"We won’t be collecting your saved passwords, passkeys, usernames, and any URLs associated with your items. Your private information is just that – private.

All event data will be de-identified and processed in aggregate before it’s used for analysis. "

It sounds like they plan on releasing the technical details in the coming days/weeks. I’m curious how its de-identified and processed.

      • renard_roux@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        I switched from 1Pass (no subscriptions, please) to BitWarden recently, and I’m super happy with it ❤️

    • chaotic_goody@beehaw.org
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      If you’re not willing to trust what they say about the anonymity of the telemetry system, or to opt out, then I think you wouldn’t be happy trusting them with all your passwords in the first place!

      If you’re willing to stick to Safari, then I think using Apple Keychain is best, especially since they’ll be adding sharing this year.

      • sunbeam60
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yeah this is what I don’t get. They already hold your most precious secrets and now you don’t trust them with a telemetry system?! Seems an odd order of concerns to me.

        • ironsoap
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Telemetry, even scrubbed, can provide enough meta data to de-anonomize the user. If the goal is to reduce your threat vectors, than it’s a valid concern.

          Given data breeches are increasing, the less data that is collected the better.

          • sunbeam60
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I mean, 1password has access to all your passwords? If they wanted to de-anonymize you, they could encrypt, compress and send to themselves one of your passwords every time you decrypted it in your client? If you choose to trust them with decrypting your passwords, it astounds me that your wheels come off at “collecting telemetry”. In that case, I can’t understand how you are a 1password customer in the first place.

            But ok, everyone’s different. I’m just confused.

            • ironsoap
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Decryption was not actually where I was going, as due to the method of encryption although it’s stored at rest, they do not have access to your decrypted password.

              Usage patterns, data movement, and the rest of the telemetry can point to who the user is, which might give interested parties enough information to attempt a social hack or some other escalation.

              It’s an outlier, but such things have happened in the past. So reducing pointers can help keep you safer in the long run. Especially as data breeches are only increasing in frequency. Lastpass had one last year, which did not compromise password but did compromise customer data.

    • sunbeam60
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Come on - this is 1Password we are talking about; I think they’ve earned a little bit of goodwill given their past behaviour. Transparency is key. Keep in mind that they could do almost whatever they want without telling us.

    • ZickZack@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      You can use keepassXC and “self-host” your passwords on any cloud-storage you want (it’s just a file after all), but if you are using 1Pass at the moment, I don’t see an opt-in anonymized telemetry system as a reason to switch.

    • Screak42@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I’m happy with enpass myself for s few years now. it has all kind of sync options and wifi p2p sync if you want to be offline. they offer subscription shit, but luckily also a normal software license to buy.