1password implementing privacy-preserving telemetry system

wet_lettuce@beehaw.org to Technology@beehaw.org – 31 points – Rolling out our privacy-preserving telemetry system | 1Password
blog.1password.com

"We won’t be collecting your saved passwords, passkeys, usernames, and any URLs associated with your items. Your private information is just that – private.

All event data will be de-identified and processed in aggregate before it’s used for analysis. "

It sounds like they plan on releasing the technical details in the coming days/weeks. I'm curious how its de-identified and processed.

27

You are viewing a single comment
View all comments

Sigh. What’s a good alternative for iOS?

If you're not willing to trust what they say about the anonymity of the telemetry system, or to opt out, then I think you wouldn't be happy trusting them with all your passwords in the first place!

If you're willing to stick to Safari, then I think using Apple Keychain is best, especially since they'll be adding sharing this year.

Yeah this is what I don’t get. They already hold your most precious secrets and now you don’t trust them with a telemetry system?! Seems an odd order of concerns to me.

Telemetry, even scrubbed, can provide enough meta data to de-anonomize the user. If the goal is to reduce your threat vectors, than it's a valid concern.

Given data breeches are increasing, the less data that is collected the better.

BitWarden is excellent

I switched from 1Pass (no subscriptions, please) to BitWarden recently, and I'm super happy with it ❤️

Come on - this is 1Password we are talking about; I think they’ve earned a little bit of goodwill given their past behaviour. Transparency is key. Keep in mind that they could do almost whatever they want without telling us.

You can use keepassXC and "self-host" your passwords on any cloud-storage you want (it's just a file after all), but if you are using 1Pass at the moment, I don't see an opt-in anonymized telemetry system as a reason to switch.

This seems transparent, well thought out, and opt-in. The headline concerned me but once I read the article this seems fine. I moved from LastPass to 1Password because of the horrible communication around breaches in the last few years.

I’m happy with enpass myself for s few years now. it has all kind of sync options and wifi p2p sync if you want to be offline. they offer subscription shit, but luckily also a normal software license to buy.