[mixtur2021]

1Password is E2E encrypted no with decryption/encryption happening only at the edge? If the cloud storage is compromised, that doesn't mean the attacker can read the passwords?

[hayst4ck]

If 1Password controls the storage and the access, that is a different architecture than 1password controlling the access but not the storage.

They gave me the choice, and then they took it away so they could make more money, directly at the cost of security.

They want to add telemetry: https://news.ycombinator.com/item?id=35691383

It's a march of small concessions and after 5 years of marching you find yourself very far away from where you thought you were. "We only collect things that don't matter to you, trust us."

They are taking money: https://news.ycombinator.com/item?id=29993961

That means that that shareholders can make the company choose things that benefit shareholders at the cost of customers. Taking investment is a fundamental change in trust architecture.

I no longer believed that 1password is aligned with me, and alignment is a constant force always acting. Removing local vaults was proof of lack of alignment. Removing local vaults was proof that 1Password will choose money over security. Removing local vaults was proof that that appearing worthy of trust is a lower priority than coercing people into their cloud.

[schoolornot]

No but it means a fake 1P login page can be served and that will result in some non-zero number of people who didn't have a choice on a local sync having their credentials compromised. I am a huge 1P and I think their whitepapers show off their top-tier talent in the crypto space but killing local sync was a very crummy decision.