Ok but that is different then requiring open source for password managers. You have already created an exception in your criteria. This is the kind of slippery slope that should be avoided otherwise PG will be constantly reverting their criteria or having to make exceptions for that criteria. It is way cleaner to just “prefer open source” which PG already does.
You will notice that in categories that require open source there is no clause for having there be at least “one good” option for the criteria to apply. All it says is
Clients must be open source
I think people often overlook that some categories require more nuance. It would be helpful for everyone to recognize that comparing criteria from different categories is like making an apples-to-oranges comparison, which doesn’t provide a solid foundation for changing criteria. For instance, if notebooks have overly strict criteria, they might end up with no good options. Conversely, if PG had no password managers to recommend, it would lose all credibility.
Not having to memorize your passwords is the whole point of a password manager. Memorizing random 32+ character strings is harder and less convenient than manually checking to see if your site supports passkeys. You don’t even need to use 1Password for this.
It’s not Catalyst2422 Guides either, or Proprietary Guides.
The only slippery slope here was gradually removing the open source requirement for more and more categories and promoting proprietary software. First it was Safari, then 1Password, then Apple Mail, then Microsoft Office, then Apple Health.
But they do have several password managers to recommend: Bitwarden, Proton Pass, Psono, KeePass, and Gopass.
Your dodging the main point which is your not actually advocating for open source to be a hard requirement.
You are advocating for open source to be a requirement assuming there are good options. That’s a different criteria. We can go back and forth about the chances of that difference being meaningful but, it doesn’t matter. That is a different criteria and a different discussion.
Personally, I feel any criteria that leaves a non zero chance of having no recommendations in a critical category is a bad criteria. Since you are not willing to say you support the criteria even in the event it leads to 0 recommendations, I have to assume you agree.
It’s best to just stop feeding the troll. Either he’ll find a way to make peace with PrivacyGuides not being his personal fiefdom that bends to his personal demands or he’ll move on to another community. Either way it’s not worth any more engagement.
I get where your coming from but, I don’t want to go so far as to label @anon11657877 a troll, although I think some of their arguments have not been in good faith. That’s not say that I believe for a second that I will ever convince them of my point.
That’s ok…
I enjoy the discussion as a thought exercise anyway and, I hope others who read it but, don’t comment, get something out of it too.
Although, I may give it a break for a bit. If its just me and @anon11657877 its probably better suited for a PM.
I’m glad we agree. Memorising a long string is tricky. Like a credit card number for instance. Up to 19 digits. Plus 4 more for the date. Plus up to 4 for the CVV. Wouldn’t it be a good idea to keep that in a password manager too? Or is it better to carry it printed in plaintext on a piece of plastic in our pockets?
If there are no recommendations then it probably doesn’t need any.
Open source should be a hard requirement for any software because there are always open source alternatives to software. It’s just service providers like search engines and hardware where it isn’t feasible to require it.
It’s already in plaintext on a piece of plastic anyways. Passwords aren’t.
Or Securityguides.
Not yet. We’re only 20 replies away from this being the most replied topic on this forum. And not without this being marked as either approved or rejected.
So it’s ok to carry it with you in plaintext, but not store it in a password manager?
You seem to be more of a fan of security (and privacy) theatre than anything else. You also seem to like to only respond to the points others make that you think you have an argument against. Whilst conveniently ignoring the rest.
A proprietary password manager that is sitting on 1 billion dollars of VC funding is cockblocking a criteria change because it has a few nice-to-have features that FOSS competitors don’t YET have, absolute cinema.
Might as well remove the requirement sitewide, I have a lot of proprietary tools to suggest that are leagues better than the competition in terms of features and UX and the gap is a lot bigger than between 1Password and FOSS password managers, who cares about software freedom anyway.
FOSS is a strategy for businesses in this domain. There is value proposition in open sourcing the code outside of consumer trust - to eat away at Bitwardens addressable market and bring users to use their system instead. It’s not out of the question, but that playbook likely won’t happen until FOSS cloud based alternatives actually compete on all of their features to where they need to consider such a move.
My point being both were VC funded. If the goalpost is now moved that some VC funding is OK, then I’m not qualified to make the call at how much money for what evaluation is a green light to not worry about it.
Since cloud-based and local storage password managers have separate criteria, we should at least add open source as a minimum requirement for local storage password managers since all of those recommendations are currently FOSS.
PG should also have this warning above 1Password if everyone insists on keeping it.
Warning: 1Password is closed source, meaning the source code is not freely available for anyone to audit. While we recommend against using closed source password managers…
Someone else can finish that warning. I know PG already mentions 1Password being proprietary, but it should be made more obvious.
