Remove 1Password

1Password embeds tracking pixels in its newsletters.
You can subscribe to their newsletter through their website. The tracking pixel should be included in your subscription confirmation email.

This is annoying but as long as the newsletter is optional this seems irrelevant to the quality of 1Password as a password manager.

I agree, is not ideal but email tracking should be considered separately to the quality of the product itself. However, there may be a perception that all services recommended by Privacy Guides are 100% exempt of this type of little annoyances, so a mention may be worth adding.

And on the topic of tracking pixels, am I missing it or is there no mention on the knowledge base page about what they are, how to avoid them, etc?

While i do agree a mention is probably a good thing here. These things are telling how much a company is dedicated to privacy and whether they actually understand it.

We have good other options so in that sense I am also thinking why recommend a tool made by a company that appears to not understand what privacy and applicable laws mean.

Indeed, PG suggests many good alternatives.
Old-school will continue with KeePass forks. For me, I wanna use a cloud based alternative.
Tbh, I have never used the 1Password. Generally people say that the only superiority 1Password has over Bitwarden is its UI.
However, it’s not open source, more expensive and apply pixel tracking.

Besides, Proton Pass comes out of beta and they improve it over the time. Its integration with SimpleLogin is a very handy feature. However, it misses important features such as Desktop and web app.

Bitwarden has an API integration, but you need to provide an API key along with every extension or app installation. Sometimes the app logs me out, so I have to go to SimpleLogin and generate a new key and delete the previous one.

That said, in my view, just stick with Bitwarden if you are not comfortable with KeePass. Maybe in a near future, Proton Pass will also become a viable alternative.

Edit: typos

I would be very careful with this approach, I’ve seen at least one other post here on the forums where a perfectly valid product has been ruled out because of the company that designs it and not the actual benefits it provided to a particular set of users. As I understand it, perhaps incorrectly, Privacy Guides is supposed to make recommendations about tools based on their practical applications, not political or philosophical views.

Just for completeness: the case I’m talking about was regarding recommending Ubuntu to people who are simply looking to move away from Windows. From a privacy perspective, Ubuntu it not the best choice out there, but is still miles ahead of Windows, and is perfectly usable for a large group of people, including those who may be just curious about the privacy aspect or those who may not be as tech savvy. But because Canonical’s history it’s been categorically ruled out.

Now, from a privacy perspective I agree with the decision made by Privacy Guides of not endorsing Ubuntu officially. I’m not here to defend Ubuntu, Canonical or 1Password. I’m making the case that without making any compromises or thinking about the long term, we’re restricting ourselves to a very small audience. It’s important to remember that not every has the time to learn many of these tools or change habits, even if they really to.

I don’t think i agree with you.

Companies that do not understand how privacy work are more likely to to sell of your data ro do things in ways that is bad for your privacy lime sharing your data for marketing purposes. This is really something you have to be sharp on when assesing a vendor.
But i know that not everyone agrees on this we have seen that in multiple theads by now on various products.

It is a tough decision to make indeed. Once a company reaches a certain size it’s fragmented into departments that may not have the same needs and concerns. The technical teams are the more likely to receive feature requests and complains regarding security and privacy, where as other teams handling marketing or BI may never even hear about those concerns at all.

To me, it does seem unfair to claim that an entire company doesn’t care about privacy because of something that is strictly opt-in and that does not even pertain to the product in question.

On that last note, and to stay on topic, I would vote against removing 1Password, unless it’s replaced by a better option, because of the following requirements as per the PG recommendation page on password managers.

• All non-essential telemetry must be optional (minimum requirement).
• Telemetry should be opt-in (disabled by default) or not collected at all (best case scenario).

Bitwarden is way worse than 1password. It has all the signs of an evil company, even though they seem to have a good product (whose free venison I use, by the way). Only KeePass would remain.

Sanitize HTML in thunderbird

Poor comparison. I really fail to grasp claims against an open source and audited products with little evidence.

That’s how decisions are made in companies and organisations. Management establish a strategy and policy, and other departments must follow them. If they have a privacy conscious leaders, and their team don’t follow them, then that’s a management problem.

That’s why companies have policies that streamline all decision-making and practices. For instance, Human error is the root cause of data breaches. If you don’t devise necessary policies prevent them to make mistakes, then you will have a data breach because of that departments or people. You can apply this to privacy as well.
In sum, a company bears full responsibility for all the actions taken by its employees.

That’s very well put, and I fully agree with what you said.

In this particular case, however, I still think we should consider it as separate issues. There’s no correlation between the tracking on the newsletter and the product itself.

How so? I was under the impression that Bitwarden were doing pretty good overall.

The only thing i am reading in this comparison is that bitwardens legal team has set broader and more vague terms. Nothing really privacy related being more of an issue here from what I can tell from just these pages.

To which “claims with little evidence” are you referring?

Tosdr is not a reliable resource. For example, it says no grade for 1Password. How can you make a decision based on this data?

Lastpass seems more trustworthy than Bitwarden.

Another example: LastPass -- Terms of Service; Didn't Read

Yes. I use KeePassXC.

The idea of cloud based password manager is a little unsattling to me. They can be made private using self hosting.

But, I just keep my .kbdx file on my phone and laptop. In case one device fails there’s another.

My data stays with me.

Lol what?

Lastpass is a terrible company that has absolutely no idea how to manage information security.

The really fucked up incident management on every single level besides even their mistakes on implemention.

Please stop recommending this crap.

You misunderstood what I said. I don’t recommend Lastpass at all.
@Dkama referred to the tosdr for pointing out Bitwarden is very bad.

According to the tosdr,

So, it’s not a reliable source.

According to the tosdr, it would seem that Bitwarden is in fact better than LastPass. I think the downsides that it mentions for LastPass are much more severe compared to Bitwarden.

And regardless, comparing the T&C is just one way to compare these services, so I don’t think you are even supposed to choose your services only based on that since there are a lot of other points to consider as well.

Also, even though 1Password and LastPass don’t have a grade yet, it doesn’t mean that what has already been mentioned on the site wouldn’t be valid, and as we can see, it is quite clear that 1Password has better T&C compared to Bitwarden or LastPass, but still, that doesn’t necessarily mean that you have to choose 1Password because there is other stuff that we know that Bitwarden does better.