Remove 1Password

You clearly didn’t read what he said

Selfhosting doesn’t necessarily make a password manager meaningfully more private or secure.

Any decent password manager will use zero knowledge encryption. They cannot access your vault, which means by extension, any hacker or government that compromises the company or its servers also cannot access your vault.

Self Hosting doesn’t meaningfully improve on that as far as I can tell. It has its own pros/cons (you are responsible for security of your infrastructure, backups, etc, but at the same time it has the possible advantage of your home server being less of a target than a service providers servers, and you have more control which can be a good thing if you are competent, or a bad thing if you are not).

3 Likes

I’m not sure I really understand why 1Password is included in the first place. It seems to be UI-related.

One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password’s clients also have a more intuitive UI, which makes them easier to use and navigate.

But, Bitwarden is open source, and is not a worse option than 1Password. So why include this second, proprietary option?

Because 1Password has some advantages over Bitwarden as well. They each have their pros/cons. Being Open Source is not the only criteria that matters. (I say this as a happy Bitwarden user, and someone that does strongly prefer open-source)

4 Likes

Just because it’s not open source, it doesn’t mean it’s bad. Not that they say your private like google does.

1 Like

The comparasion is not even fair. Tosdr doesn’t rate 1Password (even though Bitwarden has a poor rating) and fails to in the poor warning it gives.

I can give you a quick example.
In Bitwarden they mention this (and rightfully so):

This service gives your personal data to third parties involved in its operation.

In 1Password they don’t even mention that, but if you look into 1Password’s TOS, more specifically in point 5.5, you can see:

Notwithstanding the foregoing, 1Password may retain (i) Customer Data for a period of thirty (30) days in order to fulfill its obligations under Section 2.6, and (ii) any Customer Data strictly as required by applicable laws, regulations, court orders, subpoenas or other legal process for archival purposes.

I’m no expert on this, but isn’t this basically the same?

Also, while I think the idea of Tosdr is great, I don’t trust privacy-focused services which use Discord as their main channel. :roll_eyes:

1 Like

I suggest that a warning be added to 1Password.
1Password includes tracking pixels in their newsletters.
In light of the discussion in #13921, it seems to me that instead of removing 1Password from PG entirely, it would be better to keep it listed and then add a warning.

We typically don’t add warnings for things outside of the apps we recommend (e.g. marketing pages, storefronts, newsletters, etc.).

We previously discussed this issue when we recommended the Google Pixel and linked to the Google Store, and we decided that adding a warning about privacy concerns when purchasing from Google was out of scope for the purposes of our recommendation.

In addition to all the other reasons we chose to recommend 1Password when it was originally discussed, 1Password is one of the very few password managers which allows you to save and sync Passkeys cross-platform, so if anything there’s more reason to use it in 2023 than there was when it was originally added.

I think the bigger issue is the fact that their clients are closed-source and they only have these payment options: Visa, Mastercard, American Express, Discover, Diners Club, UnionPay, and JCB.

No crypto, no cash, etc.

Why not? The website’s title is PrivacyGuides, and it’s supposed to cover privacy-related issues. Fingerprinting and tracking pixels are included in that category.

In this case, maybe you should consider changing the domain to PrivacyApps or PrivacyServices. :man_shrugging:

2 Likes

yeah I found this Forum are more focused on what sofware/services that would be appear on privacyguides.org since they have their own criteria, not for discuss something about privacy related.

time to delete my account.

1 Like

Tbh, I see some inconsistency in the app suggestions and the criteria’s. When we talk about an app which is not open source, the answer is this not open source Guides, but PrivacyGuides.

However, Standard notes was nearly delisted after they switched to a different licence while 1password can be happily listed as a proprietary app.

In the discussion about Fedora vs Ubuntu, one of the very reasons is the existence of snap. I hate snap being closed source and pushed by Ubuntu in this way, still it’s the best Linux distro for beginners.

We don’t expect users to deactivate cloud backup in 2FAS or manually update Librewolf, but we expect them to use Fedora which is even painful for an app like Signal.

One article popped up about Fdroid, then it was suggested to use either Google play or RSS. I accept the fact that fdroid has issues, still it’s a very good resource for obtaining apps. To my knowledge, there has been no issues to date.

Another example is the recommendation of Brave on android. Brave may be a good browser, but how they gonna make money after VC funding, I am really wondering. And it’s still solidifying Chromium’s monopoly as a private browser.

I am a happy user of Mull for a long time. But, Every time a gecko based browser was suggested on mobile, the argument of that it lacks per site isolation was presented as a divine law, but now, the criteria will be changed to include it.

What would happen if the number of users drop significantly, and the developers stopped with Mull and Brave pushed the bloatware too much? No alternative.

For skiff mail, @amilich and his team was questioned about the marketing emails and opt out/in, but tracking pixels are okey for 1Password.

I really support this project and team, but this kind of inconsistencies disturb me to much.

8 Likes

Your comment resumes perfectly this community. This is a mix of elitism and pseudo-intellectuals. A bit of: It’s our way or the highway.

You don’t need to spend too much time here to see how they behave and I’ve already flagged two or three shills here, that seem to me they reply to ever thread with answers that looks like they’re preaching religion to other people.

I think I’ll delete the account and move on. There’s nothing to see here!

The inconsistencies you mentioned have been discussed before but the TLDR is that PG wants to recommend the best available. Due to availability of different solutions being quite different the criteria are set per category. This to lift the bar higher and only recommend the best options. There is no point in recommending things that aren’t the best solution for the general reader.

Imho 1password should not be on the website. The other options are definitely more privacy preserving.

4 Likes

I completely agree.

3 Likes

That’s probably due to the origin of the website coming from privacytools but you are more than welcome to start any other thread on any privacy related topic. For this thread this is completely off topic but note that much if not all of the privacy in current day and age is depending on your digital footprint and the only way to do something about that is to divest and chose the right alternatives.

1 Like

I think it’s time to reevaluate if this closed source password manager is needed anymore. Probably time to make open source a requirement for password managers. Especially since we’re spoiled for options now.

2 Likes

1password has a ton more features than Apple Passwords, not to mention that it’s only apple exclusive and can’t be used on other devices.

4 Likes

It’s not needed. A few powerusers that need or are used to some features that aren’t really used that much by regular people shouldn’t gatekeep this removal.

After all, PG is all about privacy, security, freedom, and digital rights? Not about recommending the most convenient and powerful tools.

1 Like

Meanwhile, I tend to agree.

I still believe that 1Password is the best password manager available, but when it comes to Privacy Guides, we should prioritize privacy aspects when recommending tools. There are various open-source options that provide similar functionality, albeit possibly with a less user-friendly experience.

Additionally, just because a certain service isn’t recommended by Privacy Guides doesn’t imply that it is privacy-invasive or subpar. It simply means it doesn’t meet the minimum standards set by Privacy Guides. Anyone is still free to establish their own criteria and select a password manager of their own choice.