Jonah said criteria will be changed to ensure “X password manager” doesn’t reach recommendations
I say lets take Nordpass, implying if that is on the level of tools for which the criteria can be changed
This is followed by me asking if the current situation is this: The criteria will remain unchanged unless a tool you don’t wish to approve reaches it
Then I elaborate on why I think this is a bad way to look at it
It is nowhere close to the tired argument you think it is, since it is not about adding every tool or adding nordpass, but pointing out the problem with initial statement. Hopefully this helped
Anyway, I have already left this effort. PG doesn’t feel its a significant difference, and currently no polls floated by the team so far, so I am assuming this issue is shelved till someone from the main team bats for it.
Must have thoroughly documented encryption and security practices.
Must have a published audit from a reputable, independent third party.
All non-essential telemetry must be optional.
Must not collect more PII than is necessary for billing purposes.
Best-Case criteria:
Telemetry should be opt-in or not collected at all: +2
Should be open source and reasonably self-hostable: +2
Some people argued that open-source should not solely be the criteria into determining if a an option is recommended or not. I believe nobody’s saying that. Open-source, though is clearly a plus for the only reason that it brings trust to that option. It is clearly a plus, but not the only criteria.
Based on that logic, if there are already 3-4 password managers that are on par with 1password feature wise, audit, wise, usability wise, security wise, etc. BUT onepassword is the only one not open-source, then IMO it should be removed.
I’m not arguing this is the case though.
Edit: I’m not suggesting a point system be in place. This was just for the sake of demonstration.
I guess the answer is yes. The criteria would remain unchanged unless one of the following is true:
The community wants to add something that is clearly so much worse than our recommendations (like Nordpass) that increasing the criteria is necessary to avoid confusion about why Nordpass isn’t recommended.
One of the recommendations falls so far behind the others that it no longer makes sense to list.
The community wants to add something that is so much radically better than our existing recommendations that it necessitates delisting the existing tools.
None of these 3 three things really apply.
And again, the argument that you and @fria are making is that situation #2does apply, and I’m countering this argument by saying that source code licensing doesn’t create enough of a quality “delta” between 1Password and the others to say that “it has fallen behind.”
I encourage everybody that hasn’t done it yet to VOTE here on whether to require Source-First, Open-Source or keep allowing proprietary password manager.
So far, it’s a tie between source-first/open-source and proprietary
Then why do you have this criteria in other categories at all? Password management is as mission critical as it possibly gets and therefore it should have the strictest criteria, specially when it comes to anything “cloud-based” and/or that has to connect to the internet.
If that’s the concern, then how about still mentioning it, but separating it from the other recommendations like what you do with e-mail providers? I understand the reason for Tuta being the “3rd option” is different, but I believe such a division would be warranted if you believe that FOSS is an improvement.
This is what I think a lot of users find strange. Obsidian could in many ways be considered the ‘1Password’ of digital notebooks, yet it is not recommended due to being closed-source despite being able to be used fully offline (with lower stakes in general), unlike 1Password.
Am I the only one who sees an obvious issue with other voters knowing what the entire PG team voted for? It might just be me.
Another issue is that some voters love 1Password’s UI and UX and are clearly biased against requiring open-source because their favorite password manager will get removed, but I disgress.
I am unaware of source-available password manager. I think this is unlikely. Source-available will be something you can’t even build yourself (I think?).
So if you are OK with it, please vote for source-first .
As Proton Pass catches up with 1 Password, things might change, so that’s a silver of hope.
Just because something doesn’t exist now doesn’t mean it won’t in the future. I find minimal privacy advantages in source-first or open-source compared to source-available, other than the increased chance that more people have reviewed the code. That is my personal opinion.
Ultimately, my vote supports changing the current criteria, but I have a different opinion on how extensive those changes should be.
Regardless, I don’t believe this poll will have a major impact on the outcome of our discussion, even though I had hoped it would. The staff seems stuck in their decision, despite what most of their community is expressing.
Clearly shows the community consensus, hopefully PG team doesn’t hide behind community consensus as the reason. It is very clear the consensus is towards changing the criteria.
Privacy Guides gets like 8,000 unique visitors every day, and this forum has over 3,000 members. One poll which has 34 votes and is split between 41% / 49% is unfortunately not the clear consensus you are imagining. On the contrary it proves that we can’t proceed too quickly here.
If only it were that easy!
Much like Wikipedia, Privacy Guides is not a democracy, rather we make our decisions based on discussion and consensus. A poll is not a discussion, and this one frankly has hindered this discussion a bit as we are now all talking about the poll itself rather than the merits and drawbacks of this proposal. The polarization here as a result of the poll has really only slowed down the possibility of us making this change.
Do not worry, because we are considering the opinions shared here in this thread, in that poll, and across the wider community as we carefully chart out the best course of action here
Visitors are not community, and PG is not anywhere close to Wikipedia’s governance and consensus structure. Discussions are necessary and integral I agree, but I was merely pointing out the consensus is not so clear as your previous statement led me to believe. I agree PG would be terrible with democracy, and curation and reasoned recommendations are the reason why I choose to invest my time here too.
I understand the responsibility and difficulty of managing something others find useful, but I do think the current slow pace and reactionary rather than proactive change does not lend well to what PG should aspire to be. The poll is just a push for faster changes when they are easy to make, but maybe we disagree that it is an easy change to make. Anyway, hopefully PG moves slightly faster here
.