum and blog
| posts before buying.
|
| - Watch the clients go from being native to Electron and losing
| many, many features. Get forced into using the web app for simple
| things like seeing history.
|
| - Watch browser integrations get progressively worse (check out
| the reviews on the Firefox extension, oh boy)
|
| - Even if you've been using 1password 7 (the version you paid a
| good chunk of change on for, in 1Password's own words, a life-
| time license), you won't be able to use it with browsers at all
| soon https://support.1password.com/kb/202303/.
|
| - Get popups and unwanted opt-out integration with social media
| logins, when I've gone out of my way to purge garbage like "login
| with google" from my internet experience.
|
| - Get unwanted opt-out telemetry forced on you, which regardless
| of their assurance will eventually leak PII like it always does.
| People make mistakes, c'est la vie. I would have no issue with
| opt-in telemetry.
|
| I think this is it for me. Forced telemetry is a small thing, but
| it's just one of many poor decisions. I'm sure it's a smart
| business decision and their investors will be happy finding more
| and more ways to extract value out of users. I just want a simple
| password manager, so after a decade this is it for my family and
| myself.
| minimaul wrote:
| I have a similar history.
|
| The biggest loss for me on v7 -> v8 is 1Password Mini - that's
| a wonderful little 'browser extension for the desktop', and
| quick access is just awful to use in comparison.
|
| It's not helped by their responses basically always being "but
| we like this, so it's better!" - they don't listen to customer
| feedback any more, and they pair it with their 'quirky' comms
| style that just comes off as condescending & dismissive.
| Collecting telemetry doesn't help if they ignore the feedback
| they already have.
|
| edit: plus, they keep showing hard/impossible to dismiss UI in
| web pages to try to capture/fill fields, and it makes _using_
| the web pages really difficult!
| climb_stealth wrote:
| This so much! I hate hate hate how there is no context
| anymore for filling in logins and how it has to all happen
| inside the browser. It's normal for me to have 5-6 different
| logins for websites. In v8 I can only use the tiny bar in the
| webbrowser to select one. But it doesn't let me search or
| give me information on which login is which.
|
| In v7 with 1Password Mini I can do a fuzzy search outside of
| the browser and then just press enter to fill the details.
|
| I'm still holding on to v7, but apparently we just can't have
| nice things. Sounds like it may be time to move on soon. :'(
| robotshmobot wrote:
| Bought full license some time in 2014. Watched them
| disintegrate into subscription hell while making the apps
| worse. Moved everything to Firefox and Apple Passkeys. They
| integrate better with my workflow anyway.
| avtar wrote:
| > Watch browser integrations get progressively worse (check out
| the reviews on the Firefox extension, oh boy)
|
| This doesn't align with my experience, and I've been using
| their app/service for years (the Windows & Mac apps, along with
| the Chrome and Firefox extensions). I don't mean to sound harsh
| but I'm scrolling through the negative reviews on the Firefox
| extension page as you suggested, and it's hard to take the
| majority of them seriously:
|
| "i have never been happy with 1Password. Too frustrating to
| use."
|
| "TOO DIFFICULT TO SIGN ON."
| thebitguru wrote:
| I have enjoyed how quickly 1Password was adopting new
| technology and features while still staying stable. It just
| worked. Lately, that hasn't been the case. Recently, the
| browser extension, which is my main interface for 1Password,
| has been acting up.
|
| I use browser extension in Edge on macOS. I am on a page
| signing up for a new website and want to save credentials. It
| doesn't. Keeps erroring out. Disabling and re-enabling
| extension, and then refreshing the tab finally fixes it. I
| reached out to customer support and they told me to sign out
| to force refresh the cache. I did it, but the problem wasn't
| fixed.
|
| 1Password needs to fix the bugs that their customers are
| already reporting, instead of alienating their users with
| telemetry. I don't think the learnings from telemetry will be
| worth the damage it will cause to their brand.
| yreg wrote:
| I purchased 1Password 3 10 years ago. The license transfered
| for free up to 1Password 6, so that's the one I continue to
| use. I sync the vault myself.
|
| Purchasing licenses in those times before everything moved to
| subscriptions was a good deal.
| ploum wrote:
| Migrated to Bitwarden for the opensource years ago.
|
| Stayed for cheaper price, linux support, simplicity and "out of
| my way" philosophy. Never looked back to 1password.
| helpfulclippy wrote:
| Same. When I started using 1p, the vault was stored locally,
| and it was possible to decrypt it at the command line using
| openssl. They prided themselves on this. They moved to cloud-
| based, and at one point I went to check if data export
| worked, and it did not. I opened a support ticket, and before
| even offering any actual help they wanted to know why I
| wanted to export my data anyway. Then they wanted me to
| download and run some telemetry binary to collect info about
| my system. I figured out the problem myself without them, and
| told them why I felt this meant they now had a value set that
| meant I could not rely on them going forward. They offered me
| a discount code.
|
| Bitwarden is great.
| minimaul wrote:
| I remember when they gave enough information about their
| vault formats that I could write my own linux app to fetch
| data out of their .opvault format in roughly an afternoon!
| isomorphic wrote:
| Same. I think here is a good place to shout out to
| Vaultwarden:
|
| https://github.com/dani-garcia/vaultwarden
|
| Your password data, back under your own control.
| berberous wrote:
| Why does it need a server? Does bitwarden have the ability
| to just use a local vault?
| isomorphic wrote:
| Bitwarden is cloud-based with synchronization to local
| caches. If you want total control over your data with
| Bitwarden you will need to run the server/cloud side. I'd
| caution that running a Bitwarden server is not for
| everyone, as one could make the security worse than the
| Bitwarden-company-hosted cloud service.
|
| I run Vaultwarden on my LAN, with no public/Internet
| facing service, and sync only on my LAN.
| doodlesdev wrote:
| If you're looking for something that's offline first go
| for pass [0], gopass [1], or any keepass-compatible
| [2][3][4] password manager and sync the database
| yourself.
|
| [0]: https://www.passwordstore.org/
|
| [1]: https://www.gopass.pw/
|
| [2]: https://keepassxc.org/
|
| [3]: https://www.keepassdx.com/
|
| [4]: https://strongboxsafe.com/
| ASalazarMX wrote:
| I'd add Keepassium for iOS, I think it's free for a
| single database.
|
| https://keepassium.com/
| [deleted]
| Night_Thastus wrote:
| Same, though I just use the free Bitwarden, not sure what the
| paid one provides.
|
| It's been good. Very simple and reliable. Has barely changed
| in years of use and hasn't needed to.
| hrunt wrote:
| I pay them for the family plan. Being able to share items
| with my wife and kids (particularly joint accounts) is
| extremely useful, and they do it without creating two
| classes of passwords (like LastPass, my previous vault).
|
| BTW, the paid accounts provide TOTP code storage, more
| comprehensive password health reports, emergency vault
| access for others, hardware key support, someone to call
| with problems[0], and encrypted file sending.[0]
|
| [0] https://bitwarden.com/pricing/
| stronglikedan wrote:
| I pay them for the TOTP authentication alone, so that I
| don't have to never ever use google authenticator ever
| again, but it also feels good to be able to support such an
| awesome project, even if it's only a little.
| tohnjitor wrote:
| I dropped 1P the day I ran a suggested update and it locked me
| out from making changes to my database unless I signed up for a
| paid subscription. FOSS or bust.
| JohnFen wrote:
| While I am very allergic to such data collection, if you're going
| to do it, this seems like the way to do it.
|
| I'm not a 1Password user (and won't become one), but if I were, I
| wouldn't necessarily be in a huge rush to stop as a result of
| this.
| vladharbuz wrote:
| I hope they fix all the issues with unlocking. Sometimes it takes
| ~20sec to unlock 1Password. Sometimes unlocking the browser
| plugin causes the app to pop up, other times not. Sometimes it
| just doesn't unlock. I think there are two kinds of browser
| extension, which is confusing. All very frustrating at times and
| only getting worse.
| KomoD wrote:
| I don't like telemetry but I'm a happy 1Password customer, will
| probably opt-out anyway.
| danpalmer wrote:
| Telemetry to inform product decisions is fine, in fact I think
| it's necessary to have confidence that software is performing in
| the wild (e.g. crash reporting), or that customers know how to
| use it.
|
| What is not ok is opt-out telemetry for personalisation for
| advertising, or over-reaching personal data collection, in
| 1Password's case data from your vault.
|
| There is however a grey area in the middle - data about the
| performance of product upsells. This is a tricky one, because
| arguably if I do upgrade (say, to 1Password Family/Teams), I've
| probably done so because it made sense for me, and I'm probably
| happier with the product... but I might not have done so without
| that information on how I or others use the product that helped
| optimise that flow. When done well I don't have a problem with
| this, but I hope 1Password are careful about the culture of
| upsells that this data could create.
| whoopdedo wrote:
| Do any developers collect usage statistics by sampling rather
| than a persistent data stream? I think it would possibly
| reassure privacy-conscious users that anonymized & aggregated
| telemetry really is what it claims to be if the phoning home
| only happens at random intervals. Otherwise that detailed
| record of usage is too tempting a target for the surveillance
| capitalists.
| JohnFen wrote:
| That wouldn't reassure me at all. Just because an application
| is phoning home at random intervals in no way means that the
| data wasn't being continuously collected.
|
| What would reassure me is if the data were all in human-
| readable form and given to me to transmit myself.
| jader201 wrote:
| > _What is not ok is opt-out telemetry for ... data from your
| vault._
|
| If I'm reading correctly, they're pretty clear and intentional
| about _not_ collecting data from your vault (regardless of opt-
| in or opt-out). It's simply usage patterns of the UI.
|
| Do you see anything that suggests otherwise?
| JohnFen wrote:
| > or that customers know how to use it.
|
| Telemetry that is detailed enough to reveal how I use a product
| is too invasive for my tastes.
| TechBro8615 wrote:
| The worry about telemetry in a product like this is how it's
| implemented. It's more code that could have bugs in it. What
| assurances do we have that it will execute safely in a way that
| it can't possibly access the password database, even in the
| event of (for example) compromise of the CI pipeline that
| builds the telemetry SDK?
|
| > No customer vault data can be seen or collected. We're only
| interested in how people use the app itself, what features and
| screens they interact with - not what they store in their
| vaults, what sites they autofill on, or anything like that.
|
| This seems contradictory to me. How can the code see what
| screen is open without interacting with the app? This implies
| there is some kind of sandboxing layer. How can the 1Password
| software engineers possibly be confident enough in this
| sandboxing to assert that "no customer data can be seen?" That
| may be their intent, but bugs happen, especially in code that
| runs at a layer above the app to analyze how users interact
| with it.
|
| I will be opting out. Hopefully the opt-out mechanism doesn't
| have a bug in it either. And when there is inevitably a bug in
| the telemetry, I hope 1Password is okay with admitting that
| their opt-out system created two classes of users: those who
| did nothing, and thus remained vulnerable to bugs in the
| telemetry layer, and those who opted out of it.
| Animats wrote:
| > The worry about telemetry in a product like this is how
| it's implemented.
|
| Exactly. They are enlarging the attack surface of a security
| device. For their own benefit. One buffer overflow and
| there's a backdoor.
|
| That this is happening means their marketing people have more
| power than their security people. This is a very bad thing
| for a security company.
|
| Start migrating away from 1Password. Now.
| 1123581321 wrote:
| They do separate the UI application from the kernel that
| manages access to the data. I guess the biggest risk would be
| that you click reveal, which has the kernel expose a password
| to the UI, and then the UI phones home with its entire raw
| contents.
| julian37 wrote:
| Surely the UI code is what responds to clicking "reveal"
| and therefore, if compromised, could fetch the secret even
| without a click?
| 1123581321 wrote:
| Good point. I don't know what 1Password could do to
| prevent the telemetry from issuing control commands to
| the rest of the app outside of trying to prevent
| malicious code from being checked in and deployed.
| wootland wrote:
| > What is not ok is opt-out telemetry for personalisation for
| advertising
|
| Opt-out telemetry is also not ok for product decisions. It's a
| dark pattern that shows no respect for user privacy.
| abigail95 wrote:
| What's the difference between telemetry from the client side,
| and aggregate logs of server api endpoints?
|
| Assume no PII, what's the difference? What do you mean by
| dark pattern?
| wootland wrote:
| I would say server side logging is one of the many
| downsides to SaaS based products and makes a great argument
| for running things locally. Any additional tracking of
| users exacerbates the problem.
| abigail95 wrote:
| For a password manager I'm in full agreement, but the gap
| between running something like SAP Cloud vs On-Premises
| is very costly. There are tradeoffs where it's worth it.
| yamtaddle wrote:
| Server logs can't watch your every move, even when you're
| not intentionally creating network requests. "Telemetry" is
| spyware, full stop.
| imwillofficial wrote:
| This is exactly what I want in my password manager.
| waynesonfire wrote:
| absolutely. i hope they don't charge more for this feature.
| hell, why stop at 1password properties? leave no stone
| unturned, there may be other secrets laying around that can
| monetized with innovative product features to ensure the IPO is
| a success for the investors.
| [deleted]
| pinkcan wrote:
| [flagged]
| rdl wrote:
| The 1Password "no local/standalone vaults" "upgrade" in 7->8 is
| what got me to leave it after 15 years or so. They're killing the
| extensions used by Chrome/Brave/etc. in 3 months, so it became
| critical to move off Version 7 (which is probably not getting
| much security maintenance now, either). RIP.
| AwaAwa wrote:
| Little worse is that the manifest deprecation was delayed into
| 2024, but that hasn't stopped them from killing the extensions
| in 3 months.
|
| I loathe having to migrate out of 1P 7, but there really is no
| choice now.
| ssabetan wrote:
| This is the issue I'm having as well. I've been a standalone
| customer that's been paying since 2007, if I can't host my own
| vault either locally or in Dropbox - I'm out.
|
| I was hoping to use 1P 7 for as long as I can, but with the
| Chrome extension dying it's going to become unusable. What have
| you found as an alternative?
| lgreiv wrote:
| This is my stance as well. I have not chosen a successor yet,
| but I'll have a look at Bitwarden, Keepass and the recently
| released Proton Pass.
|
| Trusting Dropbox for sync (which I did) meant trusting a cloud
| service, too, but IMO it is a less lucrative target for hacks
| than a server that stores _nothing but_ credentials. Also,
| using DB made me less dependent on connectivity (LAN sync) and
| would let me switch providers quite easily.
| AwaAwa wrote:
| I'm going to try KeePassXC & syncthing. I assume its going to
| be no where near as good as 1P, but between no extension
| support, no local vaults, secret security ops, I don't see a
| choice.
| nullstyle wrote:
| I'm disappointed with what 1password has become. To put it in a
| tone I feel is appropriate given how much time and money I've
| invested into their product, I don't think abandoning native
| development for electron to shove telemetry into your product
| counts as bending over backwards to preserve privacy. It reeks.
| kmfrk wrote:
| I've had issues where 1Password wouldn't save my new logins
| properly, lasting for over a day. Maybe that's why they need the
| telemetry.
|
| Do 1Password do security/privacy audits the way Mullvad do?
| That's a pretty decent way of building goodwill over time when it
| comes to decisions like this. It's probably a fine decision, but
| they should probably have gone to greater lengths to write this
| blog post in more exhaustive detail.
| darknavi wrote:
| If they could use telemetry to deduce which websites were not
| auto-filling correctly then I'm all aboard.
| torstenvl wrote:
| Users: We want standalone non-subscription licenses!
|
| 1Password: I really wish we knew what users wanted.
|
| Users: Please don't move to Electron, I don't want Chrome bugs in
| my password manager.
|
| 1Password: I'm just baffled. We never hear from users.
|
| Users: Please, for the love of God, give us control over our
| vaults. Don't go cloud-only, we're begging you!
|
| 1Password: Better turn on telemetry. It's the only way to solve
| this mystery for the ages.
| kspacewalk2 wrote:
| They're focusing of the enterprise market. Those users are now
| what matters, because that's where the money is. Individual and
| family customers will still get their tier of product, but
| ain't no company-wide business decisions gonna be catered to
| their whims.
|
| And particularly with standalone perpetual licences, which I'm
| still clinging on to. Sync via DropBox, share a vault with
| family, and another one with my small team at work. It's
| perfect, for me. But it just doesn't work for 1Password,
| financially. No amount of getting upset or whiny will change
| that. Time to get over it.
| wootland wrote:
| Opt-out telemetry is unacceptable, this also signals that the
| product team has no vision and the organization is riddled with
| bureaucracy.
|
| Great products get built by someone with a vision to create them,
| mediocre products gets created by product managers justifying
| their positions with data they've gleaned by spying on users.
| PaulKeeble wrote:
| Another company having no issue with blatant and in the open
| breach of GDPR by refusing to comply with the required default
| of rejection.
| ninkendo wrote:
| 100% agreement from me. People have trouble believing this, but
| software existed before telemetry existed. We didn't have
| trouble understanding where user pain points were back then,
| because we actually performed user studies, and offered the
| ability for users to provide feedback if they wanted to.
|
| The field of UX wasn't born the moment someone wrote the first
| telemetry library.
| yamtaddle wrote:
| I was genuinely shocked at how fast this crap was normalized.
| This was unequivocally _not fucking OK_ unless you were some
| shady-ass malware vendor, not even that long ago. Then, in a
| span of seemingly a handful of years, it became normal and
| everyone was doing it and they all act confused when we say
| it 's _very, super, extremely, not even close to OK_.
| wkat4242 wrote:
| Of course it existed. It's just a lot cheaper with telemetry.
|
| This is why companies like Microsoft cram it down our
| throats.
| abigail95 wrote:
| Because before js became popular, every web app had access to
| every single event execpt what, scroll and mouse position.
|
| Telemetry has been the default for networked applications
| since longer than I've been alive. Think of a terminal
| connecting to a mainframe, how much telemetry it has access
| to, all of it, of course.
| yamtaddle wrote:
| > Because before js became popular, every web app had
| access to every single event execpt what, scroll and mouse
| position.
|
| Huh? No, they had access to basically nothing unless the
| user did something that triggered a network request. What
| did you type in that form, but delete before submitting? No
| visibility. Which parts of the page did you linger on the
| longest? Which parts of the text did you highlight? No
| visibility.
|
| They could see when you requested/submitted stuff, but that
| was about it. Pages couldn't sit there looking over your
| shoulder while you were using the page.
| wkat4242 wrote:
| > What did you type in that form, but delete before
| submitting? No visibility.
|
| Well maybe I deleted it because I thought twice about
| what I wanted to send you.
| marcosdumay wrote:
| > We didn't have trouble understanding where user pain points
| were back then
|
| If anything, people seem to have much more difficulty
| understanding user pain points right now.
| smolder wrote:
| It's also often the case that they understand a user pain
| point but don't fix it because they put it there with
| intent and purpose.
| WirelessGigabit wrote:
| Because of telemetry we know what brings in the most money.
|
| So while telemetry might show that moving an item from one
| group to another (just making something up) takes > 1s,
| fixing this will not bring in $.
|
| So when we then do Sprint Planning all of that gets pushed
| to the ice box.
| marcosdumay wrote:
| This already starts from a big mistake, because telemetry
| can't tell you the value of any work you haven't done
| yet.
|
| The question whether it can tell you the value of
| anything at all is a hard one that needs plenty of
| context, and nobody seems interested on answering. But
| your reasoning doesn't need this answer.
| firstbabylonian wrote:
| > telemetry can't tell you the value of any work you
| haven't done yet
|
| But it can allow you to extrapolate from the value of
| things already done and usage patterns around them?
| mywacaday wrote:
| Its a world of diminishing returns still looking for that 100x
| payday. A product is no longer a product once the end user
| becomes part of that product. It makes me sad and long for the
| days when I was excited to see what amazing new software was
| being posted every day to HN, can't remember the last time I
| went wow.
| santiagobasulto wrote:
| What a coincidence. Just yesterday I was discussing 1pwd's series
| A with a friend and I remembered about a podcast the founder
| (David Teare) did with DHH (Rework Podcast). In it, he literally
| cites this. He says they raised money for a bunch of things, and
| one, was to add metrics, but he wanted them to make them
| anonymous. We'll see how it plays out.
|
| Podcast:
| https://open.spotify.com/episode/6RZm7V8IcvuMuaCmVBE4EG?si=v...
| johnla wrote:
| At risk of sounding dumb: what's in the telemetry data?
| latexr wrote:
| The post only mentions a few things:
|
| > we'll be able to gather only a small set of general events
| and interactions within our apps. Things like when you unlock
| the app, when you create a new item (but not its contents!), or
| when you use autofill (but not what sites you use it on!).
| ehPReth wrote:
| call me stupid; but I'm not sure how those numbers are
| helpful for them?
| [deleted]
| selykg wrote:
| How are people creating new items? App, or extension?
|
| How are people accessing items? App, quick access menu,
| extension, browser bookmark?
|
| How are people changing passwords? In the app, using the
| password generator or not, in the extension with the
| password generator, in the browser using the injected UI?
|
| The thing about 1Password is that it seems like it's
| simple, but under it all there's usually multiple ways to
| do the same thing. Using some telemetry they could easily
| see that only 2% of users are using this one particular
| feature, and cut it if it's not getting used. Or this
| fantastically useful feature is only getting 20% of users
| using it, maybe they need to introduce it to users in a
| better way. Etc.
|
| At the end of the day, having this kind of data can make
| for better decisions. I'm not a fan of telemetry though.
| I'm honestly surprised the security team at 1Password
| agreed to this one as well.
| pinkcan wrote:
| cold water, but it gets warmer over time
| rdl wrote:
| Telemetry in a "trust us, this closed-source application which
| contains all your secrets, which we provide you and which we
| update periodically, is only contacting us for "privacy
| protecting telemetry" and not exfiltration, intentionally or not,
| of your most sensitive of all data" application is a hard pass
| for me. This seems like an IQ test kind of question.
|
| (So many times error reporting, etc. have accidentally leaked
| highly sensitive data, which was then the source of a major
| compromise, in other systems. Maybe 1Password won't get it wrong,
| maybe 1Password will never be subject to any pressure to get it
| wrong...)
| abigail95 wrote:
| Especially since it's operated from a Five Eyes country.
|
| The problem is its always been there. Telemetry provides more
| noise to hide exfiltration of sensitive data, but the risk has
| always been there from the start for the reasons you laid out.
|
| It's a closed source product in a surveilence heavy country.
| Telemetry or not, it's risky.
| lambdasquirrel wrote:
| If they were going to "de-identify" the data for their
| telemetry, then I'd need to see some rigorous mathematical
| proof of it, to have any trust in their promises. You _will_
| eventually compromise the individual datapoints in a dataset,
| given enough queries. There _is_ in fact a field of research
| that specifically studies just this. The PMs at 1password
| haven 't done their homework, they're just waving their
| hands, and it is worrying for users.
| tzs wrote:
| Without telemetry it is a closed-source application that
| contains all your secrets, is updated periodically, and is
| already storing encrypted copies of all your secrets on their
| servers. If they wanted to intentionally exfiltrate your data
| they could already do it easily.
|
| I don't see how adding telemetry makes any significant
| difference.
| hrunt wrote:
| Imagine for a minute that you have a hammer. This hammer is a
| very useful tool and you have never had a problem with it. You
| don't know what is in the hammer -- could be steel, could be
| titanium, could be uranium (you're not a scientist!) -- but you
| know that it has always worked for you. Your experience with
| the hammer is so positive, you would buy another hammer from
| the company again, without question.
|
| One day, the company that makes this hammer says that they will
| be updating it to automatically tell the company a bunch of
| information about the hammer's use -- when it's used, where
| it's used, what the environment is like around the hammer, how
| many times it's used, what it's used for. They assure you that
| they don't care about who is using the hammer, but obviously it
| will be YOUR hammer reporting the information, so at some level
| it will be associated with you.
|
| Why are they doing this? Well, they know that sometimes their
| hammers break. They only know this, though, because sometimes
| their hammers break for their own employees and sometimes
| customers tell them hammers break. They would really like to
| know ALL the times their hammers break, though, so that can try
| to fix all the problems with their hammers, and not just the
| ones they see or get reported to them. They say this will be
| best for their customers and that's why customers should be on
| board with the change.
|
| No one would ever buy that hammer again, right?
|
| Regardless of the privacy implications of the company knowing
| everything about your usage of the hammer, the company is
| basically saying that their hammers break so much that many of
| their customers don't bother telling them and just go use
| someone's hammer. In other words, their product is bad and
| their customers don't value it enough to deal with it.
|
| Don't even get me started on paying monthly for that hammer ...
| unpopular42 wrote:
| > No one would ever buy that hammer again, right?
|
| I mean, you might not, but I don't see telemetry as such an
| evil. It does help make the product better. So "no one" is a
| bit too strong here, try "no one with my mindset" ;)
___________________________________________________________________
(page generated 2023-04-24 23:01 UTC)