You clearly didn’t read what he said
Selfhosting doesn’t necessarily make a password manager meaningfully more private or secure.
Any decent password manager will use zero knowledge encryption. They cannot access your vault, which means by extension, any hacker or government that compromises the company or its servers also cannot access your vault.
Self Hosting doesn’t meaningfully improve on that as far as I can tell. It has its own pros/cons (you are responsible for security of your infrastructure, backups, etc, but at the same time it has the possible advantage of your home server being less of a target than a service providers servers, and you have more control which can be a good thing if you are competent, or a bad thing if you are not).
3 Likes
I’m not sure I really understand why 1Password is included in the first place. It seems to be UI-related.
One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password’s clients also have a more intuitive UI, which makes them easier to use and navigate.
But, Bitwarden is open source, and is not a worse option than 1Password. So why include this second, proprietary option?
Because 1Password has some advantages over Bitwarden as well. They each have their pros/cons. Being Open Source is not the only criteria that matters. (I say this as a happy Bitwarden user, and someone that does strongly prefer open-source)
4 Likes
Just because it’s not open source, it doesn’t mean it’s bad. Not that they say your private like google does.
The comparasion is not even fair. Tosdr doesn’t rate 1Password (even though Bitwarden has a poor rating) and fails to in the poor warning it gives.
I can give you a quick example.
In Bitwarden they mention this (and rightfully so):
This service gives your personal data to third parties involved in its operation.
In 1Password they don’t even mention that, but if you look into 1Password’s TOS, more specifically in point 5.5, you can see:
Notwithstanding the foregoing, 1Password may retain (i) Customer Data for a period of thirty (30) days in order to fulfill its obligations under Section 2.6, and (ii) any Customer Data strictly as required by applicable laws, regulations, court orders, subpoenas or other legal process for archival purposes.
I’m no expert on this, but isn’t this basically the same?
Also, while I think the idea of Tosdr is great, I don’t trust privacy-focused services which use Discord as their main channel. 
1 Like
I suggest that a warning be added to 1Password.
1Password includes tracking pixels in their newsletters.
In light of the discussion in #13921, it seems to me that instead of removing 1Password from PG entirely, it would be better to keep it listed and then add a warning.
We typically don’t add warnings for things outside of the apps we recommend (e.g. marketing pages, storefronts, newsletters, etc.).
We previously discussed this issue when we recommended the Google Pixel and linked to the Google Store, and we decided that adding a warning about privacy concerns when purchasing from Google was out of scope for the purposes of our recommendation.
In addition to all the other reasons we chose to recommend 1Password when it was originally discussed, 1Password is one of the very few password managers which allows you to save and sync Passkeys cross-platform, so if anything there’s more reason to use it in 2023 than there was when it was originally added.
I think the bigger issue is the fact that their clients are closed-source and they only have these payment options: Visa, Mastercard, American Express, Discover, Diners Club, UnionPay, and JCB.
No crypto, no cash, etc.
Why not? The website’s title is PrivacyGuides, and it’s supposed to cover privacy-related issues. Fingerprinting and tracking pixels are included in that category.
In this case, maybe you should consider changing the domain to PrivacyApps or PrivacyServices. 
1 Like
yeah I found this Forum are more focused on what sofware/services that would be appear on privacyguides.org since they have their own criteria, not for discuss something about privacy related.
time to delete my account.
1 Like
Tbh, I see some inconsistency in the app suggestions and the criteria’s. When we talk about an app which is not open source, the answer is this not open source Guides, but PrivacyGuides.
However, Standard notes was nearly delisted after they switched to a different licence while 1password can be happily listed as a proprietary app.
In the discussion about Fedora vs Ubuntu, one of the very reasons is the existence of snap. I hate snap being closed source and pushed by Ubuntu in this way, still it’s the best Linux distro for beginners.
We don’t expect users to deactivate cloud backup in 2FAS or manually update Librewolf, but we expect them to use Fedora which is even painful for an app like Signal.
One article popped up about Fdroid, then it was suggested to use either Google play or RSS. I accept the fact that fdroid has issues, still it’s a very good resource for obtaining apps. To my knowledge, there has been no issues to date.
Another example is the recommendation of Brave on android. Brave may be a good browser, but how they gonna make money after VC funding, I am really wondering. And it’s still solidifying Chromium’s monopoly as a private browser.
I am a happy user of Mull for a long time. But, Every time a gecko based browser was suggested on mobile, the argument of that it lacks per site isolation was presented as a divine law, but now, the criteria will be changed to include it.
What would happen if the number of users drop significantly, and the developers stopped with Mull and Brave pushed the bloatware too much? No alternative.
For skiff mail, @amilich and his team was questioned about the marketing emails and opt out/in, but tracking pixels are okey for 1Password.
I really support this project and team, but this kind of inconsistencies disturb me to much.
7 Likes
Your comment resumes perfectly this community. This is a mix of elitism and pseudo-intellectuals. A bit of: It’s our way or the highway.
You don’t need to spend too much time here to see how they behave and I’ve already flagged two or three shills here, that seem to me they reply to ever thread with answers that looks like they’re preaching religion to other people.
I think I’ll delete the account and move on. There’s nothing to see here!
The inconsistencies you mentioned have been discussed before but the TLDR is that PG wants to recommend the best available. Due to availability of different solutions being quite different the criteria are set per category. This to lift the bar higher and only recommend the best options. There is no point in recommending things that aren’t the best solution for the general reader.
Imho 1password should not be on the website. The other options are definitely more privacy preserving.
3 Likes
I completely agree.
2 Likes
That’s probably due to the origin of the website coming from privacytools but you are more than welcome to start any other thread on any privacy related topic. For this thread this is completely off topic but note that much if not all of the privacy in current day and age is depending on your digital footprint and the only way to do something about that is to divest and chose the right alternatives.
1 Like