We’ll soon be rolling out a privacy-preserving telemetry system to customer accounts. Learn how the rollout is going to work, and the steps we’ve taken to protect your privacy.
"We won’t be collecting your saved passwords, passkeys, usernames, and any URLs associated with your items. Your private information is just that – private.
All event data will be de-identified and processed in aggregate before it’s used for analysis. "
It sounds like they plan on releasing the technical details in the coming days/weeks. I’m curious how its de-identified and processed.
Just leaving a comment here since I haven’t seen anybody else mention it: participation is optional for Individual and Family plans, and at this time it will not be applied to Team and Business plans.
Almost every product tracks user behaviour. It’s how they utilise that data that should concern us. In this case, this doesn’t concern me at all. I’ve already decided to trust them with my passwords.
Exactly. They are being transparant, it looks like it will be an opt-in when the time comes and are already telling you why they are collecting data. Now if they will tell you exactly what data they will be collecting in a short way before asking approval this is a textbook example of how analytics data collection should be done.
I recently switched from Bitwarden to 1Password and don’t regret it one bit. Their app is substantially improved over Bitwarden. Layout is significantly more intuitive and autofill works better than Bitwarden on iOS/macOS.
It’s not for me, no. I guess it depends if you’re going to be logging in on random computers frequently (I do not). I printed out a hardcopy of their “recovery kit” which has your secret code and put it in my firesafe. It’s a nice extra layer of protection vs only a single master password which can be sniffed especially since it contains the credentials to my entire life.
Also I always have my phone on me which is logged in to 1Password, and I can view my secret key from there wherever I am.
Tough place for 1Password, who clearly want to be able to collect data to maintain a competitive edge, but have an audience of security conscious users who may not be comfortable with this. But as always transparency is appreciated.
It’s also incredibly important to note that they are making this explicitly opt-in. So none of that ‘dark pattern’ mumbo jumbo with the tyranny of the default–where companies opt you in and most users dont realize they have to opt-out.
All in all they are going about this the right way it seems. The devil will be in the de-identifying technical details imo.
I used a legacy version until recently. Could still sync with Dropbox, but Chrome integration eventually broke completely, and that was the last straw. Now on BitWarden, and while not perfect, it’s free and does what I need it to do.
Huh? They are interested in improving their app - to do that, understanding what choices people make (which buttons do they press, which so they miss etc) is helpful. They’re not trying to monetise your behaviour for goodness sake, but give you a better experience.
Most people don’t understand what this is or why it’s important. And that’s not their fault. The kneejerk reaction to having data collected is justified due the amount of companies who abuse it. I mean the amount of stuff you have to turn off (and block the stuff you can’t turn off) just to use Windows in a reasonable manner is insane.
I don’t fault people for reacting to this news, even though it’s not even really news. Developers need to know how people use their products if they want to make them better. And it’s opt-in, which is the right way to do it. 1Password certainly knows this and the fact they’re trying to be so transparent shows that they know they need to prove what they claim.
1Password has built a lot of trust with it’s users over the years. There was some controversy over switching to a subscription model, but realistically $3.50/month to have the most important data you possess hosted securely (and they’ve been super transparent about that security too) seems like a no-brainer. To my mind, 1Password isn’t going to do anything to jeopardize their place in the market when there are free and self-hosted services out there. Probably they want to use their app, which is already the best of any password manager I’ve ever used, to be the thing that sets them apart from the competition. And to do that, they need to know how people use it to know what could be better.
It is no doubt a good thing for them to at least try to be “transparent”. I hope it is really their intention. I was a customer but I have migrated to selfhost Bitwarden (with Vaultwarden) already.
I’m happy with enpass myself for s few years now. it has all kind of sync options and wifi p2p sync if you want to be offline.
they offer subscription shit, but luckily also a normal software license to buy.
You can use keepassXC and “self-host” your passwords on any cloud-storage you want (it’s just a file after all), but if you are using 1Pass at the moment, I don’t see an opt-in anonymized telemetry system as a reason to switch.
If you’re not willing to trust what they say about the anonymity of the telemetry system, or to opt out, then I think you wouldn’t be happy trusting them with all your passwords in the first place!
If you’re willing to stick to Safari, then I think using Apple Keychain is best, especially since they’ll be adding sharing this year.
Yeah this is what I don’t get. They already hold your most precious secrets and now you don’t trust them with a telemetry system?! Seems an odd order of concerns to me.
Telemetry, even scrubbed, can provide enough meta data to de-anonomize the user. If the goal is to reduce your threat vectors, than it’s a valid concern.
Given data breeches are increasing, the less data that is collected the better.
Come on - this is 1Password we are talking about; I think they’ve earned a little bit of goodwill given their past behaviour. Transparency is key. Keep in mind that they could do almost whatever they want without telling us.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
I’ll stick with my bitwarden / vaultwarden.
100% self-hosted using vaultwarden. If- my vaultwarden server goes down, everything remains synced to my browsers, mobile devices, and other clients.
Autofill works fantastically well, and it can also replace authy for managing 2FA keys.
Just leaving a comment here since I haven’t seen anybody else mention it: participation is optional for Individual and Family plans, and at this time it will not be applied to Team and Business plans.
Doesn’t join-lemmy.org do the same thing with telemetry? As long as this is GDPR compliant, then there’s no personal data to track.
Almost every product tracks user behaviour. It’s how they utilise that data that should concern us. In this case, this doesn’t concern me at all. I’ve already decided to trust them with my passwords.
Exactly. They are being transparant, it looks like it will be an opt-in when the time comes and are already telling you why they are collecting data. Now if they will tell you exactly what data they will be collecting in a short way before asking approval this is a textbook example of how analytics data collection should be done.
Telemetry is one more attack vector, and it’s not a small one at that.
Product owners need to be laid off to stop the enshittification of these apps. Extremely disappointed in this move.
deleted by creator
Lol
I recently switched from Bitwarden to 1Password and don’t regret it one bit. Their app is substantially improved over Bitwarden. Layout is significantly more intuitive and autofill works better than Bitwarden on iOS/macOS.
deleted by creator
It’s not for me, no. I guess it depends if you’re going to be logging in on random computers frequently (I do not). I printed out a hardcopy of their “recovery kit” which has your secret code and put it in my firesafe. It’s a nice extra layer of protection vs only a single master password which can be sniffed especially since it contains the credentials to my entire life.
Also I always have my phone on me which is logged in to 1Password, and I can view my secret key from there wherever I am.
Before it’s used for analysis or before it’s sent to the server? The wording there isn’t exactly confidence inspiring.
Tough place for 1Password, who clearly want to be able to collect data to maintain a competitive edge, but have an audience of security conscious users who may not be comfortable with this. But as always transparency is appreciated.
It’s also incredibly important to note that they are making this explicitly opt-in. So none of that ‘dark pattern’ mumbo jumbo with the tyranny of the default–where companies opt you in and most users dont realize they have to opt-out.
All in all they are going about this the right way it seems. The devil will be in the de-identifying technical details imo.
Isn’t 1passwoed subscription only? If I remember correctly that’s what drove me away from a once great application.
and now they want to collect data from paying customers?? excuse me? are you insane?
crash and burn.
I used a legacy version until recently. Could still sync with Dropbox, but Chrome integration eventually broke completely, and that was the last straw. Now on BitWarden, and while not perfect, it’s free and does what I need it to do.
Huh? They are interested in improving their app - to do that, understanding what choices people make (which buttons do they press, which so they miss etc) is helpful. They’re not trying to monetise your behaviour for goodness sake, but give you a better experience.
Most people don’t understand what this is or why it’s important. And that’s not their fault. The kneejerk reaction to having data collected is justified due the amount of companies who abuse it. I mean the amount of stuff you have to turn off (and block the stuff you can’t turn off) just to use Windows in a reasonable manner is insane.
I don’t fault people for reacting to this news, even though it’s not even really news. Developers need to know how people use their products if they want to make them better. And it’s opt-in, which is the right way to do it. 1Password certainly knows this and the fact they’re trying to be so transparent shows that they know they need to prove what they claim.
1Password has built a lot of trust with it’s users over the years. There was some controversy over switching to a subscription model, but realistically $3.50/month to have the most important data you possess hosted securely (and they’ve been super transparent about that security too) seems like a no-brainer. To my mind, 1Password isn’t going to do anything to jeopardize their place in the market when there are free and self-hosted services out there. Probably they want to use their app, which is already the best of any password manager I’ve ever used, to be the thing that sets them apart from the competition. And to do that, they need to know how people use it to know what could be better.
It is no doubt a good thing for them to at least try to be “transparent”. I hope it is really their intention. I was a customer but I have migrated to selfhost Bitwarden (with Vaultwarden) already.
Sigh. What’s a good alternative for iOS?
I’m happy with enpass myself for s few years now. it has all kind of sync options and wifi p2p sync if you want to be offline. they offer subscription shit, but luckily also a normal software license to buy.
BitWarden is excellent
I switched from 1Pass (no subscriptions, please) to BitWarden recently, and I’m super happy with it ❤️
You can use keepassXC and “self-host” your passwords on any cloud-storage you want (it’s just a file after all), but if you are using 1Pass at the moment, I don’t see an opt-in anonymized telemetry system as a reason to switch.
If you’re not willing to trust what they say about the anonymity of the telemetry system, or to opt out, then I think you wouldn’t be happy trusting them with all your passwords in the first place!
If you’re willing to stick to Safari, then I think using Apple Keychain is best, especially since they’ll be adding sharing this year.
Yeah this is what I don’t get. They already hold your most precious secrets and now you don’t trust them with a telemetry system?! Seems an odd order of concerns to me.
Telemetry, even scrubbed, can provide enough meta data to de-anonomize the user. If the goal is to reduce your threat vectors, than it’s a valid concern.
Given data breeches are increasing, the less data that is collected the better.
Come on - this is 1Password we are talking about; I think they’ve earned a little bit of goodwill given their past behaviour. Transparency is key. Keep in mind that they could do almost whatever they want without telling us.