1Password to Add Telemetry(blog.1password.com) |
1Password to Add Telemetry(blog.1password.com) |
Podcast: https://open.spotify.com/episode/6RZm7V8IcvuMuaCmVBE4EG?si=v...
> We use data for analytics and measurement to understand how our the Site and Bitwarden Service are used. For example, we analyze data about your visits to our Site to do things like optimize product design. We use a variety of tools to do this, including Google Analytics. When you visit the Site using Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.
-Ben, 1Password
Sure they do, and a lot. But they don't talk about with with the companies doing it. What would be the point?
-Ben, 1Password
Is there another user-friendly, powerful password manager out there that I can recommend instead?
They took an amazing product that worked better than every competitor and was easy to use then ruined it with the absolute dumbest product decisions I've ever seen.
They gave Apple the green light to put them out of business and I'll be switching as soon as that feature is available.
Their product decisions were almost as bad as Sonos, almost.
'Climate change' in 'cloud' world.
Thank you for the comments on this important topic. 1Password's mission is to help people safeguard their most important information and to do that, we have always taken a human-centric approach to security. In order to deliver the exceptional product experience our users expect from us, we need to better understand how they use 1Password.
And while our goal is to deliver better 1Password products, we won’t require our community to help us if they don't want to. We're fully committed to transparency and will provide updates coming out of our research and development period. When we are ready for a wider rollout of this functionality, we will provide clear, in-app messaging, and you’ll be able to control whether or not telemetry is active on your account.
In the meantime, thank you for sharing your feedback – these discussions are always valuable to us, and we appreciate your constructive candor.
-Ben, 1Password
This functionality will have a prominent in-app message that will ask Individual and Family account users to choose whether they prefer to keep telemetry on or off their account. Nothing gets collected until they’ve made this choice, and users will be able to change their preferences whenever they would like.
-Ben, 1Password
I also don’t like the idea of locking password management into a specific browser because I switch browsers more often (last time 5 years ago) than password managers (last time 15 years ago).
I don’t have an issue with passwords, even important ones, being synced with the cloud. As long as the crypto happens locally, and as long as I’m forced to trust the app developers anyway, what difference does cloud vs. local storage even make, security-wise?
Supporting it on Windows could be another nail.
> And, of course, once this functionality rolls out to customers, you’ll be able to control whether or not telemetry is active on your account.
("account" sounds like you can turn it off family-wide or even organization-wide)
[ Reposted my comment from duplicate post: https://news.ycombinator.com/item?id=35685170 ]
It bothers me quite a bit to read that we’ve normalized telemetry as much as we have. If you’d asked more or less any random hacker 10 years ago if any of this was remotely OK they’d all be slack-jawed to learn what has happened.
Where did all the privacy conscious hackers go? Did they all get replaced when JavaScript and Electron became the norm?
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
As development has continued, the 1P app seems to have gained in bugs. I've tried reporting these - I like 1P and the 1P team seems to care about delivering a quality product - but using their forums is very frictionful and I've often given up on reporting bugs because it's not worth the faff. Telemetry holds the promise that they can fix the bugs without me needing to manually report.
Do 1Password do security/privacy audits the way Mullvad do? That's a pretty decent way of building goodwill over time when it comes to decisions like this. It's probably a fine decision, but they should probably have gone to greater lengths to write this blog post in more exhaustive detail.
-Ben, 1Password
> we’ll be able to gather only a small set of general events and interactions within our apps. Things like when you unlock the app, when you create a new item (but not its contents!), or when you use autofill (but not what sites you use it on!).
The experience with 1Password 7 isn't all that great right now anyway, so I'm not losing much really. The syncing is super useful, but there is a solution to that too.
It's been a good ride. Now it's good riddance.
> At that point, we’ll also provide guidance on how you can opt out if you’d like to.
Better than nothing. But they're moving away from being the #1 choice and a great product step-by-step...
I'm not a 1Password user (and won't become one), but if I were, I wouldn't necessarily be in a huge rush to stop as a result of this.
I have low confidence they will listen, but might as well try.
Well, at least there is opt out. Probably, will be on account-by-account basis, not family/organization-wide.
How are people accessing items? App, quick access menu, extension, browser bookmark?
How are people changing passwords? In the app, using the password generator or not, in the extension with the password generator, in the browser using the injected UI?
The thing about 1Password is that it seems like it's simple, but under it all there's usually multiple ways to do the same thing. Using some telemetry they could easily see that only 2% of users are using this one particular feature, and cut it if it's not getting used. Or this fantastically useful feature is only getting 20% of users using it, maybe they need to introduce it to users in a better way. Etc.
At the end of the day, having this kind of data can make for better decisions. I'm not a fan of telemetry though. I'm honestly surprised the security team at 1Password agreed to this one as well.
It can also make for worse decisions.
2% of millions of users is still tens of thousands of people. Maybe that feature is terribly useful but only a handful know about it. Cutting it would be a mistake; it should be made more prominent.
Maybe the 20% feature is annoying and that’s why 80% of people actively avoid it. Giving it more prominence would be a mistake; it should be cut.
No amount of telemetry will tell you users are deeply unhappy with the move to an Electron app and the removal of local vaults. You only know that from direct feedback and speaking to them.
Does the choice for "Track My Activity" look like a "Continue" or "Next" button? Respectfully, it sounds like you're trying really hard to not actually say it's going to be opt-out.
Here is a draft of what we're considering: https://bucket.agilebits.com/ben/telemetry-consent-draft.png
Does that help clarify what the experience will be?
https://bucket.agilebits.com/ben/telemetry-consent-draft.png
1Password: I really wish we knew what users wanted.
Users: Please don't move to Electron, I don't want Chrome bugs in my password manager.
1Password: I'm just baffled. We never hear from users.
Users: Please, for the love of God, give us control over our vaults. Don't go cloud-only, we're begging you!
1Password: Better turn on telemetry. It's the only way to solve this mystery for the ages.
And particularly with standalone perpetual licences, which I'm still clinging on to. Sync via DropBox, share a vault with family, and another one with my small team at work. It's perfect, for me. But it just doesn't work for 1Password, financially. No amount of getting upset or whiny will change that. Time to get over it.
That is clearly not true. 1Password was around for over fifteen years and was profitable well before their Series A-C that set unrealistic growth targets. The financials were sound, which is why a non-startup was able to get that kind of financing at that kind of valuation to begin with.
Unsure about a reasonable alternative.
I've finally given in, after years of being a licenseholder of 1Password 6 and 7 (and maybe 5?) ... and I'm mixed. Definitely plenty of migration pains, you have to set aside time in your life to make this change. Most of us just want our stuff to keep working the way it worked yesterday, and not have yet another chore in our lives.
Does anyone know if it will be possible to continue using 1Password past July 1 without a subscription?
1Password: Yeah, but we're bored. So, we'll release an abomination as 1Password 8 and then spend years trying to figure out why people hate it.
Worse than that. They had completely dysfunctional internal processes that they decided to solve by going people shiny toys to play with (Rust and Electron): https://blog.1password.com/1password-8-the-story-so-far/
That said this whole telemetry push comes on the heels of their $600M VC round a year ago which wasn't designed for a linear growth business that just "keeps on keepin on" with the good times. So I'm a little skeptical that the company is philosophically/financially aligned with its consumer users.
Of course it isn't. The search alone is unusable. Instead of fixing it someone on the team sneaked in a second search that almost behaves like the old one
I liked 1Password when it was an amazing Mac-only app. Now it's just another Electron app I can throw away and discard for different Electron app, there's nothing special about it.
The problem is that I don't see any particular alternative. I don't like Bitwarden's security (password is provided to the server to partially unlock so a malware server or MITM could get the password) and LastPass has known issues.
EDIT: And standalone apps are neat and cool, but doesn't let me share the Netflix password with my family.
That is completely false.
"The Master Password is cleared from memory after usage and never transmitted over the Internet to Bitwarden servers, therefore there is no way to recover the password in the event that you forget it."[0]
[0]: https://bitwarden.com/help/bitwarden-security-white-paper/
No, it’s not? I can unlock my offline vault with no internet access at all.
What is this you say?
1Password: We /have/ to move to Electron because we don't have any money.
Also 1Password: oh hey by the way we got $920,000,000 from VC...
> But there are millions of people using 1Password now, often in cool and innovative ways! If we’re going to keep improving 1Password, we can no longer rely on our own usage and your direct feedback alone.
I wish I were in the room when these arguments were being made. I would like to see the data that led them to this conclusion. I used to work at 1P, I was a happy user before I started working there and I continue to be a happy user. But I can remember so many conversations about telemetry and how we’d never use it…
Great products get built by someone with a vision to create them, mediocre products gets created by product managers justifying their positions with data they've gleaned by spying on users.
(So many times error reporting, etc. have accidentally leaked highly sensitive data, which was then the source of a major compromise, in other systems. Maybe 1Password won't get it wrong, maybe 1Password will never be subject to any pressure to get it wrong...)
Add the recent announcements that the company will no longer support their last stable version -- 7 -- and move to using telemetry -- I'm out.
I've jumped to Bitwarden; open source, cheap, and competitive features. It was a no-brainer.
1. Export 1P passwords to a 1pux file
2. Import file into Bitwarden
3. Done.Pity they can't gather telemetry on something that they have removed.
I did actually consider trying to PR a change to one of the open source keyboards in F-Droid but ... TBH, the new 1P feels less and less like team players so until they start to open up some of their own stuff, I shouldn't throw good glucose after bad
Their UI has changed a lot in recent years, maybe this will enable them to make more informed design decisions so that one day grandparents stop getting lost in their horrible menus.
I loathe having to migrate out of 1P 7, but there really is no choice now.
The transition was very smooth, and I have no regrets! Plus, now I'm supporting an open source product, which is a nice bonus.
I was hoping to use 1P 7 for as long as I can, but with the Chrome extension dying it's going to become unusable. What have you found as an alternative?
Trusting Dropbox for sync (which I did) meant trusting a cloud service, too, but IMO it is a less lucrative target for hacks than a server that stores _nothing but_ credentials. Also, using DB made me less dependent on connectivity (LAN sync) and would let me switch providers quite easily.
Just for 7?
Mac/Apple only customers have this strong inclination for some kind of Stockholm syndrome when it comes to software and devs going shitty and hostile. I find this weird kind of loyalty added to software as well that somehow starts as Mac only and that loyalty stays even after they go crap. Often blown out of proportion.
I mean I always wonder what is the reason that these people don’t even want to acknowledge BitWarden.
For decades, Mac users didn't have the same software choices that Windows users had, and a lot of what was available were shitty ports. When a company released high-quality Mac software, it was noticed and appreciated by Mac users.
Obviously that situation has changed in a post-iPhone world, but the culture of appreciating when someone made a really great Mac-native app is still there for a lot of people.
It's exactly the opposite of what you wrote. Mac users abhor the software that turns shitty. However, as on all modern platforms, there's no choice: all software is turning shitty.
What is not ok is opt-out telemetry for personalisation for advertising, or over-reaching personal data collection, in 1Password's case data from your vault.
There is however a grey area in the middle – data about the performance of product upsells. This is a tricky one, because arguably if I do upgrade (say, to 1Password Family/Teams), I've probably done so because it made sense for me, and I'm probably happier with the product... but I might not have done so without that information on how I or others use the product that helped optimise that flow. When done well I don't have a problem with this, but I hope 1Password are careful about the culture of upsells that this data could create.
Product quality, especially with 1Password8 has deteriorated significantly. A big bag refactor to electron with no telemetry is probably the root cause. Not necessarily poor strategy, but certainly poor execution.
Telemetry is actually a good thing for 1Password users who see product quality decreasing bc it gives the PMs there some information to go off. The product surface area is huge now, and it's natural to lose sight of the most important stuff.
If I was in charge, what would I do?
1. Introduce telemetry and get data into hands of PMs + Designers
2. Pause all new feature development until table stakes features are working flawlessly: 1Password opens under 200ms for most users; auto fill in Chrome + Firefox actually F*king works like it used to before v8.
3. Trim down product surface area by killing features. E.g. decide is the default UX for auto-fill based on interacting with a button inside form inputs OR simply hitting the keyboard shortcut to autofill? Kill the other bc the interaction between these choices is painful.
I'll give them a year to figure this out. In the meantime, a Copilot / ChaptGPT enabled bootstrap founder will come along and build out a trimmed down version with just the basics and start eating their lunch.
1Password, don’t do it!
Rely on other means to collect usability feedback like surveys, internal usability testing and developer tooling for build-time usability testing. Your app is simple enough that you absolutely, categorically do not need to subject your users to mass surveillance.
I am currently paying for a 1P family subscription and I will be moving to another provider or self-host a free/OSS password manager should your telemetry plans eventuate.
If I have to fight with a product to block telemetry, I’m not going to have it be one I’m paying them for like this, and I’ll take every company I can with me.
Right now, the only thing I am missing is something that will sync with a KeePass vault and push TOTP tokens to my Apple Watch (as well as a couple of rarely used credit cards whose PIN codes I would like to have always available for emergencies).
Other than that, if you’re not an enterprise customer I think OS or browser-based password managers (which now sync across machines and platforms and even have the ability to do TOTP, at least on the Mac) are finally good enough for end users.
If you need to store software licenses, recovery codes, etc., KeePass XC is excellent for that as well, and available everywhere (and no, sorry, I don’t want to use Bitwarden because I don’t want to run a dedicated sync service for myself, or use anyone else’s).
“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” - Upton Sinclair
You can ask the users. You can apply some common sense (which 1Password team increasingly doesn't). They can look at the support forums listing the many issues (especially with UX) which are condescendingly dismissed. Etc.
Explain to me how my admittedly naive solution fails to deliver for all consenting parties.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
- Purchase a stand-alone license, getting well-performing and feature-complete native clients with several options for vault sync that are under my control.
- Upgrade to 1Password 8, a version that sounds great, but has quietly removed local sync unless you checked forum and blog posts before buying.
- Watch the clients go from being native to Electron and losing many, many features. Get forced into using the web app for simple things like seeing history.
- Watch browser integrations get progressively worse (check out the reviews on the Firefox extension, oh boy)
- Even if you've been using 1password 7 (the version you paid a good chunk of change on for, in 1Password's own words, a life-time license), you won't be able to use it with browsers at all soon https://support.1password.com/kb/202303/.
- Get popups and unwanted opt-out integration with social media logins, when I've gone out of my way to purge garbage like "login with google" from my internet experience.
- Get unwanted opt-out telemetry forced on you, which regardless of their assurance will eventually leak PII like it always does. People make mistakes, c'est la vie. I would have no issue with opt-in telemetry.
I think this is it for me. Forced telemetry is a small thing, but it's just one of many poor decisions. I'm sure it's a smart business decision and their investors will be happy finding more and more ways to extract value out of users. I just want a simple password manager, so after a decade this is it for my family and myself.
It's just too much risk exposure for me. Why on God's green earth would anyone trust some random assholes with something as important as passwords? I just don't get it.
They're gonna screw you over. And they're gonna continue screwing you over because you continue to be their customer. Just recognise that and move on.
You’re going to have to trust the app’s code no matter what. As long as encryption and decryption happens locally, how does a hosted password manager make a difference to local storage?
This is almost comical. Whenever I report issues, it takes them months to fix them. And sometimes those weren‘t some small edge case problems. One was that non US keyboard users were unable to use special characters in their shortcuts. If they don‘t have the time and resources to fix such problems in a reasonable time frame, what do they think they‘ll gain out of telemetry data? Do they need verification that people use shortcuts before allocating resources?
It's a password manager, what's "cool" about it?
1Pwd always rubbed me the wrong way in the way they "take themselves too seriously" and overrate their importance
It's a password manager. They wouldn't even sync to cloud at first iirc, no?
The more boring the better
For Dropbox it took way longer to get to that point than anyone expected, but Microsoft, Apple, and Google have all copied the Dropbox feature. 1Password is headed in the same direction and Apple is leading the pack in making it redundant. If the password section of Settings in macOS gets a separate app and a way to share passwords, 1P will end up in the same tough spot as Dropbox.
...which is why this decision is extra infuriating.
I’ve tried to get bitwarden in the enterprise but my boss is old school and has denied the request 4 years running.
Even after they added oauth and account switching to switch between personal and ent vaults.
As a business, if you don't realize situations like this, you both leave money on the table, and also risk users leaving for another product, which offers the missing functionality explicitly.
When prioritizing what we needed in order to launch 1Password 8 we did not prioritize an Apple Watch app. We rarely heard from customers about Apple Watch, and so the assumption was that very few people were using it. When we launched without it, it quickly became apparent that was a poor assumption. People came out of the woodwork to ask where our Apple Watch app went. If we'd had telemetry, we could've known that lots of people were using the Watch app, and just didn't have a reason to write to us about it.
-Ben, 1Password
It’s still not too late to reverse that decision.
Incidentally, how would telemetry tell you that people miss a removed feature if said telemetry was not in place before removal?
This is absolutely no justification for telemetry.
The field of UX wasn’t born the moment someone wrote the first telemetry library.
If anything, people seem to have much more difficulty understanding user pain points right now.
This is why companies like Microsoft cram it down our throats.
Telemetry has been the default for networked applications since longer than I've been alive. Think of a terminal connecting to a mainframe, how much telemetry it has access to, all of it, of course.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
> This data will be gathered from a randomized selection of accounts, de-identified, and processed in aggregate
One day, the company that makes this hammer says that they will be updating it to automatically tell the company a bunch of information about the hammer's use -- when it's used, where it's used, what the environment is like around the hammer, how many times it's used, what it's used for. They assure you that they don't care about who is using the hammer, but obviously it will be YOUR hammer reporting the information, so at some level it will be associated with you.
Why are they doing this? Well, they know that sometimes their hammers break. They only know this, though, because sometimes their hammers break for their own employees and sometimes customers tell them hammers break. They would really like to know ALL the times their hammers break, though, so that can try to fix all the problems with their hammers, and not just the ones they see or get reported to them. They say this will be best for their customers and that's why customers should be on board with the change.
No one would ever buy that hammer again, right?
Regardless of the privacy implications of the company knowing everything about your usage of the hammer, the company is basically saying that their hammers break so much that many of their customers don't bother telling them and just go use someone's hammer. In other words, their product is bad and their customers don't value it enough to deal with it.
Don't even get me started on paying monthly for that hammer ...
I think you came to the wrong conclusion. Lots of people might still buy the hammer, and lots of people might knowingly buy the hammer, and even more, lots of people might knowingly buy the hammer and like that the hammer is being fixed when it breaks. I honestly don't understand why so many people oppose telemetry, especially when it's anonymous.
I mean, you might not, but I don't see telemetry as such an evil. It does help make the product better. So "no one" is a bit too strong here, try "no one with my mindset" ;)
I don't see how adding telemetry makes any significant difference.
The problem is its always been there. Telemetry provides more noise to hide exfiltration of sensitive data, but the risk has always been there from the start for the reasons you laid out.
It's a closed source product in a surveilence heavy country. Telemetry or not, it's risky.
I’d be fine with telemetry if it recorded locally in a way which was fully inspectable and human readable and which I could send IFF I wanted to, but with a password manager I’d be scared even of just a long list of events; passwords and keys themselves are so low entropy vs long lists that you could easily encode something…
The key word there is "anonymized". What is the risk of the collected data accidentally being less anonymous than intended? What is the risk of accidentally collecting more data than intended? Microsoft has already had both types of accident [1][2], so I think it's fair to assume a risk close to 100% over time.
Even if users opt out, what is the risk of the opt-out mechanism at some point containing a bug that causes it to fail? Or the risk of the user at some point failing to properly configure the opt-out mechanism?
Is the company going to put as much effort into minimizing these risks as the end user would like? Is anonymization of telemetry going to be the top priority for the company?
[1] https://github.com/dotnet/sdk/issues/6145#issuecomment-22010...
I don't, so I'm never upgrading to 1Password 8. The telemetry news only validates my decision. What I consider important in a security product and what AgileBits considers important diverged a while ago and that's ok I guess.
I strongly disagree with this and think much less of companies who do it that way. That said, that battle is already lost anyway.
It's not like this is telemetry in some open source thing for nefarious reasons. It's literally for their customers. They already know who you are, it's not like they're using this for targeted ads.
It absolutely isn’t.
What makes them different?
1Password has not yet had that, they've made some missteps, but have handled it relatively well (based on my experience, and that I still use them).
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
> No customer vault data can be seen or collected. We’re only interested in how people use the app itself, what features and screens they interact with – not what they store in their vaults, what sites they autofill on, or anything like that.
This seems contradictory to me. How can the code see what screen is open without interacting with the app? This implies there is some kind of sandboxing layer. How can the 1Password software engineers possibly be confident enough in this sandboxing to assert that "no customer data can be seen?" That may be their intent, but bugs happen, especially in code that runs at a layer above the app to analyze how users interact with it.
I will be opting out. Hopefully the opt-out mechanism doesn't have a bug in it either. And when there is inevitably a bug in the telemetry, I hope 1Password is okay with admitting that their opt-out system created two classes of users: those who did nothing, and thus remained vulnerable to bugs in the telemetry layer, and those who opted out of it.
Exactly. They are enlarging the attack surface of a security device. For their own benefit. One buffer overflow and there's a backdoor.
That this is happening means their marketing people have more power than their security people. This is a very bad thing for a security company.
Start migrating away from 1Password. Now.
Opt-out telemetry is also not ok for product decisions. It's a dark pattern that shows no respect for user privacy.
Assume no PII, what's the difference? What do you mean by dark pattern?
It may not work correctly, and there's some risk there, but it's pretty low risk. A poor implementation may cause UX regressions, but the company have incentive to not do that.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
If I’m reading correctly, they’re pretty clear and intentional about not collecting data from your vault (regardless of opt-in or opt-out). It’s simply usage patterns of the UI.
Do you see anything that suggests otherwise?
Telemetry that is detailed enough to reveal how I use a product is too invasive for my tastes.
What would reassure me is if the data were all in human-readable form and given to me to transmit myself.
Applies to much more MS products than just Office these days. I personally stopped being able to justify Office when they moved to subscription and iWork moved to bundled and already installed.
I still have Office on my work Mac and boy is it laggy typing as it analyzes the words and sends them to who knows where.
I love (although loved more in the past) 1Password and have deployed it in two separate companies. Between this and recent UI updates (well, over the last couple of years), maybe it's time to look at alternatives.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
Citation needed on this one.
That would make any dashboard that showed which api endpoints are the most popular also illegal.
Anomyous telemetry is not PII. GDPR is personal data.
Don't get me wrong, it's still light years ahead of the Bitwarden clients and extensions, and that's why I stay, but I for sure would not use the present tense for their quality
I’m quite possible a simpleton but I can’t see how it’s light years ahead of Bitwarden. Can you provide an example of such difference?
Every time I used to check 1password (before the Great Purge of local vaults) I always arrived at the same conclusion. It’s a bit more beautiful but not 3x or 4x (whatever the price is) more beautiful then Bitwarden.
Functionality wise I couldn’t see much of a difference. Both save passwords, both share passwords, both generate passwords and both have Totp support.
Stayed for cheaper price, linux support, simplicity and "out of my way" philosophy. Never looked back to 1password.
Bitwarden is great.
https://github.com/dani-garcia/vaultwarden
Your password data, back under your own control.
It's been good. Very simple and reliable. Has barely changed in years of use and hasn't needed to.
The biggest loss for me on v7 -> v8 is 1Password Mini - that's a wonderful little 'browser extension for the desktop', and quick access is just awful to use in comparison.
It's not helped by their responses basically always being "but we like this, so it's better!" - they don't listen to customer feedback any more, and they pair it with their 'quirky' comms style that just comes off as condescending & dismissive. Collecting telemetry doesn't help if they ignore the feedback they already have.
edit: plus, they keep showing hard/impossible to dismiss UI in web pages to try to capture/fill fields, and it makes using the web pages really difficult!
In v7 with 1Password Mini I can do a fuzzy search outside of the browser and then just press enter to fill the details.
I'm still holding on to v7, but apparently we just can't have nice things. Sounds like it may be time to move on soon. :'(
Purchasing licenses in those times before everything moved to subscriptions was a good deal.
This doesn't align with my experience, and I've been using their app/service for years (the Windows & Mac apps, along with the Chrome and Firefox extensions). I don't mean to sound harsh but I'm scrolling through the negative reviews on the Firefox extension page as you suggested, and it's hard to take the majority of them seriously:
"i have never been happy with 1Password. Too frustrating to use."
"TOO DIFFICULT TO SIGN ON."
I use browser extension in Edge on macOS. I am on a page signing up for a new website and want to save credentials. It doesn't. Keeps erroring out. Disabling and re-enabling extension, and then refreshing the tab finally fixes it. I reached out to customer support and they told me to sign out to force refresh the cache. I did it, but the problem wasn't fixed.
1Password needs to fix the bugs that their customers are already reporting, instead of alienating their users with telemetry. I don't think the learnings from telemetry will be worth the damage it will cause to their brand.
https://www.dropboxforum.com/t5/Integrations/Why-So-Much-Tel...
This rings true for me in so many ways.
If they ever take it seriously and release a dedicated app with iCloud family sharing I don’t think I would have a reason to look elsewhere.
I had this belief before, that it helps makes the product better.
But I realized that telemetry is used against us. It helps the company push their own agenda, and manipulate the user.
For example, I'm used to update my Android apps manually. Google made it more and more difficult, version by version, to access the corresponding screen in the Google play app, in order to push for auto-update. They analyzed this through telemetry.
I use 1password and generally like it. Their moves towards typical Product Owner monetization BS has me starting to look to other options.
We shall not even get started on their extension losing its mind for no good reason. Still better than Bitwarden, and they should thank their lucky stars for it or I'd take my money elsewhere
EDIT: https://palant.info/2023/01/23/bitwarden-design-flaw-server-...
What that article is saying (rightfully, mind you) is that an attacker can mostly ignore the server side round of encryption, because if they have a copy of your local vault, they can just perform the client side rounds and then see if they can decrypt the vault.
This is a problem mostly if you see their claims of 100000 rounds server side, and decide "oh that's fast enough, I'll drop the client side rounds to 5 so my vault is fast to open)"
The point was if we'd had telemetry while prioritizing this work, we would've known it was something many people were actually using. The little data we had showed that was not likely the case. Had we known, we would've prioritized differently.
Makes me wonder though, if there is a SwiftUI codebase, why not maintain the macOS app as a native app too?
Because I value my privacy, period.
> If everything works as it is supposed to then the only result is a better product.
After 20+ years in the industry, I've never once seen this to be the case. I can't think of a single product that used telemetry that I'd consider to be of high quality. It has always been a sign that there's no captian on the ship though.
> It may not work correctly, and there's some risk there, but it's pretty low risk.
I'm unwilling to take on any risk to prop up a poorly run product team.
BTW, the paid accounts provide TOTP code storage, more comprehensive password health reports, emergency vault access for others, hardware key support, someone to call with problems[0], and encrypted file sending.[0]
This is similar to the case of iMessage vs WhatsApp, where the lack of a Windows/Android App for iMessage renders it unused by my friends and unpopular in regions where Android phones are prevalent.
https://i.imgur.com/6NjKKhZ.png
Or if you prefer htop:
https://i.imgur.com/XfZZm9B.png
Such memory use is pretty normal when 1Password is running on macOS for some time. And it runs all the time (I think for the UI autofill stuff etc.).
2b. If you have attached documents in 1Password, you need to manually add those to Bitwaren.
This process is pretty straight-forward, though. To get a clean list of all items with file attachments in 1Password, I found it very useful to create a Smart Folder with the rule "Number of attachments is greater than: 0".[1]: https://bitwarden.com/help/import-faqs/#q-how-do-i-import-fi...
- Documents - Databases - Email Accounts - Servers - Software Licenses - SSH Keys
I have several entries in all of these types. Of course, you can map them to one of Bitwarden's types (usually as a Login, I would guess), but as far as I remember, it would have taken quite a bit of manual cleanup to get this to work right. I wonder why Bitwarden doesn't have additional types, even if just as a way to have some better organization of your items.
I will definitely try Bitwarden again in the near future. I recently reverted to 1Password 7 which works so much better than 8, but as EOL for 1Password 7 is imminent and my subscription renews in the summer, I think it's time to try the alternatives again.
So while telemetry might show that moving an item from one group to another (just making something up) takes > 1s, fixing this will not bring in $.
So when we then do Sprint Planning all of that gets pushed to the ice box.
The question whether it can tell you the value of anything at all is a hard one that needs plenty of context, and nobody seems interested on answering. But your reasoning doesn't need this answer.
But it can allow you to extrapolate from the value of things already done and usage patterns around them?
- https://github.com/bitwarden/clients/issues/1620 was created 2021, after it was migrated from the issue that was open even longer in the other repo, and now they've locked the issue because they're tired of people complaining about the extension losing their credentials
- there are a ton more Item types in 1Password, which some people consider just cosmetic ("you can create your own fields") but https://bitwarden.com/help/managing-items/ compared to https://support.1password.com/item-categories/ is night and day, setting aside the native support for SSH agent that's built into 1P nowadays
and here starts the list of even more highly subjective items, which I acknowledge are highly subjective
- the folder based item management in Bitwarden is highly inferior to the tags based management in 1P. Creating folders itself is a major PITA, whereas creating tags in 1P is ... just type the new tag name. Maybe people enjoy putting the "tags" in there item's names or whatever, and doing away with folders in Bitwarden, but ... the fact they're trying to implement tagging on the cheap indicates they want tags but Bitwarden doesn't see the world that way
- I find the attachment management process cumbersome in Bitwarden, whereas in 1P there are actually two orthogonal ways of managing attachments: they can be first class Items (called "Document" items) meaning that is the whole secret that one would care about, and they can also be arbitrarily attached to other Items in kind of a supporting role. I have scans of my passport attached to the Passport item type because so many places ask me to upload a scan of my passport. Same for my driver's license on the formal Driver's License item type
- in the theme of "finding it cumbersome," I find that 1Password seems to care a lot more about UX than Bitwarden. Now, of late I am having to qualify any such statement because yikes that 1P 8 rewrite was catastrophic. But, rewrite-induced-self-inflicted-harm aside, I still think 1P cares a lot more about UX than Bitwarden
- also subjective, but I really enjoy the `op run` <https://developer.1password.com/docs/cli/reference/commands/...> and its ability to resolve specially formatted env-vars <https://developer.1password.com/docs/cli/secret-references> in the sub-process. That process seems to be the basis of their shell plugins system <https://developer.1password.com/docs/cli/shell-plugins> but TBH I find just having env-vars lying around to be more convenient than their shell plugin system for my workflow. The fact that the `op` binary is smart enough to use DBus to auth to my desktop session means I can also use it as an implementation of pinentry
A perfectly reasonable question may be "well, it's open source, why not start fixing bugs?" The things about using folders and the lack of item types indicates to me that they're just rowing in a different direction than what I would like, and the fact that they're a commercial company means unless I directly would benefit from fixing a bug means I am not incentivized to contribute free labor
None of your issues I personally experienced or particularly bother me, this is probably a statement to how different people experience different pain points, but your list of complaints was exactly what I was trying to understand. Thank you for taking the time for such a thoroughly response.
As I said, my needs are extremely simple for my password manager. Just keep my data safe, searchable, available on all my devices, generate some strong password and that's it. But I completely understand if you need more. Different strokes for different folks and all that.
https://bucket.agilebits.com/ben/telemetry-consent-draft.png
Huh? No, they had access to basically nothing unless the user did something that triggered a network request. What did you type in that form, but delete before submitting? No visibility. Which parts of the page did you linger on the longest? Which parts of the text did you highlight? No visibility.
They could see when you requested/submitted stuff, but that was about it. Pages couldn't sit there looking over your shoulder while you were using the page.
Well maybe I deleted it because I thought twice about what I wanted to send you.
> I use browser extension in Edge on macOS. I am on a page signing up for a new website and want to save credentials. It doesn't. Keeps erroring out. Disabling and re-enabling extension, and then refreshing the tab finally fixes it. I reached out to customer support and they told me to sign out to force refresh the cache. I did it, but the problem wasn't fixed.
I've had the same issue, support told me the exact same thing:
1. Lock the 1Password app (which also locks the extension).
2. Unlock the 1Password app (which also unlocks the extension).
If the issue is still present, please go through the steps below to fully re-sync your account:
1. Right click the 1Password icon in your browser toolbar and choose Settings.
2. Under General, disable "Integrate with 1Password app".
3. Under Accounts & Vaults, sign out of your account.
4. Sign back into your account.
5. Go back to General, and re-enable "Integrate with 1Password app".
I told them it didn't help at all, they claim they've released a fix for "one of the possible causes of the bug", in the beta version of the extension, they asked me to make a new chrome profile and install the beta version but I just didn't bother at that point and just lived with it..
I uninstalled the macOS beta app and reinstalled the stable version. It seems to be working fine for the last day or so.
Prove it. Right, you can't, because once telemetry runs you have no insight or control over what happens with the data. And trust is definitely not an option anymore after all that happened over the years.
That is more of a statement about the detestability of telemetry as a concept than anything else.
https://www.centenecenter.wustl.edu/by-the-power-of-default-...
This is said by every company that does telemetry.
> Documents
Bitwarden's Secure Notes features works: Licenses as text can be saved to a note, while a document or other file can be attached.
It seems likely that the same reasoning will apply here.
I run Vaultwarden on my LAN, with no public/Internet facing service, and sync only on my LAN.
[0]: https://www.passwordstore.org/
Taking your warning as a catalyst to find an alternative.
Just downloaded the trial version and it looks very promising.
The ios app has family sharing enabled which is a big plus.
And the support is reminiscent of 1Password in their indie days.
Will check it out, many thanks.
I also use it everyday, and it's a major step back from what it was prior to version 8.
> If you only listen to the people who are talking, you'll get a very distorted picture of how your customer base feels.
On the other hand very few people voice their opinion to begin with whether they like something or not. To assume you don't have to listen to loud voices is also dangerous.
For example, in the beginning of version 8 they removed categories from the sidebar because "it gives more space to list your vaults and acounts". The only way to access categories (and search within them) was to click somewhere in search and do some contortions like typing something along the line of "in:Identities"
People complained, loudly. They brought the categories back.
They didn't have a proper sorting of items in the lists, always defaulting to "Recent only".
People complained, loudly. They brought the sorting back.
There are multiple idiotic decisions in the UI still. I guess we should stop complaining because "it's fine"?
For no reason other than they don't understand what UX is anymore they now have `Edit -> Find` that behaves almost like the previous version's search did.
Willful, informed, enthusiastic consent is what we're after.
No, it's not. "Consent" requires being informed first.
No it isn't implied.
How is that any different than Bitwarden?
I just checked and this works fine on macOS
That depends. First, no data collection is "anonymous" when it is transmitted. Any anonymity must come later, and then is only possible if the company aggregates the data with other users and deletes the original data that was collected.
PII/Personal Data are squishy terms. In the US, anyway, the legal definitions of what counts as "PII" leaves out an awful lot of actual PII -- so any claims that "no PII is being collected" is meaningless without additional explanation of what data items are being collected.
Because no network connection is anonymous but as long as you aren't handling PII, GDPR has nothing to say about it.
I could sell an app in the EU that just pinged my server once a day. As long as I wasn't keeping a record of who pinged what when, there is no PII.
Otherwise everything is PII and you would need consent before every TCP handshake.
Data processing is not just about 'keeping a record'. Processing even for a millisecond is also processing.
> Otherwise everything is PII and you would need consent before every TCP handshake.
Consent is not the only ground for data processing. Normally, it would just be performance of a contract, as the user wants something from you.
It is clear that the EU does not consider telemetry to be strictly necessary and while there can be times when telemetry is allowable with the legitimate interest legal basis (for example, to prevent fraud or to comply with legal obligations), there is already plenty of case law across the EU that shows that the legitimate interest legal basis will not be accepted for user analytics.
For this reason, it seems unlikely that the proposed telemetry will be compliant in the EU.
It's not the network connection that eliminates anonymity (although that, too), but the data itself. Even if there's no single piece of PII involved, fingerprinting is still a thing. That's why, if you want a hope at anonymity, you have to add the collected data into an aggregate collection and delete the original data records.
Are we assuming 1Password is lying about anonymisation?
My point is they didn't "sneak it past the regulators", it's plainly legal to do this under GDPR, and if it isn't I need a citation.
I wouldn't put it that way. Rather, I'd say that you shouldn't assume something is true just because a company claims it is. Especially when that thing can have a material effect on their profit margin.
How are you exactly going to submit it anonymously? Will it connect over Tor? Because if you just send it over your internet connection, it arrives with your IP address on the packets, which is PII, which makes it data processing of PII, which makes it require a legal basis to process. And it is legally uncertain that 'legitimate interest' is a valid ground for telemetry data, leaving only opt-in consent.
Edit: It would also violate using any networks that transit such countries, because TLS and TCP handshake info might be PII too. I find that such a ridiculous position to have re GDPR.
1P already has consent from users for its apps to use the network to connect to their services.
They do not need an additional agreement ie opt-in consent. If they are collecting non-PII they can use the current opt out.
Yes, and this is the current situation with the US following Schrems II. Obviously, lots of companies are non-compliant as everyone is waiting for a diplomatic solution following the ruling against Privacy Shield.
> 1P already has consent from users for its apps to use the network to connect to their services.
They probably rely on the strictly necessary legal basis for network connections that are required to run the service. However, each purpose much have its own legal basis and you cannot bundle purposes. For example, you cannot gain consent to process given personal data for one purpose and then process it for another purpose.
Consent must be bound to one or several specified purposes which must then be sufficiently explained.
Everyone just consents anyway...
Unless you don't lie to them and don't use every dark pattern in the book to trick them into clicking the checkbox.
I am countering the position of the parent poster and asking for a citation that would indicate you don't need to sneak this around the EU regulators to do it.
Data processing of personal data is what the GDPR is concerned about.
I'm sorry for getting frustrated but for fucks sake, someone cite me something that proves my original point about the opt-out being illegal.
I don't care if I'm wrong but I'm not taking downvotes for questioning someone flatly accusing 1P of bypassing EU regulations.
1P says they are collecting non-PII.
Higher poster in this thread says "I can't imagine how they're going to get this past EU regulators."
I'm saying there is no problem, and someone needs to provide proof that the opt-out here is illegal.
However, Recital 30 (Online Identifiers for Profiling and Identification) clearly shows that IP addresses are personal data;
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. 2This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
There is plenty of case law to show that processing IP addresses (even if you discard them later) is processing personal data. For example, an Italian court included as part of a ruling:
> In this respect, it is worth pointing out that the IP address constitutes personal data insofar as it makes it possible to identify an electronic communication device, thus indirectly making the data subject identifiable as a user (see Article 29 Working Party, WP 136 - Opinion No 4/2007 on the concept of personal data, of 20 June 2007, p. 16). This is especially so where, as in the present case, the IP is associated with other information relating to the browser used and the date and time of browsing (see recital 30 of the Regulation).
Source: https://gdprhub.eu/index.php?title=Garante_per_la_protezione...