Require Open Source for Password Managers

Alright, coming back to this. I still don’t really understand the motivation behind removing well-regarded products solely because of their source code licensing (or lack thereof).

Historically we have only removed recommendations when something happens that directly impacts people’s privacy negatively.

It seems like some people in this community don’t think open source has any relation to privacy, so by that logic we shouldn’t feel the need to delist 1Password.

Some (many?) other people in this community think that open source is related to privacy, but in a more indirect/idealistic way ← I am in this camp

In either case it still doesn’t make sense for either of these camps to delist 1Password for source availability reasons alone, I don’t think.

As far as I see it, the only reason we would want to add this criteria is if we collectively believe that software being open source is a requirement for privacy/security. I believe this is a minority viewpoint, and it’s a point that we have explicitly tried to downplay in our content, as we prefer to evaluate products based on our current best judgement of how they are as-is.

Therefore… I still continue to believe that we should not add this minimum criteria :slight_smile:

7 Likes