They're focusing of the enterprise market. Those users are now what matters, because that's where the money is. Individual and family customers will still get their tier of product, but ain't no company-wide business decisions gonna be catered to their whims.
And particularly with standalone perpetual licences, which I'm still clinging on to. Sync via DropBox, share a vault with family, and another one with my small team at work. It's perfect, for me. But it just doesn't work for 1Password, financially. No amount of getting upset or whiny will change that. Time to get over it.
That is clearly not true. 1Password was around for over fifteen years and was profitable well before their Series A-C that set unrealistic growth targets. The financials were sound, which is why a non-startup was able to get that kind of financing at that kind of valuation to begin with.
While you're free to get over it, I will stick to working with standalone software.
I use KeePassXC + DropBox (or any other syncing tool)
Ah, and no telemetry there ;-)
To give 1Password some credit, they haven't broken the standalone licenses yet. Every time the iOS app updates, I suffer from an anxiety attack that sync via dropbox might break.
I have some bad news for you. They are not updating their browser integrations for <= v7 and the newer ones will not work with local vaults. De facto, they are already deprecating standalone licenses/local vaults.
If you don't need shared vaults, Secrets [0] is excellent and feels a lot like the last good version of 1Password before they started down their current path of destroying both their product and their reputation.
This is what I use on the Mac (full disclosure: I know the developer on a personal basis, since we worked together in the past). Only shortcoming for me is the lack of Apple Watch support for a few key things like TOTP and keeping some credit card PINs always on me.
Agreed. Individuals/Families make their opinions clear on the issue publicly and through support channels. But 1P cares about the enterprise market which is much more valuable currently and those clients presumably provide less vocal feedback, so this tool will be more to capture their data to make decisions based on that. It's unfortunate, as 1P is such a great product overall, but like products such as Spark Mail, all seem to end up building on the backs of consumers, to make it to the holy grail of enterprise. Then customers are left with the products aimed for mass market that lacks all the power user features they are accustomed too.
It stopped working for me when I couldn't install the Chrome extension for 1Password 7 on my work machine.
I've finally given in, after years of being a licenseholder of 1Password 6 and 7 (and maybe 5?) ... and I'm mixed. Definitely plenty of migration pains, you have to set aside time in your life to make this change. Most of us just want our stuff to keep working the way it worked yesterday, and not have yet another chore in our lives.
I just got a notification from 1Password today that the chrome extension will stop working on July 1 and that I need to upgrade. I don’t know if I can continue to use the version I paid for once that happens and might need to move to the subscription. I hope that’s not the case but haven’t looked into it yet.
Does anyone know if it will be possible to continue using 1Password past July 1 without a subscription?
I held on to 1P7 as long as I could. The integrations when they work are pretty amazing and was worth upgrading to keep those functional. But still, didn't need to do those app changes for integration improvements.
This doesn't match with my personal experience. On Windows10 1Password is using locked about 5MB Ram, unlocked 30MB when idle. It shoots up to 150MB when actively being used, but as soon as I close the window, it's back to normal. Firefox extension takes about 1MB of Ram.
that's wild, 1password with the window opened on my mac is using less than 300mb of ram, and when the window is closed it goes down to 150mb (all of the processes except the main 1password one are using similar amounts of ram, but my main 1password process is only using ~100mb)
Oh god... it's so bad! 1Password 8 feels like using Norton antivirus - it's bloated, doesn't feel native, has the weirdest bugs that never occurred in earlier major versions such this weeks new one - editing a password updates a different stored password. It's very.... javascripty....
The problem here is the most vocal users are often not representative of the whole userbase. As a concrete response, I'm fine with the 1Password subscription, I think the new Electron rewrite is at least as good as the old one, and the cloud hosting is the whole reason I'm using 1Password. I just don't talk about it because what is there to say? They really wouldn't know except that I keep paying my bill.
Ya that's right, I suspect Hacker News is maybe the 1% that is capable of DIY'ing a solution and will complain about every little change with that as the "stick".
That said this whole telemetry push comes on the heels of their $600M VC round a year ago which wasn't designed for a linear growth business that just "keeps on keepin on" with the good times. So I'm a little skeptical that the company is philosophically/financially aligned with its consumer users.
Agreed, I'm also fine with the subscription since it's so little, and also found the Electron switch to be just fine in terms of performance and usability.
> I think the new Electron rewrite is at least as good as the old one
Of course it isn't. The search alone is unusable. Instead of fixing it someone on the team sneaked in a second search that almost behaves like the old one
Search is fine, I use it every day. This is exactly what I'm talking about: the most vocal users are the ones who are the most upset. People who are fine with it say nothing. If you only listen to the people who are talking, you'll get a very distorted picture of how your customer base feels.
Agreed, the search is actually improved from the last version and I have zero issues with it after daily use since the release. Moving to electron seems to have been a net positive for the whole product. It would have been a mistake to listen to the most vocal HN users and this is an important lesson for hackers turned product people.
I also use it everyday, and it's a major step back from what it was prior to version 8.
> If you only listen to the people who are talking, you'll get a very distorted picture of how your customer base feels.
On the other hand very few people voice their opinion to begin with whether they like something or not. To assume you don't have to listen to loud voices is also dangerous.
For example, in the beginning of version 8 they removed categories from the sidebar because "it gives more space to list your vaults and acounts". The only way to access categories (and search within them) was to click somewhere in search and do some contortions like typing something along the line of "in:Identities"
People complained, loudly. They brought the categories back.
They didn't have a proper sorting of items in the lists, always defaulting to "Recent only".
People complained, loudly. They brought the sorting back.
There are multiple idiotic decisions in the UI still. I guess we should stop complaining because "it's fine"?
I'm sorry but you're responding to an imagined argument that I didn't make. This is an article about adding telemetry to 1Password so they don't have to only listen to the loud voices. Look again at my post, my exact words were "If you only listen to the people who are talking..." -- I'm saying they need to listen to the whole customer base, not just the loud voices. I did not suggest that people shouldn't voice their concerns, nor that companies shouldn't listen to people who speak up. The idea here is not to underrepresent the people that have nothing to talk about.
Instead of filtering the list as it used to, it now shows a dropdown list with truncated one-line entries. That's the default `Edit -> Search`
For no reason other than they don't understand what UX is anymore they now have `Edit -> Find` that behaves almost like the previous version's search did.
You're talking about the autocomplete. If you want to finish a search and keep the list filtered, hit cmd+enter. Or use the global search (cmd+shft+space) to operate on live autocomplete results with keyboard shortcuts like a launcher app.
Even more hilarious: I have recorded customer service events specifically stating against all three of those.
I liked 1Password when it was an amazing Mac-only app. Now it's just another Electron app I can throw away and discard for different Electron app, there's nothing special about it.
The problem is that I don't see any particular alternative. I don't like Bitwarden's security (password is provided to the server to partially unlock so a malware server or MITM could get the password) and LastPass has known issues.
EDIT: And standalone apps are neat and cool, but doesn't let me share the Netflix password with my family.
> password is provided to the server to partially unlock so a malware server or MITM could get the password
That is completely false.
"The Master Password is cleared from memory after usage and never transmitted over the Internet to Bitwarden servers, therefore there is no way to recover the password in the event that you forget it."[0]
Bitwarden does some of the KDF operations server-side which means that a portion of the password (even if it's been through some KDF operations) is sent to the server.
They send the hash of the master key password after it's been encrypted to the server. They then encrypt the hash on the sever side to auth you. They don't send the password itself.
What that article is saying (rightfully, mind you) is that an attacker can mostly ignore the server side round of encryption, because if they have a copy of your local vault, they can just perform the client side rounds and then see if they can decrypt the vault.
This is a problem mostly if you see their claims of 100000 rounds server side, and decide "oh that's fast enough, I'll drop the client side rounds to 5 so my vault is fast to open)"
1password is pushing me more and more toward something else, it has only to piss me off a bit more and I might just drop down to Apple Keychain for most things ...
I went apple passwords only a while back and don’t really regret it. It works really well most of the time, with a couple of annoying “open up the settings app to get my password” moments.
If they ever take it seriously and release a dedicated app with iCloud family sharing I don’t think I would have a reason to look elsewhere.
> Over the years, we’ve relied on our own usage in conjunction with your feedback to inform our decision making. This presents a challenge, though: we don’t know when you run into trouble unless you tell us. And sure, we have an extensive user research program, and listen to all of the feedback you share online and in conversations with our team.
> But there are millions of people using 1Password now, often in cool and innovative ways! If we’re going to keep improving 1Password, we can no longer rely on our own usage and your direct feedback alone.
I wish I were in the room when these arguments were being made. I would like to see the data that led them to this conclusion. I used to work at 1P, I was a happy user before I started working there and I continue to be a happy user. But I can remember so many conversations about telemetry and how we’d never use it…
> we don’t know when you run into trouble unless you tell us.
This is almost comical. Whenever I report issues, it takes them months to fix them. And sometimes those weren‘t some small edge case problems. One was that non US keyboard users were unable to use special characters in their shortcuts. If they don‘t have the time and resources to fix such problems in a reasonable time frame, what do they think they‘ll gain out of telemetry data? Do they need verification that people use shortcuts before allocating resources?
They're headed the way of Dropbox. As Steve Jobs famously said to Dropbox when trying to purchase them: You don't have a product, you have a feature.
For Dropbox it took way longer to get to that point than anyone expected, but Microsoft, Apple, and Google have all copied the Dropbox feature. 1Password is headed in the same direction and Apple is leading the pack in making it redundant. If the password section of Settings in macOS gets a separate app and a way to share passwords, 1P will end up in the same tough spot as Dropbox.
I am eagerly anticipating the release of the Apple Passwords App. However, initially limiting it to Apple devices alone would not be practical for most users who require password sharing capabilities.
This is similar to the case of iMessage vs WhatsApp, where the lack of a Windows/Android App for iMessage renders it unused by my friends and unpopular in regions where Android phones are prevalent.
You can use it for a lot more than just passwords, which IMO is what makes it stand apart from Bitwarden. You can store notes, credit cards, photocopies of IDs, software licenses, key pairs, etc. You get 1GB of storage. They really have turned it into a "vault" for anything digital.
Fairly sure Bitwarden has done all that for some time. Having had to use both at work, I can't see any killer features that 1Password has in my use case and there are various small things that slow me down when using it.
I've been using Bitwarden for several years and I really like it. However, I do wish it had a few more item "types". Not everything fits into the ["Login", "Card", "Identity", "Secure Note"] array.
1password only has ["Driver Licenses", "Software Licenses", "Documents"] as additional types. "Documents" seems to be doing the heavy lifting, as the others are either a form of "Identity" or "Secure Note".
Bitwarden's support for images attachments is completely useless. You can't view images - the only option is to download them to your Downloads folder, and then you have to remember to delete them and empty your trash.
You can store anything you want in it, as long as you are ok with seeing just the first 15 or so characters of the name you give it. Because the column that contains the contents of the vault is thin and non-resizable. Probably because they didn’t have telemetry so they didn’t know.
1Password is one of the best products I've ever used and removed tons of friction from my life when I switched from KeePass. It's a fantastic, exciting product.
...which is why this decision is extra infuriating.
Re:cool: it's corpo speak for "what the fuck are the users doing", and then realizing that they can build a product around that, turning it into profit.
As a business, if you don't realize situations like this, you both leave money on the table, and also risk users leaving for another product, which offers the missing functionality explicitly.
One anecdote as to why it has become clear telemetry is needed:
When prioritizing what we needed in order to launch 1Password 8 we did not prioritize an Apple Watch app. We rarely heard from customers about Apple Watch, and so the assumption was that very few people were using it. When we launched without it, it quickly became apparent that was a poor assumption. People came out of the woodwork to ask where our Apple Watch app went. If we'd had telemetry, we could've known that lots of people were using the Watch app, and just didn't have a reason to write to us about it.
If better data had been available to us, we would've been able to make a more informed decision. We've decided that privacy-preserving telemetry is one of the ways worth exploring to improve that data for the next time. If it is something we roll out to customers, customers will have the choice to participate. We will not collect any telemetry data unless we've obtained consent.
That could also have been avoided by not rewriting in Electron, which I truly think 0 users wanted, whereas the old app warranted nominations for the Apple Design Award.
It’s still not too late to reverse that decision.
Incidentally, how would telemetry tell you that people miss a removed feature if said telemetry was not in place before removal?
1Password for iOS does not use Electron. It uses Apple's SwiftUI. Our iOS app is what contains the Apple Watch app.
The point was if we'd had telemetry while prioritizing this work, we would've known it was something many people were actually using. The little data we had showed that was not likely the case. Had we known, we would've prioritized differently.
Or you know you could just go to Wikipedia and see how many Apple Watches have been sold, then make a good solution for that platform (wikipedia estimates 100M units as of 2020): https://en.wikipedia.org/wiki/Apple_Watch
This is absolutely no justification for telemetry.
Nobody was questioning how popular the Apple Watch is. The question was how many people were using it to access their 1Password data. The evidence that we had at the time suggested very few. Better data would've helped us make a better judgement.
Opt-out telemetry is unacceptable, this also signals that the product team has no vision and the organization is riddled with bureaucracy.
Great products get built by someone with a vision to create them, mediocre products gets created by product managers justifying their positions with data they've gleaned by spying on users.
100% agreement from me. People have trouble believing this, but software existed before telemetry existed. We didn’t have trouble understanding where user pain points were back then, because we actually performed user studies, and offered the ability for users to provide feedback if they wanted to.
The field of UX wasn’t born the moment someone wrote the first telemetry library.
I was genuinely shocked at how fast this crap was normalized. This was unequivocally not fucking OK unless you were some shady-ass malware vendor, not even that long ago. Then, in a span of seemingly a handful of years, it became normal and everyone was doing it and they all act confused when we say it's very, super, extremely, not even close to OK.
This already starts from a big mistake, because telemetry can't tell you the value of any work you haven't done yet.
The question whether it can tell you the value of anything at all is a hard one that needs plenty of context, and nobody seems interested on answering. But your reasoning doesn't need this answer.
Because before js became popular, every web app had access to every single event execpt what, scroll and mouse position.
Telemetry has been the default for networked applications since longer than I've been alive. Think of a terminal connecting to a mainframe, how much telemetry it has access to, all of it, of course.
> Because before js became popular, every web app had access to every single event execpt what, scroll and mouse position.
Huh? No, they had access to basically nothing unless the user did something that triggered a network request. What did you type in that form, but delete before submitting? No visibility. Which parts of the page did you linger on the longest? Which parts of the text did you highlight? No visibility.
They could see when you requested/submitted stuff, but that was about it. Pages couldn't sit there looking over your shoulder while you were using the page.
Its a world of diminishing returns still looking for that 100x payday. A product is no longer a product once the end user becomes part of that product. It makes me sad and long for the days when I was excited to see what amazing new software was being posted every day to HN, can't remember the last time I went wow.
Telemetry in a "trust us, this closed-source application which contains all your secrets, which we provide you and which we update periodically, is only contacting us for "privacy protecting telemetry" and not exfiltration, intentionally or not, of your most sensitive of all data" application is a hard pass for me. This seems like an IQ test kind of question.
(So many times error reporting, etc. have accidentally leaked highly sensitive data, which was then the source of a major compromise, in other systems. Maybe 1Password won't get it wrong, maybe 1Password will never be subject to any pressure to get it wrong...)
Imagine for a minute that you have a hammer. This hammer is a very useful tool and you have never had a problem with it. You don't know what is in the hammer -- could be steel, could be titanium, could be uranium (you're not a scientist!) -- but you know that it has always worked for you. Your experience with the hammer is so positive, you would buy another hammer from the company again, without question.
One day, the company that makes this hammer says that they will be updating it to automatically tell the company a bunch of information about the hammer's use -- when it's used, where it's used, what the environment is like around the hammer, how many times it's used, what it's used for. They assure you that they don't care about who is using the hammer, but obviously it will be YOUR hammer reporting the information, so at some level it will be associated with you.
Why are they doing this? Well, they know that sometimes their hammers break. They only know this, though, because sometimes their hammers break for their own employees and sometimes customers tell them hammers break. They would really like to know ALL the times their hammers break, though, so that can try to fix all the problems with their hammers, and not just the ones they see or get reported to them. They say this will be best for their customers and that's why customers should be on board with the change.
No one would ever buy that hammer again, right?
Regardless of the privacy implications of the company knowing everything about your usage of the hammer, the company is basically saying that their hammers break so much that many of their customers don't bother telling them and just go use someone's hammer. In other words, their product is bad and their customers don't value it enough to deal with it.
Don't even get me started on paying monthly for that hammer ...
I think you came to the wrong conclusion. Lots of people might still buy the hammer, and lots of people might knowingly buy the hammer, and even more, lots of people might knowingly buy the hammer and like that the hammer is being fixed when it breaks. I honestly don't understand why so many people oppose telemetry, especially when it's anonymous.
Can you imagine why someone might not want software containing their passwords and credit cards to stream data to a central server under the control of whoever wrote that software?
You could say the same about any piece of software. In the end it's about the implementation. If they don't segregate their data, then they don't, doesn't matter what software it is. In the end you'd have to trust them just as you trust them to store your credit cards and passwords. If you don't trust them with telemetry, you presumably don't trust them with storing sensitive data and thus shouldn't use their product.
I mean, you might not, but I don't see telemetry as such an evil. It does help make the product better. So "no one" is a bit too strong here, try "no one with my mindset" ;)
I had this belief before, that it helps makes the product better.
But I realized that telemetry is used against us. It helps the company push their own agenda, and manipulate the user.
For example, I'm used to update my Android apps manually. Google made it more and more difficult, version by version, to access the corresponding screen in the Google play app, in order to push for auto-update. They analyzed this through telemetry.
Without telemetry it is a closed-source application that contains all your secrets, is updated periodically, and is already storing encrypted copies of all your secrets on their servers. If they wanted to intentionally exfiltrate your data they could already do it easily.
I don't see how adding telemetry makes any significant difference.
The version I use(d) doesn’t connect to their servers, it stores a local password vault, and uses WebDAV to sync. I mostly moved away from passwords, and moved important passwords to a different system (Bitwarden/vaultwarden), but still kept random low value/legacy stuff in 1Password, which is why I am annoyed vs merely disappointed by their product changes.
Especially since it's operated from a Five Eyes country.
The problem is its always been there. Telemetry provides more noise to hide exfiltration of sensitive data, but the risk has always been there from the start for the reasons you laid out.
It's a closed source product in a surveilence heavy country. Telemetry or not, it's risky.
If they were going to "de-identify" the data for their telemetry, then I'd need to see some rigorous mathematical proof of it, to have any trust in their promises. You will eventually compromise the individual datapoints in a dataset, given enough queries. There is in fact a field of research that specifically studies just this. The PMs at 1password haven't done their homework, they're just waving their hands, and it is worrying for users.
The default for anything in that setting should be that phoning out (or trying to do so) is qualified as a security incident. Especially if it happens right after you've entered your credentials.
I’d be fine with telemetry if it recorded locally in a way which was fully inspectable and human readable and which I could send IFF I wanted to, but with a password manager I’d be scared even of just a long list of events; passwords and keys themselves are so low entropy vs long lists that you could easily encode something…
That's exactly why I never use any password managers, I don't trust any of them as: passwords are supposed to known by the owner only but by using a password manager, they were voluntarily surrendered to 3rd parties only god know whether they are trust worth or not.
I've been a 1Password customer for five years. The move to 1password 8 has been beyond disastrous: terrible extension integration, browser constantly crashing when trying to log into the web panel, and the mobile app integration hardly works with mobile browsers.
Add the recent announcements that the company will no longer support their last stable version -- 7 -- and move to using telemetry -- I'm out.
I've jumped to Bitwarden; open source, cheap, and competitive features. It was a no-brainer.
i have literally over 5,000 passwords going back almost 30 years in a dozen vaults in 1P. How easy was it to migrate to Bitwarden? Any issues with Windows, Android, Linux, i(Pad)OS with the move? thanks!
2b. If you have attached documents in 1Password, you need to manually add those to Bitwaren.
This process is pretty straight-forward, though. To get a clean list of all items with file attachments in 1Password, I found it very useful to create a Smart Folder with the rule "Number of attachments is greater than: 0".
I have several entries in all of these types. Of course, you can map them to one of Bitwarden's types (usually as a Login, I would guess), but as far as I remember, it would have taken quite a bit of manual cleanup to get this to work right. I wonder why Bitwarden doesn't have additional types, even if just as a way to have some better organization of your items.
I will definitely try Bitwarden again in the near future. I recently reverted to 1Password 7 which works so much better than 8, but as EOL for 1Password 7 is imminent and my subscription renews in the summer, I think it's time to try the alternatives again.
I have 1100+ but I suspect many are "dead" or otherwise invalid/not needed, but there's never a reason to remove them (this is likely a source of metadata leaking someday, somehow, as it may indicate if you once had an account, etc).
I'm thankful I still have it installed, and that Android does not yet expunge things that one cannot install any longer. But, you'll be sad to know that it only speaks to the 1P 7 app, and thus is becoming less and less relevant toward when they eventually nuke the v7 android app
I did actually consider trying to PR a change to one of the open source keyboards in F-Droid but ... TBH, the new 1P feels less and less like team players so until they start to open up some of their own stuff, I shouldn't throw good glucose after bad
Seems fine to me. Opt out is reasonable, I trust 1password to not fuck this up versus, say, LastPass. If you already trust 1password to store your credentials, I see little to no impact to your risk exposure by having them collect anonymized telemetry. Curious if others have thoughts here?
Their UI has changed a lot in recent years, maybe this will enable them to make more informed design decisions so that one day grandparents stop getting lost in their horrible menus.
> little to no impact to your risk exposure by having them collect anonymized telemetry
The key word there is "anonymized". What is the risk of the collected data accidentally being less anonymous than intended? What is the risk of accidentally collecting more data than intended? Microsoft has already had both types of accident [1][2], so I think it's fair to assume a risk close to 100% over time.
Even if users opt out, what is the risk of the opt-out mechanism at some point containing a bug that causes it to fail? Or the risk of the user at some point failing to properly configure the opt-out mechanism?
Is the company going to put as much effort into minimizing these risks as the end user would like? Is anonymization of telemetry going to be the top priority for the company?
> If you already trust 1password to store your credentials
I don't, so I'm never upgrading to 1Password 8. The telemetry news only validates my decision. What I consider important in a security product and what AgileBits considers important diverged a while ago and that's ok I guess.
Oh, I can: it's the experience of the edit button mysteriously appearing and disappearing, along with the unforgivable experience reported on r/1Password of some user having edits applied to the wrong item. There but for the grace of God go I, but I for sure have experienced the oft-reported edit button comes and goes nonsense
We shall not even get started on their extension losing its mind for no good reason. Still better than Bitwarden, and they should thank their lucky stars for it or I'd take my money elsewhere
The latest version seems optimized for keyboard shortcuts at the expense of easily accessible 1-click copying of username/password/one-time password. To me, this introduced a large additional cognitive load where instead of a click, click, click, I now have to remember that CMD+C is username, CMD+Shift+C is password, and (something else?) for One-Time Password.
Opt in is the same as not doing it at all. TFA explains their approach decently well and it seems sane to me.
It's not like this is telemetry in some open source thing for nefarious reasons. It's literally for their customers. They already know who you are, it's not like they're using this for targeted ads.
> it's not like they're using this for targeted ads.
Prove it. Right, you can't, because once telemetry runs you have no insight or control over what happens with the data. And trust is definitely not an option anymore after all that happened over the years.
Not really if you're trying to influence some sort of change. Consent is implied in the usage of the product. If someone doesn't like it, they're free not to use it.
"Implied consent" isn't consent at all, and bluntly the idea that it is is creepy and gross as fuck. That's why, for example, GDPR forbids services from limiting or withholding service based on cookie acceptance.
Willful, informed, enthusiastic consent is what we're after.
That is certainly true. 1Password might be a good one. But I'm thinking that they are both businesses, who offer their thing as services, both have taken investor money, management can change anytime... I think the risk category is similar.
The 1Password "no local/standalone vaults" "upgrade" in 7->8 is what got me to leave it after 15 years or so. They're killing the extensions used by Chrome/Brave/etc. in 3 months, so it became critical to move off Version 7 (which is probably not getting much security maintenance now, either). RIP.
FWIW, I was a longtime 1P user and evangelist, and I moved to BitWarden instead of 1P8. The UX isn't as good, but I was giving up a native experience either way, and BitWarden is cheaper.
The transition was very smooth, and I have no regrets! Plus, now I'm supporting an open source product, which is a nice bonus.
Similar here, switched from LastPass to Bitwarden a few years ago and have been very happy with it. It's less than perfect UX, and sometimes have to manually sync when switching between devices to get a new/changed password. Relatively low cost or self-hosting options, with extensions everywhere I'd need one. I do wish the experience was better for content other than passwords (notes/cards, etc).
This is the issue I'm having as well. I've been a standalone customer that's been paying since 2007, if I can't host my own vault either locally or in Dropbox - I'm out.
I was hoping to use 1P 7 for as long as I can, but with the Chrome extension dying it's going to become unusable. What have you found as an alternative?
This is my stance as well. I have not chosen a successor yet, but I’ll have a look at Bitwarden, Keepass and the recently released Proton Pass.
Trusting Dropbox for sync (which I did) meant trusting a cloud service, too, but IMO it is a less lucrative target for hacks than a server that stores _nothing but_ credentials. Also, using DB made me less dependent on connectivity (LAN sync) and would let me switch providers quite easily.
I'm going to try KeePassXC & syncthing. I assume its going to be no where near as good as 1P, but between no extension support, no local vaults, secret security ops, I don't see a choice.
Also a recommendation for Strongbox if you're on a Mac. I've tried "all" since switching from 1Password a few years ago and it was the one I liked the most.
They’re going CrashPlan. You were all dog-fooders and beta testers all these years for their eventual destination - the enterprise. Yes, of course you’ll be able to buy at $XXX/year with a minimum 10 users plan while you are all still singing paeans in the tune of - “oh it has gone shites, but it’s great, happy customer here!”
Mac/Apple only customers have this strong inclination for some kind of Stockholm syndrome when it comes to software and devs going shitty and hostile. I find this weird kind of loyalty added to software as well that somehow starts as Mac only and that loyalty stays even after they go crap. Often blown out of proportion.
I mean I always wonder what is the reason that these people don’t even want to acknowledge BitWarden.
> Mac/Apple only customers have this strong inclination for some kind of Stockholm syndrome when it comes to software
For decades, Mac users didn't have the same software choices that Windows users had, and a lot of what was available were shitty ports. When a company released high-quality Mac software, it was noticed and appreciated by Mac users.
Obviously that situation has changed in a post-iPhone world, but the culture of appreciating when someone made a really great Mac-native app is still there for a lot of people.
BitWarden was never the Mac-first native app that 1P was. I personally pay for BitWarden and never used 1P. Now I'm slowly migrating back to iCloud Keychain because I feel like I can't trust any of these 3rd party pw managers to not eventually throw us to the hedge funds.
> Mac/Apple only customers have this strong inclination for some kind of Stockholm syndrome when it comes to software and devs going shitty and hostile.
It's exactly the opposite of what you wrote. Mac users abhor the software that turns shitty. However, as on all modern platforms, there's no choice: all software is turning shitty.
Telemetry to inform product decisions is fine, in fact I think it's necessary to have confidence that software is performing in the wild (e.g. crash reporting), or that customers know how to use it.
What is not ok is opt-out telemetry for personalisation for advertising, or over-reaching personal data collection, in 1Password's case data from your vault.
There is however a grey area in the middle – data about the performance of product upsells. This is a tricky one, because arguably if I do upgrade (say, to 1Password Family/Teams), I've probably done so because it made sense for me, and I'm probably happier with the product... but I might not have done so without that information on how I or others use the product that helped optimise that flow. When done well I don't have a problem with this, but I hope 1Password are careful about the culture of upsells that this data could create.
The worry about telemetry in a product like this is how it's implemented. It's more code that could have bugs in it. What assurances do we have that it will execute safely in a way that it can't possibly access the password database, even in the event of (for example) compromise of the CI pipeline that builds the telemetry SDK?
> No customer vault data can be seen or collected. We’re only interested in how people use the app itself, what features and screens they interact with – not what they store in their vaults, what sites they autofill on, or anything like that.
This seems contradictory to me. How can the code see what screen is open without interacting with the app? This implies there is some kind of sandboxing layer. How can the 1Password software engineers possibly be confident enough in this sandboxing to assert that "no customer data can be seen?" That may be their intent, but bugs happen, especially in code that runs at a layer above the app to analyze how users interact with it.
I will be opting out. Hopefully the opt-out mechanism doesn't have a bug in it either. And when there is inevitably a bug in the telemetry, I hope 1Password is okay with admitting that their opt-out system created two classes of users: those who did nothing, and thus remained vulnerable to bugs in the telemetry layer, and those who opted out of it.
They do separate the UI application from the kernel that manages access to the data. I guess the biggest risk would be that you click reveal, which has the kernel expose a password to the UI, and then the UI phones home with its entire raw contents.
Good point. I don’t know what 1Password could do to prevent the telemetry from issuing control commands to the rest of the app outside of trying to prevent malicious code from being checked in and deployed.
I would say server side logging is one of the many downsides to SaaS based products and makes a great argument for running things locally. Any additional tracking of users exacerbates the problem.
For a password manager I'm in full agreement, but the gap between running something like SAP Cloud vs On-Premises is very costly. There are tradeoffs where it's worth it.
Why? If everything works as it is supposed to then the only result is a better product.
It may not work correctly, and there's some risk there, but it's pretty low risk. A poor implementation may cause UX regressions, but the company have incentive to not do that.
> If everything works as it is supposed to then the only result is a better product.
After 20+ years in the industry, I've never once seen this to be the case. I can't think of a single product that used telemetry that I'd consider to be of high quality. It has always been a sign that there's no captian on the ship though.
> It may not work correctly, and there's some risk there, but it's pretty low risk.
I'm unwilling to take on any risk to prop up a poorly run product team.
> What is not ok is opt-out telemetry for … data from your vault.
If I’m reading correctly, they’re pretty clear and intentional about not collecting data from your vault (regardless of opt-in or opt-out). It’s simply usage patterns of the UI.
Do any developers collect usage statistics by sampling rather than a persistent data stream? I think it would possibly reassure privacy-conscious users that anonymized & aggregated telemetry really is what it claims to be if the phoning home only happens at random intervals. Otherwise that detailed record of usage is too tempting a target for the surveillance capitalists.
That wouldn't reassure me at all. Just because an application is phoning home at random intervals in no way means that the data wasn't being continuously collected.
What would reassure me is if the data were all in human-readable form and given to me to transmit myself.
I've used 1Password since 2014 -- almost 10 years! And my company uses it, so I'm both personal and business user.
Product quality, especially with 1Password8 has deteriorated significantly. A big bag refactor to electron with no telemetry is probably the root cause. Not necessarily poor strategy, but certainly poor execution.
Telemetry is actually a good thing for 1Password users who see product quality decreasing bc it gives the PMs there some information to go off. The product surface area is huge now, and it's natural to lose sight of the most important stuff.
If I was in charge, what would I do?
1. Introduce telemetry and get data into hands of PMs + Designers
2. Pause all new feature development until table stakes features are working flawlessly: 1Password opens under 200ms for most users; auto fill in Chrome + Firefox actually F*king works like it used to before v8.
3. Trim down product surface area by killing features. E.g. decide is the default UX for auto-fill based on interacting with a button inside form inputs OR simply hitting the keyboard shortcut to autofill? Kill the other bc the interaction between these choices is painful.
I'll give them a year to figure this out. In the meantime, a Copilot / ChaptGPT enabled bootstrap founder will come along and build out a trimmed down version with just the basics and start eating their lunch.
There are already a bunch of competitors out there, and some of them seem to have been built quickly. Might be worth checking out if you've become this unhappy with 1Password.
This is very, very bad news. Even if their client telemetry ends up being opt-in, the “feature” will be part of the client code base, opening up an attack surface and chance of data leakage. I can already see the apology letter from their CEO coming in (“we let our users down”).
1Password, don’t do it!
Rely on other means to collect usability feedback like surveys, internal usability testing and developer tooling for build-time usability testing. Your app is simple enough that you absolutely, categorically do not need to subject your users to mass surveillance.
I am currently paying for a 1P family subscription and I will be moving to another provider or self-host a free/OSS password manager should your telemetry plans eventuate.
I've been a 1Password customer for many years. Their product is super solid. The family plan is very generous. I personally don't have an issue with them collecting some telemetry to improve the product. And they've stated they'll offer ways to opt-out.
It's enough to make me at least look for alternatives. If I'm paying for something, I'd strongly prefer to do so on my terms. I use Microsoft office in spite of the fact that it's basically just an industrial spying platform, because I don't have any other options. If I can find a password manager that's easy to switch too that doesn't spy on me, I'll do so. We shouldn't be rewarding companies for this.
Applies to much more MS products than just Office these days. I personally stopped being able to justify Office when they moved to subscription and iWork moved to bundled and already installed.
I still have Office on my work Mac and boy is it laggy typing as it analyzes the words and sends them to who knows where.
I'd accept making it opt-in, but opt-out is ridiculous. I can't imagine how they're going to get this past EU regulators.
I love (although loved more in the past) 1Password and have deployed it in two separate companies. Between this and recent UI updates (well, over the last couple of years), maybe it's time to look at alternatives.
Unless they have a non-IP based communication system, then they'll fall afoul of the same thing all online analytics services do - they'll be collecting, at least ephemerally, personal data under the EU definition.
Last year, a German court fined a website for using Google Fonts as it was providing the IP address to Google without authorization and without a legitimate reason for doing so.
It seems likely that the same reasoning will apply here.
Happy to help. In addition, while we're in the early stages and this design is likely to change, it may help to visualize how we're thinking about this process:
That depends. First, no data collection is "anonymous" when it is transmitted. Any anonymity must come later, and then is only possible if the company aggregates the data with other users and deletes the original data that was collected.
PII/Personal Data are squishy terms. In the US, anyway, the legal definitions of what counts as "PII" leaves out an awful lot of actual PII -- so any claims that "no PII is being collected" is meaningless without additional explanation of what data items are being collected.
No, IP address is personal data by the EU definition and you need a legal basis to process it. The strictly necessary legal basis allows for TCP connections required to provide the requested service.
It is clear that the EU does not consider telemetry to be strictly necessary and while there can be times when telemetry is allowable with the legitimate interest legal basis (for example, to prevent fraud or to comply with legal obligations), there is already plenty of case law across the EU that shows that the legitimate interest legal basis will not be accepted for user analytics.
For this reason, it seems unlikely that the proposed telemetry will be compliant in the EU.
> Because no network connection is anonymous but as long as you aren't handling PII
It's not the network connection that eliminates anonymity (although that, too), but the data itself. Even if there's no single piece of PII involved, fingerprinting is still a thing. That's why, if you want a hope at anonymity, you have to add the collected data into an aggregate collection and delete the original data records.
> Are we assuming 1Password is lying about anonymisation?
I wouldn't put it that way. Rather, I'd say that you shouldn't assume something is true just because a company claims it is. Especially when that thing can have a material effect on their profit margin.
Well, in the EU, the onus is on the data processer to show compliance, not the other way around.
However, Recital 30 (Online Identifiers for Profiling and Identification) clearly shows that IP addresses are personal data;
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. 2This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
There is plenty of case law to show that processing IP addresses (even if you discard them later) is processing personal data. For example, an Italian court included as part of a ruling:
> In this respect, it is worth pointing out that the IP address constitutes personal data insofar as it makes it possible to identify an electronic communication device, thus indirectly making the data subject identifiable as a user (see Article 29 Working Party, WP 136 - Opinion No 4/2007 on the concept of personal data, of 20 June 2007, p. 16). This is especially so where, as in the present case, the IP is associated with other information relating to the browser used and the date and time of browsing (see recital 30 of the Regulation).
> Anomyous telemetry is not PII. GDPR is personal data.
How are you exactly going to submit it anonymously? Will it connect over Tor?
Because if you just send it over your internet connection, it arrives with your IP address on the packets, which is PII, which makes it data processing of PII, which makes it require a legal basis to process. And it is legally uncertain that 'legitimate interest' is a valid ground for telemetry data, leaving only opt-in consent.
That would make any EU company running a server in a country without an EU data processing treaty illegal, because the IP address would be in the TCP handshake.
Edit: It would also violate using any networks that transit such countries, because TLS and TCP handshake info might be PII too. I find that such a ridiculous position to have re GDPR.
1P already has consent from users for its apps to use the network to connect to their services.
They do not need an additional agreement ie opt-in consent. If they are collecting non-PII they can use the current opt out.
> That would make any EU company running a server in a country without an EU data processing treaty illegal, because the IP address would be in the TCP handshake.
Yes, and this is the current situation with the US following Schrems II. Obviously, lots of companies are non-compliant as everyone is waiting for a diplomatic solution following the ruling against Privacy Shield.
> 1P already has consent from users for its apps to use the network to connect to their services.
They probably rely on the strictly necessary legal basis for network connections that are required to run the service. However, each purpose much have its own legal basis and you cannot bundle purposes. For example, you cannot gain consent to process given personal data for one purpose and then process it for another purpose.
Consent must be bound to one or several specified purposes which must then be sufficiently explained.
As long as there's no "session identifier," even if unique and completely unmarriable to the PII, it doesn't matter. Any session ID where an ID represents one person runs afoul. Makes meaningful telemetry really hard without consent.
My position is they can indeed get meaningful telemetry with opt-out anonymised data and that the GDPR does not prevent this.
I am countering the position of the parent poster and asking for a citation that would indicate you don't need to sneak this around the EU regulators to do it.
Don't get me wrong, it's still light years ahead of the Bitwarden clients and extensions, and that's why I stay, but I for sure would not use the present tense for their quality
> it's still light years ahead of the Bitwarden clients and extensions
I’m quite possible a simpleton but I can’t see how it’s light years ahead of Bitwarden. Can you provide an example of such difference?
Every time I used to check 1password (before the Great Purge of local vaults) I always arrived at the same conclusion. It’s a bit more beautiful but not 3x or 4x (whatever the price is) more beautiful then Bitwarden.
Functionality wise I couldn’t see much of a difference. Both save passwords, both share passwords, both generate passwords and both have Totp support.
I often regret any contact I have with the Bitwarden fanbase, because whooo they are rabid, but I guess I used to be a rabid fan of 1P so maybe fair's fair :-D Anyway ...
- https://github.com/bitwarden/clients/issues/1620 was created 2021, after it was migrated from the issue that was open even longer in the other repo, and now they've locked the issue because they're tired of people complaining about the extension losing their credentials
and here starts the list of even more highly subjective items, which I acknowledge are highly subjective
- the folder based item management in Bitwarden is highly inferior to the tags based management in 1P. Creating folders itself is a major PITA, whereas creating tags in 1P is ... just type the new tag name. Maybe people enjoy putting the "tags" in there item's names or whatever, and doing away with folders in Bitwarden, but ... the fact they're trying to implement tagging on the cheap indicates they want tags but Bitwarden doesn't see the world that way
- I find the attachment management process cumbersome in Bitwarden, whereas in 1P there are actually two orthogonal ways of managing attachments: they can be first class Items (called "Document" items) meaning that is the whole secret that one would care about, and they can also be arbitrarily attached to other Items in kind of a supporting role. I have scans of my passport attached to the Passport item type because so many places ask me to upload a scan of my passport. Same for my driver's license on the formal Driver's License item type
- in the theme of "finding it cumbersome," I find that 1Password seems to care a lot more about UX than Bitwarden. Now, of late I am having to qualify any such statement because yikes that 1P 8 rewrite was catastrophic. But, rewrite-induced-self-inflicted-harm aside, I still think 1P cares a lot more about UX than Bitwarden
A perfectly reasonable question may be "well, it's open source, why not start fixing bugs?" The things about using folders and the lack of item types indicates to me that they're just rowing in a different direction than what I would like, and the fact that they're a commercial company means unless I directly would benefit from fixing a bug means I am not incentivized to contribute free labor
I try not to tie my personality to a piece of software, so I would definitely not consider myself a fan of BitWarden, just a satisfied user.
None of your issues I personally experienced or particularly bother me, this is probably a statement to how different people experience different pain points, but your list of complaints was exactly what I was trying to understand. Thank you for taking the time for such a thoroughly response.
As I said, my needs are extremely simple for my password manager. Just keep my data safe, searchable, available on all my devices, generate some strong password and that's it. But I completely understand if you need more. Different strokes for different folks and all that.
I'm disappointed with what 1password has become. To put it in a tone I feel is appropriate given how much time and money I've invested into their product, I don't think abandoning native development for electron to shove telemetry into your product counts as bending over backwards to preserve privacy. It reeks.
Which is why they just got told to cancel my future renewals, giving me like… 10-ish months to move stuff to something I actually control, unless they figure out a less stupid plan.
If I have to fight with a product to block telemetry, I’m not going to have it be one I’m paying them for like this, and I’ll take every company I can with me.
I dropped 1P the day I ran a suggested update and it locked me out from making changes to my database unless I signed up for a paid subscription. FOSS or bust.
Right now, the only thing I am missing is something that will sync with a KeePass vault and push TOTP tokens to my Apple Watch (as well as a couple of rarely used credit cards whose PIN codes I would like to have always available for emergencies).
Other than that, if you’re not an enterprise customer I think OS or browser-based password managers (which now sync across machines and platforms and even have the ability to do TOTP, at least on the Mac) are finally good enough for end users.
If you need to store software licenses, recovery codes, etc., KeePass XC is excellent for that as well, and available everywhere (and no, sorry, I don’t want to use Bitwarden because I don’t want to run a dedicated sync service for myself, or use anyone else’s).
I have my issues with what 1Password has become as a product, but this seems like a very good stance to take. As a product owner, it's essential to know what and how people are using the product, collecting some straightforward telemetry that's anonymized and doesn't contain and Vault data strikes me as reasonable.
> As a product owner, it's essential to know what and how people are using the product
You can ask the users. You can apply some common sense (which 1Password team increasingly doesn't). They can look at the support forums listing the many issues (especially with UX) which are condescendingly dismissed. Etc.
It doesn't deliver for the company. Opt in telemetry is the same as not doing telemetry. Not because people are morally against telemetry but most people just click through. You might say that is a good thing or that is how it should be but that is exactly why it doesn't deliver the desired result for the company.
- Purchase a stand-alone license, getting well-performing and feature-complete native clients with several options for vault sync that are under my control.
- Upgrade to 1Password 8, a version that sounds great, but has quietly removed local sync unless you checked forum and blog posts before buying.
- Watch the clients go from being native to Electron and losing many, many features. Get forced into using the web app for simple things like seeing history.
- Watch browser integrations get progressively worse (check out the reviews on the Firefox extension, oh boy)
- Even if you've been using 1password 7 (the version you paid a good chunk of change on for, in 1Password's own words, a life-time license), you won't be able to use it with browsers at all soon https://support.1password.com/kb/202303/.
- Get popups and unwanted opt-out integration with social media logins, when I've gone out of my way to purge garbage like "login with google" from my internet experience.
- Get unwanted opt-out telemetry forced on you, which regardless of their assurance will eventually leak PII like it always does. People make mistakes, c'est la vie. I would have no issue with opt-in telemetry.
I think this is it for me. Forced telemetry is a small thing, but it's just one of many poor decisions. I'm sure it's a smart business decision and their investors will be happy finding more and more ways to extract value out of users. I just want a simple password manager, so after a decade this is it for my family and myself.
Same. When I started using 1p, the vault was stored locally, and it was possible to decrypt it at the command line using openssl. They prided themselves on this. They moved to cloud-based, and at one point I went to check if data export worked, and it did not. I opened a support ticket, and before even offering any actual help they wanted to know why I wanted to export my data anyway. Then they wanted me to download and run some telemetry binary to collect info about my system. I figured out the problem myself without them, and told them why I felt this meant they now had a value set that meant I could not rely on them going forward. They offered me a discount code.
I remember when they gave enough information about their vault formats that I could write my own linux app to fetch data out of their .opvault format in roughly an afternoon!
Bitwarden is cloud-based with synchronization to local caches. If you want total control over your data with Bitwarden you will need to run the server/cloud side. I'd caution that running a Bitwarden server is not for everyone, as one could make the security worse than the Bitwarden-company-hosted cloud service.
I run Vaultwarden on my LAN, with no public/Internet facing service, and sync only on my LAN.
If you're looking for something that's offline first go for pass [0], gopass [1], or any keepass-compatible [2][3][4] password manager and sync the database yourself.
I pay them for the TOTP authentication alone, so that I don't have to never ever use google authenticator ever again, but it also feels good to be able to support such an awesome project, even if it's only a little.
I pay them for the family plan. Being able to share items with my wife and kids (particularly joint accounts) is extremely useful, and they do it without creating two classes of passwords (like LastPass, my previous vault).
BTW, the paid accounts provide TOTP code storage, more comprehensive password health reports, emergency vault access for others, hardware key support, someone to call with problems[0], and encrypted file sending.[0]
The biggest loss for me on v7 -> v8 is 1Password Mini - that's a wonderful little 'browser extension for the desktop', and quick access is just awful to use in comparison.
It's not helped by their responses basically always being "but we like this, so it's better!" - they don't listen to customer feedback any more, and they pair it with their 'quirky' comms style that just comes off as condescending & dismissive. Collecting telemetry doesn't help if they ignore the feedback they already have.
edit: plus, they keep showing hard/impossible to dismiss UI in web pages to try to capture/fill fields, and it makes using the web pages really difficult!
This so much! I hate hate hate how there is no context anymore for filling in logins and how it has to all happen inside the browser. It's normal for me to have 5-6 different logins for websites. In v8 I can only use the tiny bar in the webbrowser to select one. But it doesn't let me search or give me information on which login is which.
In v7 with 1Password Mini I can do a fuzzy search outside of the browser and then just press enter to fill the details.
I'm still holding on to v7, but apparently we just can't have nice things. Sounds like it may be time to move on soon. :'(
Bought full license some time in 2014. Watched them disintegrate into subscription hell while making the apps worse. Moved everything to Firefox and Apple Passkeys. They integrate better with my workflow anyway.
> Watch browser integrations get progressively worse (check out the reviews on the Firefox extension, oh boy)
This doesn't align with my experience, and I've been using their app/service for years (the Windows & Mac apps, along with the Chrome and Firefox extensions). I don't mean to sound harsh but I'm scrolling through the negative reviews on the Firefox extension page as you suggested, and it's hard to take the majority of them seriously:
"i have never been happy with 1Password. Too frustrating to use."
I have enjoyed how quickly 1Password was adopting new technology and features while still staying stable. It just worked. Lately, that hasn't been the case. Recently, the browser extension, which is my main interface for 1Password, has been acting up.
I use browser extension in Edge on macOS. I am on a page signing up for a new website and want to save credentials. It doesn't. Keeps erroring out. Disabling and re-enabling extension, and then refreshing the tab finally fixes it. I reached out to customer support and they told me to sign out to force refresh the cache. I did it, but the problem wasn't fixed.
1Password needs to fix the bugs that their customers are already reporting, instead of alienating their users with telemetry. I don't think the learnings from telemetry will be worth the damage it will cause to their brand.
> Recently, the browser extension, which is my main interface for 1Password, has been acting up.
> I use browser extension in Edge on macOS. I am on a page signing up for a new website and want to save credentials. It doesn't. Keeps erroring out. Disabling and re-enabling extension, and then refreshing the tab finally fixes it. I reached out to customer support and they told me to sign out to force refresh the cache. I did it, but the problem wasn't fixed.
I've had the same issue, support told me the exact same thing:
1. Lock the 1Password app (which also locks the extension).
2. Unlock the 1Password app (which also unlocks the extension).
If the issue is still present, please go through the steps below to fully re-sync your account:
1. Right click the 1Password icon in your browser toolbar and choose Settings.
2. Under General, disable "Integrate with 1Password app".
3. Under Accounts & Vaults, sign out of your account.
4. Sign back into your account.
5. Go back to General, and re-enable "Integrate with 1Password app".
I told them it didn't help at all, they claim they've released a fix for "one of the possible causes of the bug", in the beta version of the extension, they asked me to make a new chrome profile and install the beta version but I just didn't bother at that point and just lived with it..
FYI, I spent some more time troubleshooting and might have found the root cause. I had switched to 1Password 8 Beta before it was released because I enjoyed the updated UI. Once version 8 was officially released, I switched to the Stable channel, but the desktop app was stuck on the old beta version. So, beta was old, but the extension kept getting updated likely causing the bad behavior.
I uninstalled the macOS beta app and reinstalled the stable version. It seems to be working fine for the last day or so.
The slide into Enterprise™, you mean. Lots of big companies use 1Password as an IT solution for secrets management. That $6.8 billion valuation has to come from somewhere.
I think it's ridiculous to have such functionality in a tool that's supposed to keep secrets. But we won't see meaningful change until a major WTF happens, and maybe not even after that.
This is the killer feature I was missing! Pay money for usage and the way the app interacts with users, and they have crossed their hearts that they won't "spy" on us (which can change any other time in their terms and conditions). Who wants to bet they will find a way to stuff "privacy focused apps" in the vault? Why not?
Just wanted to add my voice that I really like the newer 1Password stuff. I haven't had any issues I've seen people complaining about, and don't have any of the philosophical issues that a lot of others seem to have. If you're one of those people, you should be definitely just move to Bitwarden.
After taking in ridiculous amounts of money, they must figure out what features are most crucial for users – so that those features can be monetized the hardest
Where are those "ridiculous amounts of money"? The price of 1password seems very moderate so they must selling enormous number of licenses to amass so much money.
I've never trusted any of these password storage services and only use KeePassXC. I remember having conversations with people years ago when these services were appearing and I told them that eventually these services would screw over their users. To my amazement people continue to believe that storing their most precious information(passwords) with a 3rd party. I truly don't understand.
It's just too much risk exposure for me. Why on God's green earth would anyone trust some random assholes with something as important as passwords? I just don't get it.
They're gonna screw you over. And they're gonna continue screwing you over because you continue to be their customer. Just recognise that and move on.
> Why on God's green earth would anyone trust some random assholes with something as important as passwords?
You’re going to have to trust the app’s code no matter what. As long as encryption and decryption happens locally, how does a hosted password manager make a difference to local storage?
1Password's recent developments are sad, especially so since I don't know another fully-featured secrets manager I can wholeheartedly recommend to less tech-savvy folks. Bitwarden's UI is nowhere near as polished and end-user-friendly as 1Password's IME, and the password managers built in to phone operating systems manage passwords - nothing else. Also, 1Password's sharing functionality is invaluable - if I want to share a credit card number or something with family, I can just put it in a shared vault.
Is there another user-friendly, powerful password manager out there that I can recommend instead?
1Password is the leading cautionary tale of how to make boat loads of happy customers cry in the shower daily.
They took an amazing product that worked better than every competitor and was easy to use then ruined it with the absolute dumbest product decisions I've ever seen.
They gave Apple the green light to put them out of business and I'll be switching as soon as that feature is available.
Their product decisions were almost as bad as Sonos, almost.
US companies, led by VC's, have mastered the art of "shimming" themselves into every consumer interation possible, and then expanding that shim until all we can do is give up and say, "I guess that's just how it is," cede our privacy to yet another 3rd party, and pay $X/mo for the privilege. It's exhausting. Meanwhile, it seems almost everyone in Congress is making BANK on insider trading, probably cooperating with private equity doing this sort of thing, so there's no chance to implement regulations to prevent people from boiling more frogs. If there's one app or service that I use which isn't doing this, I don't know what it would be. Maybe Sublime Text? It's the only thing installed on my computer that I trust to not be transmitting telemetry. I guess that means I should join a VC firm and convince them to do a big investment in it to make it a be-all-things-to-all-people golem like VS Code, and include telemetry and a monthly cost model. We're running out of things to enshittify people!
Thank you for the comments on this important topic. 1Password's mission is to help people safeguard their most important information and to do that, we have always taken a human-centric approach to security. In order to deliver the exceptional product experience our users expect from us, we need to better understand how they use 1Password.
And while our goal is to deliver better 1Password products, we won’t require our community to help us if they don't want to. We're fully committed to transparency and will provide updates coming out of our research and development period. When we are ready for a wider rollout of this functionality, we will provide clear, in-app messaging, and you’ll be able to control whether or not telemetry is active on your account.
In the meantime, thank you for sharing your feedback – these discussions are always valuable to us, and we appreciate your constructive candor.
As our CTO, Pedro, discussed in his blog post (https://blog.1password.com/privacy-preserving-app-telemetry/), we have only rolled out telemetry to our employee base. We will be analyzing the results of this internal-only roll-out before implementing this functionality more broadly.
This functionality will have a prominent in-app message that will ask Individual and Family account users to choose whether they prefer to keep telemetry on or off their account. Nothing gets collected until they’ve made this choice, and users will be able to change their preferences whenever they would like.
> This functionality will have a prominent in-app message that will ask Individual and Family account users to choose whether they prefer to keep telemetry on or off their account. Nothing gets collected until they’ve made this choice, and users will be able to change their preferences whenever they would like.
Does the choice for "Track My Activity" look like a "Continue" or "Next" button? Respectfully, it sounds like you're trying really hard to not actually say it's going to be opt-out.
The designs for what the screen will look like have not been completed yet. I couldn't say exactly what the language will be. From what I've seen thus far it will be clear that there is a choice to be made, but the default selection will be to enable telemetry.
I appreciate the least-bad option for a feature most people don't want. I will be impressed if this is how it's implemented and how it stays. I also appreciate your willingness to engage with people online who get to stay anonymous while making criticisms when you don't have the same luxury.
So it's effectively opt-in then? It strikes me as odd that this wasn't clearly communicated in the blog post, and even more odd that phrasing like "At that point, we’ll also provide guidance on how you can opt out if you’d like to" was used.
You're not going to have to hunt around in the settings to consent to telemetry, no, but we're also not going to collect without consent. We're in the early stages, so this is subject to change. Still, our design team shared this mockup that may help visualize the direction we plan on taking if we move forward with a customer-facing rollout of telemetry.
I'm no longer a 1Password user due to a number of extremely user-hostile behaviors, but credit where it's due -- this mock-up, if implemented, will be far better than I feared.
I don't like opt-out telemetry but I get it. I hate and do not get local vault elimination. I've been using 1P since 2008 and I'm out once the 1P7 browser extensions stop working.
I honestly can't understand how anyone would use those cloud services for important passwords and keys. The risk/reward ratio is just too high. And for anything not crucially imporant I would just whatever my web browsers support natively.
It makes using different web browsers easy. For example, Firefox on the desktop and Safari on the phone.
I also don’t like the idea of locking password management into a specific browser because I switch browsers more often (last time 5 years ago) than password managers (last time 15 years ago).
I don’t have an issue with passwords, even important ones, being synced with the cloud. As long as the crypto happens locally, and as long as I’m forced to trust the app developers anyway, what difference does cloud vs. local storage even make, security-wise?
I wouldn't object to Apple driving another small nail into 1Password's coffin by coming up with a scheme to enable Firefox and Chrome to access iCloud Keychain for certain web site passwords (but not all of them!)
I’m glad I’m not alone in my thoughts on 1P 8. Unfortunately it’s become completely unusable for me and I’m actively looking into alternatives. Leaning toward Bitwarden although it’s UI is a considerable downgrade imo.
It bothers me quite a bit to read that we’ve normalized telemetry as much as we have. If you’d asked more or less any random hacker 10 years ago if any of this was remotely OK they’d all be slack-jawed to learn what has happened.
Where did all the privacy conscious hackers go? Did they all get replaced when JavaScript and Electron became the norm?
As development has continued, the 1P app seems to have gained in bugs. I've tried reporting these - I like 1P and the 1P team seems to care about delivering a quality product - but using their forums is very frictionful and I've often given up on reporting bugs because it's not worth the faff. Telemetry holds the promise that they can fix the bugs without me needing to manually report.
I've had issues where 1Password wouldn't save my new logins properly, lasting for over a day. Maybe that's why they need the telemetry.
Do 1Password do security/privacy audits the way Mullvad do? That's a pretty decent way of building goodwill over time when it comes to decisions like this. It's probably a fine decision, but they should probably have gone to greater lengths to write this blog post in more exhaustive detail.
I love that idea. We'd have to be super careful with the de-identification of associated data (which we're doing anyway), but having automation behind figuring out filling failures could be a huge boon. I'll share the thought with the team.
> we’ll be able to gather only a small set of general events and interactions within our apps. Things like when you unlock the app, when you create a new item (but not its contents!), or when you use autofill (but not what sites you use it on!).
How are people creating new items? App, or extension?
How are people accessing items? App, quick access menu, extension, browser bookmark?
How are people changing passwords? In the app, using the password generator or not, in the extension with the password generator, in the browser using the injected UI?
The thing about 1Password is that it seems like it's simple, but under it all there's usually multiple ways to do the same thing. Using some telemetry they could easily see that only 2% of users are using this one particular feature, and cut it if it's not getting used. Or this fantastically useful feature is only getting 20% of users using it, maybe they need to introduce it to users in a better way. Etc.
At the end of the day, having this kind of data can make for better decisions. I'm not a fan of telemetry though. I'm honestly surprised the security team at 1Password agreed to this one as well.
> having this kind of data can make for better decisions.
It can also make for worse decisions.
2% of millions of users is still tens of thousands of people. Maybe that feature is terribly useful but only a handful know about it. Cutting it would be a mistake; it should be made more prominent.
Maybe the 20% feature is annoying and that’s why 80% of people actively avoid it. Giving it more prominence would be a mistake; it should be cut.
No amount of telemetry will tell you users are deeply unhappy with the move to an Electron app and the removal of local vaults. You only know that from direct feedback and speaking to them.
That's the trap Firefox fell into, I think. Relying so much on telemetry that only tells a very small part of the story. So they cut features that are useful, but people didn't even know they existed. It seems like this data-driven approach should go: Collect data, form conclusion, try to increase awareness of feature, collect more data, form new conclusion, cut if awareness didn't pan out.
The writing has been on the wall for some time. It's clear that they are focused on growing the company and maximizing revenue. Nothing wrong with that, but my family's needs aren't going to satisfy a hungry capitalistic company. So I've had plenty of time to have alternatives, which I've been using. 1Password has been in parallel with another password manager and once they end support for 1Password 7 my family will turn this one off and switch.
The experience with 1Password 7 isn't all that great right now anyway, so I'm not losing much really. The syncing is super useful, but there is a solution to that too.
I hope they fix all the issues with unlocking. Sometimes it takes ~20sec to unlock 1Password. Sometimes unlocking the browser plugin causes the app to pop up, other times not. Sometimes it just doesn’t unlock. I think there are two kinds of browser extension, which is confusing. All very frustrating at times and only getting worse.
I’m counting the days before I finally need to find an alternative. I’m hanging on to the non-sub, non-cloud vault, non-telemetry version, but it’s only a matter of time. Shame because otherwise it’s been a great product, rock solid.
I’ve resisted putting my passwords in Apple’s keychain, because it’s the last “egg” I DON’T have in their “basket,” but I think 1Password has finally turned up the heat a bit too far on this frog.
I really don’t want to have to deal with migrating fifteen years of stuff out of 1Password, but this might compel me to out of respect for the clients I work with.
How about an ability to resize the width of the column that lists the names of the secrets in the vault so that I can see what they are. That’d be higher on my priority list.
absolutely. i hope they don't charge more for this feature. hell, why stop at 1password properties? leave no stone unturned, there may be other secrets laying around that can monetized with innovative product features to ensure the IPO is a success for the investors.
What a coincidence. Just yesterday I was discussing 1pwd’s series A with a friend and I remembered about a podcast the founder (David Teare) did with DHH (Rework Podcast). In it, he literally cites this. He says they raised money for a bunch of things, and one, was to add metrics, but he wanted them to make them anonymous. We’ll see how it plays out.
It tells the extension which item you've selected to fill. It isn't possible to use the Open & Fill feature without it. If you navigate to the website in your web browser and then fill from 1Password's inline menu, instead of using Open & Fill, you can avoid it. Hope that helps. Please drop us an email if you have further questions: support at 1password dot com
The only reason we're talking about this is that 1Password wrote a blog post about it. They're not dumb, they know that this is the reaction they can expect from a blog post about how they're doing telemetry. They compete with a raft of products that not only use telemetry, but do it sneakily and with SAAS vendors that add attack surface to their products. But nobody talks about telemetry in those products, because those vendors don't want to have the conversation.
Exactly. Just look at Bitwarden's privacy policy, for example:
> We use data for analytics and measurement to understand how our the Site and Bitwarden Service are used. For example, we analyze data about your visits to our Site to do things like optimize product design. We use a variety of tools to do this, including Google Analytics. When you visit the Site using Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.
I was an advocate for putting out the blog post early, despite the fact that we're currently only testing this with our employees. As you say, we knew it would be something the community would have questions about, rightfully so, and wanted to be as transparent as possible.
1Password: I really wish we knew what users wanted.
Users: Please don't move to Electron, I don't want Chrome bugs in my password manager.
1Password: I'm just baffled. We never hear from users.
Users: Please, for the love of God, give us control over our vaults. Don't go cloud-only, we're begging you!
1Password: Better turn on telemetry. It's the only way to solve this mystery for the ages.