I'd suggest taking another look at how 1Password (or any other secrets management tool) deals with secret data. "the ability to obtain them easily" is not the case.
All of these managers that allow automatic updates or run off some cloud loaded executable (which is all of them essentially) can re-encrypt all your data to another arbitrary key on next unlock with some code changes. Those code changes could be pushed/loaded for specific customers only pretty easily.
It’s not ‘all my passwords stored in their database unencrypted’ easy to compromise, but it’s also not protection against a motivated agency with jurisdiction said service has to respect, and it’s also not solid protection against any state level actor if they really care/want to spend resources targeting someone.
That said, it’s all about threat assessment and trade offs. Especially for a business, what are the consequences if the NSA does x, or China does y?
For 99% of businesses? Nothing except some irritation if you find out. Same as with most things.
If someone is an activist going after those agencies/gov’ts? Probably quite severe consequences.
If I remember correctly, some of the fallout from the Chinese gov’t hacking Gmail was folks being ‘disappeared’, extended families being held hostage in China, etc.
It’s not ‘all my passwords stored in their database unencrypted’ easy to compromise, but it’s also not protection against a motivated agency with jurisdiction said service has to respect, and it’s also not solid protection against any state level actor if they really care/want to spend resources targeting someone.
That said, it’s all about threat assessment and trade offs. Especially for a business, what are the consequences if the NSA does x, or China does y?
For 99% of businesses? Nothing except some irritation if you find out. Same as with most things.
If someone is an activist going after those agencies/gov’ts? Probably quite severe consequences.
If I remember correctly, some of the fallout from the Chinese gov’t hacking Gmail was folks being ‘disappeared’, extended families being held hostage in China, etc.