Accessibility and ease of use doesn’t make it more private it just means more people will want to use it so I don’t think it should be a criteria for which password managers offer the best privacy.
The general criteria for Privacy Guides include usability and accessibility. That’s part of what makes this website and community such a great - and approachable - resource for everyday people navigating their personal threat models and priorities.
If you want recommendations based solely on what is the most private then PrivacyGuides is not the place for you.
Copy and pasting is worse than autofill. If you make a typo in a URL or fall for a phishing link autofill not working gives you a heads up that something might be wrong.
If either Bitwarden and Proton Pass are accessible and usable for 99.9% of people, which they probably are, then there’s no room for 1Password and other proprietary password managers.
Also most of you may have seen this by now but if not I recently made a poll about this although it won’t affect this. Seems not a lot of people here actually use 1Password.
More about audits not being a replacement for open source. This is especially true for software as a service like 1Password which is more difficult to analyze.
Why don’t you say the same thing to your friend @anonymous378 , who started the hostilities by resorting to ad hominem and strawman argument - even digging up other posts they wrote on other topics?
If we truly share the same goal here, maybe start by holding everyone to the same standard.
Ah yes, the classic “mock the repetition” routine — because it’s so much easier to sneer at how something is said than to actually address why so many different people keep saying it. Maybe instead of copy-pasting posts to ridicule them, you could try engaging with the substance? The fact that this “cycle” keeps repeating should probably tell you something… and it’s probably not that everyone else is wrong.
You say privacy and security are a basic human right. I completely agree — which is why I don’t see the point in steering non-technical users toward a paid, closed solution when there are open, well-audited ones that are easier to get started with and don’t lock you in.
For someone like the “grandma” in your example, the priority is removing as many hurdles as possible. Free access, simple browser autofill, and the ability to move your data if needed are what make the difference. Some tools already tick those boxes without putting a subscription paywall or company cloud in the middle. That’s what actually makes security accessible.
Maybe read the thread first? There was a whole back and forth before that comment. I was not ridiculing anyone, granted it was a tad snarky but @anon11657877 can hold their own. I was pointing out a fact, our conversation had devolved into rehashing the same talking points that had been discussed thoroughly 8 months ago, which brings nothing new to the thread.
If a user is so embarrassed by their post history that quoting them is an insult. Then maybe the user should take more time to think about what they type…or you know, delete their comment. Also, if you had taken the time to read carefully, you would notice all the quotes are from this thread not “other topics”.
Its amazing someone could support the ideals of open source transparency but, see quoting someone as an insult.
Off Topic
@IksNorTen You do not need to make three comments, you can edit one comment to include all your thoughts. You can also separate those with lines using ---
If I understand your long posts correctly, you keep insisting nonsense until PG removes 1Password because they are your lifelong nemesis. Right? You keep saying every app must be FOSS or they shouldn’t exist at all. Every user must be technically adept or they are too stupid for your elitist ideas of privacy.
And until PG team removes 1Password you will keep opening new threads and polls and keep continuing this, whatever you think this is.
I’m not a staff member. I have different opinions on when lines are crossed enough to call out. My line isn’t drawn at poor arguments, but when users are consistently using inflammatory language. We all get heated sometimes and it’s good to be checked on it to reflect. I have no ill will or intent to hurt his character. My intent is to de-escalate, even if candid, and to remind anyone, not just the person I’m replying to, to be act in good faith.
To put it simply:
“Be excellent to each other.” – Bill S. Preston, Esq.
No, they don’t. Quoting Jonah does not make it a fact, given that Jonah is not a relevant security researcher who can fall back to appeal to authority. Audits show exactly what they themselves say on the label: A team of supposedly competent people have looked at some code given by a company (often running on a demo server) under a given deadline. The soft undercurrent of “The one you are reviewing is also your financier” also does lead to mellow reports and recommendations.
And this does not happen at 1Password. You can look at their audit reports.
Auditors are not constant. This is just ignorance or intentionally misleading.
You did exactly that.
Source? How do you know? Are all audits public? Is there no social audit by frequent users? Are you aware of if governments that use KeePass (there are a lot) have employed secret audits? This just keeps on getting worse.
This is orthogonal and unrelated to our discussion. The blind trust comment was related to audits not 1Password.
I don’t care about macos, I don’t care about 1Password, I don’t care about open source requirements. I just want people to stop insinuating audits prove A is better than B at anything.
I also cannot comprehend why this debate is so long. If 1Password is indeed necessary for serving common minimum user (which I don’t believe), then why should open source become a hurdle in recommending good software. Open source in all tools does not make sense unless it is ceteris paribus when it comes to UX. This is privacy guides not foss guides.
More specifically for 1Password, there is also cognitive dissonance in the guides team. If the idea is to recommend tool for general users, then recommending existing foss tools that provide decent experience should not be an issue:
User is already being pushed to use a new tool (password manager) and thus has a chance to learn new UX, so no constraint on sticking with “better” UI, seeing as the user has no initial “bad” UI to compare it to.
The general user has no need for tools like ssh login or complex setups, and thus basic tools that lack specific niche features are fine.
1Password isn’t the problem. Proprietary software is.
Correction: every app that isn’t FOSS shouldn’t be recommended on PG.
If Bitwarden and Proton Pass are capable of serving normies, then why should proprietary software be recommended especially if it’s for something as security-sensitive as passwords?
This is not FOSSGuides, it’s PrivacyGuides. The policy of PrivacyGuides is “open source is preferred” while also balancing considerations of privacy, security, availability, and usability, among other factors.
A community that truly only allowed FOSS software wouldn’t even host recommendations for Windows, Mac, and iOS, and would thus be a far less useful resource for helping most people make more private choices. A few versions of that community already exist out there, and you’re free to join them. But we’re all here on PrivacyGuides for its unique strengths. Personally, I prize this community’s accessibility and overall balanced approach.
Saying ‘I will keep opening threads and arguing with others until this community changes its values to reflect my preference’ is asinine and isn’t winning anyone over to your cause.
Bitwarden and Proton Pass are not good enough. They are still ages behind 1Password and Proton Pass is still looks like beta app with outrageous pricing. And yet you keep attacking 1Password nearly on your every post.
PG is privacy oriented forum but it is not FOSS only forum.
This is the correct mindset. I’ll advocate FOSS till the day I die, but we live in a reality that isn’t that binary. I choose Bitwarden because it is FOSS. But that doesn’t mean I won’t recommend 1Password to those would benefit from the UX it offers over Bitwarden and Proton Pass. The moment Bitwarden and/or Proton Pass features some UX feature parity, then 1Password has lost the battle and should be kicked.
We shouldn’t be debating what is or isn’t FOSS, we should be debating what are the key improvements we want to see in Bitwarden / Proton Pass to leave 1Pass in the dust. This provides a clear and actionable step to raise the bar, and those who pay for Bitwarden / Proton Pass can help push for that.
The point is open source should be required in all categories unless allowing proprietary software is necessary due to lack of FOSS alternatives. There are some categories where it isn’t feasible to require FOSS and a proprietary solution is necessary. Password managers is not one of them.
Firefox and Brave are not good enough. They are still ages behind Chrome.
GrapheneOS is not good enough. It is still ages behind iOS and Stock Android.
Signal and SimpleX are not good enough. They are still ages behind WhatsApp.
Aegis and Ente Auth are not good enough. They are still ages behind Authy.
Mullvad and ProtonVPN are not good enough. They are still ages behind NordVPN.
We get it. You love proprietary software.
There is nothing beneficial about a bloated Electron UX.
I think the main problem a lot of people have with this proposal is that all of the examples you’ve named are demonstrable privacy-offenders, but the problems with 1Password are theoretical.
but