How does including a proprietary tool = PG forgetting the benefits of FOSS?
Recommending good privacy tools should be the goal, regardless if they are FOSS or proprietary.
This is a made up stat and is meaningless. What is the argument here? More choice is bad?
I find it so baffling, especially with Password Managers and VPNs, users here are so excited to continuously attempt to limit the amount of recommendations for no other reason then “there are enough already” regardless of any other factors.
I think the goal of PG is to recommend the best tools for the job instead of every single acceptable option. It’s not just with password managers and VPNs, but with anything. There’s no good reason to recommend a proprietary password manager when there are three other cloud password managers that meet all the requirements and 1Password doesn’t provide anything not already covered by Bitwarden or Proton Pass. Even Gopass, a local password manager, at least caters to those who prefer to use the commandline. There is no reason to keep recommending it.
More choice is good, but so is having a criteria and supporting FOSS instead of proprietary garbage.
That’s never been the case nor is it anywhere close to being the case in any category on PG.
This may be true if there was a significant difference in quality but when there is not, both should be recommended and allow each user to make their own choice based on their threat model and circumstance instead of virtue signaling because a vocal minority is afraid to put a FOSS option alongside a proprietary one.
its pretty clear to me you would consider any proprietary tool as “garbage”. The reality is all this does is limit options, the criteria in place has already proven to keep low quality recommendations from even being seriously posted.
It seems from your recent posts, the real intent is to remove 1password and IVPN using criteria suggestions more then it is to promote beneficial criteria.
More like a vocal majority values FOSS and believes we shouldn’t recommend proprietary tools when it’s unnecessary.
I’ll believe that when open source becomes a hard requirement.
IVPN is better than most other providers and does everything right (they’re even working on RAM-only servers) except physically own servers. That should be a dealbreaker. Otherwise they’re one of the best VPN services alongside Mullvad.
More recommendations increases the chance of items being revoked. If PG lists it and the recommendation goes defunct, that would put PG as somewhat compliant in recommending it. So they are hesitant on that front.
The other is analysis paralysis. If I had 10 recommendations, all without distinct advantages, I’d be exhausted trying to determine what to use. For example there are tens of hundreds of Linux distros, all great for privacy, but the recommendations are distinct.
Recommendations must be the “best” at what they do, and offer distinct advantages to other recommendations. For example, Arch Linux vs SecureBlue is a strong argument, but recommending Arch and Manjaro vs (choose Arch derivative) leads to more questions.
These are recommendations not prescriptions. Use Manjaro, or whatever, but the recommendations serve as a default jumping off point, especially important for newcomers.
Hmmm, this statement needs a qualifying statement against what majority is. The majority of all people will think you meant to say floss, and then get confused because they use free services like Google cause they don’t need to pay for it.
Majority of users here and other privacy communities.
I agree. Even among the distros that aren’t recommended, Alpine (one of my favorite distros) stands out among minimalist distros for using Busybox, musl, and a non-systemd init. It’s great for software minimalists and servers but a bad option for anyone who doesn’t have advanced knowledge of Linux.
Can’t we all move forward with this already? Either require open source for all categories (except providers and hardware since doing so isn’t feasible), or don’t require open source anywhere.
I and others have said it before. It doesn’t make sense to recommend proprietary software when it isn’t necessary, and we already have several open source password managers that meet all the criteria.
PG should be recommending alternatives that are better for privacy. For password managers, this would mean alternatives to LastPass, NordPass, Dashlane, RoboForm, and 1Password.
I’m sorry but recommending something just because it’s open source is also not the way imo. Most people cannot read code and audit the product themselves. The only thing they can do is hope that someone else did and keeps doing it (when changes happen) and then also should compile the code themselves. I see this thrown around too many times and I start hearing non-technical people around me say “it’s safe because it’s open source”, which isn’t necessarily true.
If it becomes a requirement, I would also expect Jonah or someone else to audit the code. Otherwise it sounds like “Yeah it’s open source, it’s safe. We didn’t check but someone else in the world probably did and if it’s bad it would probably be known”. I would argue that 1password has a good reputation and imo works way better (and looks way better) than Bitwarden.
