With their very comprehensive whitepaper and Charles Proxy you can verify all their claims. Their whitepaper is one of the best resources I have found on E2EE in general. With that, you should be able to write your own 1P vault parser. Then you can verify that traffic to their server is exactly what they claim it to be.

In another comment you are criticizing that their product is proprietary - that's IMO not quite true. Yes, 1P is closed source, but their crypto strategy is documented extensively - they list the exact cipher algos and settings.

> not only with respect to vault encryption but vault storage and operational security

That's a valid argument, BUT, if you read their whitepaper, you'll likely arrive at the conclusion that even a full leak of the encrypted vault is currently not that problematic. I wouldn't post it online, but I'm not worried if they announce a leak tomorrow.

That's just not accurate:

1. First off, all the encryption happens client-side. It is possible for anyone so inclined to validate how 1P and LP are doing their encryption.

2. The deficiencies in LP's encryption approach were well known for years.

My point it, yes, companies will spin things how ever they want, which is why you should completely ignore what they say and only evaluate what is verifiable. And 1P's and LP's approaches are verifiably different.