1Password: I really wish we knew what users wanted.
Users: Please don't move to Electron, I don't want Chrome bugs in my password manager.
1Password: I'm just baffled. We never hear from users.
Users: Please, for the love of God, give us control over our vaults. Don't go cloud-only, we're begging you!
1Password: Better turn on telemetry. It's the only way to solve this mystery for the ages.
And particularly with standalone perpetual licences, which I'm still clinging on to. Sync via DropBox, share a vault with family, and another one with my small team at work. It's perfect, for me. But it just doesn't work for 1Password, financially. No amount of getting upset or whiny will change that. Time to get over it.
That is clearly not true. 1Password was around for over fifteen years and was profitable well before their Series A-C that set unrealistic growth targets. The financials were sound, which is why a non-startup was able to get that kind of financing at that kind of valuation to begin with.
Unsure about a reasonable alternative.
I've finally given in, after years of being a licenseholder of 1Password 6 and 7 (and maybe 5?) ... and I'm mixed. Definitely plenty of migration pains, you have to set aside time in your life to make this change. Most of us just want our stuff to keep working the way it worked yesterday, and not have yet another chore in our lives.
Does anyone know if it will be possible to continue using 1Password past July 1 without a subscription?
1Password: Yeah, but we're bored. So, we'll release an abomination as 1Password 8 and then spend years trying to figure out why people hate it.
Worse than that. They had completely dysfunctional internal processes that they decided to solve by going people shiny toys to play with (Rust and Electron): https://blog.1password.com/1password-8-the-story-so-far/
That said this whole telemetry push comes on the heels of their $600M VC round a year ago which wasn't designed for a linear growth business that just "keeps on keepin on" with the good times. So I'm a little skeptical that the company is philosophically/financially aligned with its consumer users.
Of course it isn't. The search alone is unusable. Instead of fixing it someone on the team sneaked in a second search that almost behaves like the old one
I liked 1Password when it was an amazing Mac-only app. Now it's just another Electron app I can throw away and discard for different Electron app, there's nothing special about it.
The problem is that I don't see any particular alternative. I don't like Bitwarden's security (password is provided to the server to partially unlock so a malware server or MITM could get the password) and LastPass has known issues.
EDIT: And standalone apps are neat and cool, but doesn't let me share the Netflix password with my family.
That is completely false.
"The Master Password is cleared from memory after usage and never transmitted over the Internet to Bitwarden servers, therefore there is no way to recover the password in the event that you forget it."[0]
[0]: https://bitwarden.com/help/bitwarden-security-white-paper/
No, it’s not? I can unlock my offline vault with no internet access at all.
1Password: We /have/ to move to Electron because we don't have any money.
Also 1Password: oh hey by the way we got $920,000,000 from VC...
> But there are millions of people using 1Password now, often in cool and innovative ways! If we’re going to keep improving 1Password, we can no longer rely on our own usage and your direct feedback alone.
I wish I were in the room when these arguments were being made. I would like to see the data that led them to this conclusion. I used to work at 1P, I was a happy user before I started working there and I continue to be a happy user. But I can remember so many conversations about telemetry and how we’d never use it…
This is almost comical. Whenever I report issues, it takes them months to fix them. And sometimes those weren‘t some small edge case problems. One was that non US keyboard users were unable to use special characters in their shortcuts. If they don‘t have the time and resources to fix such problems in a reasonable time frame, what do they think they‘ll gain out of telemetry data? Do they need verification that people use shortcuts before allocating resources?
It's a password manager, what's "cool" about it?
1Pwd always rubbed me the wrong way in the way they "take themselves too seriously" and overrate their importance
It's a password manager. They wouldn't even sync to cloud at first iirc, no?
The more boring the better
For Dropbox it took way longer to get to that point than anyone expected, but Microsoft, Apple, and Google have all copied the Dropbox feature. 1Password is headed in the same direction and Apple is leading the pack in making it redundant. If the password section of Settings in macOS gets a separate app and a way to share passwords, 1P will end up in the same tough spot as Dropbox.
...which is why this decision is extra infuriating.
I’ve tried to get bitwarden in the enterprise but my boss is old school and has denied the request 4 years running.
Even after they added oauth and account switching to switch between personal and ent vaults.
As a business, if you don't realize situations like this, you both leave money on the table, and also risk users leaving for another product, which offers the missing functionality explicitly.
When prioritizing what we needed in order to launch 1Password 8 we did not prioritize an Apple Watch app. We rarely heard from customers about Apple Watch, and so the assumption was that very few people were using it. When we launched without it, it quickly became apparent that was a poor assumption. People came out of the woodwork to ask where our Apple Watch app went. If we'd had telemetry, we could've known that lots of people were using the Watch app, and just didn't have a reason to write to us about it.
-Ben, 1Password
It’s still not too late to reverse that decision.
Incidentally, how would telemetry tell you that people miss a removed feature if said telemetry was not in place before removal?
This is absolutely no justification for telemetry.
(So many times error reporting, etc. have accidentally leaked highly sensitive data, which was then the source of a major compromise, in other systems. Maybe 1Password won't get it wrong, maybe 1Password will never be subject to any pressure to get it wrong...)
One day, the company that makes this hammer says that they will be updating it to automatically tell the company a bunch of information about the hammer's use -- when it's used, where it's used, what the environment is like around the hammer, how many times it's used, what it's used for. They assure you that they don't care about who is using the hammer, but obviously it will be YOUR hammer reporting the information, so at some level it will be associated with you.
Why are they doing this? Well, they know that sometimes their hammers break. They only know this, though, because sometimes their hammers break for their own employees and sometimes customers tell them hammers break. They would really like to know ALL the times their hammers break, though, so that can try to fix all the problems with their hammers, and not just the ones they see or get reported to them. They say this will be best for their customers and that's why customers should be on board with the change.
No one would ever buy that hammer again, right?
Regardless of the privacy implications of the company knowing everything about your usage of the hammer, the company is basically saying that their hammers break so much that many of their customers don't bother telling them and just go use someone's hammer. In other words, their product is bad and their customers don't value it enough to deal with it.
Don't even get me started on paying monthly for that hammer ...
I think you came to the wrong conclusion. Lots of people might still buy the hammer, and lots of people might knowingly buy the hammer, and even more, lots of people might knowingly buy the hammer and like that the hammer is being fixed when it breaks. I honestly don't understand why so many people oppose telemetry, especially when it's anonymous.
I mean, you might not, but I don't see telemetry as such an evil. It does help make the product better. So "no one" is a bit too strong here, try "no one with my mindset" ;)
I don't see how adding telemetry makes any significant difference.
The problem is its always been there. Telemetry provides more noise to hide exfiltration of sensitive data, but the risk has always been there from the start for the reasons you laid out.
It's a closed source product in a surveilence heavy country. Telemetry or not, it's risky.
I’d be fine with telemetry if it recorded locally in a way which was fully inspectable and human readable and which I could send IFF I wanted to, but with a password manager I’d be scared even of just a long list of events; passwords and keys themselves are so low entropy vs long lists that you could easily encode something…
What is not ok is opt-out telemetry for personalisation for advertising, or over-reaching personal data collection, in 1Password's case data from your vault.
There is however a grey area in the middle – data about the performance of product upsells. This is a tricky one, because arguably if I do upgrade (say, to 1Password Family/Teams), I've probably done so because it made sense for me, and I'm probably happier with the product... but I might not have done so without that information on how I or others use the product that helped optimise that flow. When done well I don't have a problem with this, but I hope 1Password are careful about the culture of upsells that this data could create.
> No customer vault data can be seen or collected. We’re only interested in how people use the app itself, what features and screens they interact with – not what they store in their vaults, what sites they autofill on, or anything like that.
This seems contradictory to me. How can the code see what screen is open without interacting with the app? This implies there is some kind of sandboxing layer. How can the 1Password software engineers possibly be confident enough in this sandboxing to assert that "no customer data can be seen?" That may be their intent, but bugs happen, especially in code that runs at a layer above the app to analyze how users interact with it.
I will be opting out. Hopefully the opt-out mechanism doesn't have a bug in it either. And when there is inevitably a bug in the telemetry, I hope 1Password is okay with admitting that their opt-out system created two classes of users: those who did nothing, and thus remained vulnerable to bugs in the telemetry layer, and those who opted out of it.
Exactly. They are enlarging the attack surface of a security device. For their own benefit. One buffer overflow and there's a backdoor.
That this is happening means their marketing people have more power than their security people. This is a very bad thing for a security company.
Start migrating away from 1Password. Now.
Opt-out telemetry is also not ok for product decisions. It's a dark pattern that shows no respect for user privacy.
Assume no PII, what's the difference? What do you mean by dark pattern?
It may not work correctly, and there's some risk there, but it's pretty low risk. A poor implementation may cause UX regressions, but the company have incentive to not do that.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
If I’m reading correctly, they’re pretty clear and intentional about not collecting data from your vault (regardless of opt-in or opt-out). It’s simply usage patterns of the UI.
Do you see anything that suggests otherwise?
Telemetry that is detailed enough to reveal how I use a product is too invasive for my tastes.
What would reassure me is if the data were all in human-readable form and given to me to transmit myself.
Their UI has changed a lot in recent years, maybe this will enable them to make more informed design decisions so that one day grandparents stop getting lost in their horrible menus.
The key word there is "anonymized". What is the risk of the collected data accidentally being less anonymous than intended? What is the risk of accidentally collecting more data than intended? Microsoft has already had both types of accident [1][2], so I think it's fair to assume a risk close to 100% over time.
Even if users opt out, what is the risk of the opt-out mechanism at some point containing a bug that causes it to fail? Or the risk of the user at some point failing to properly configure the opt-out mechanism?
Is the company going to put as much effort into minimizing these risks as the end user would like? Is anonymization of telemetry going to be the top priority for the company?
[1] https://github.com/dotnet/sdk/issues/6145#issuecomment-22010...
I don't, so I'm never upgrading to 1Password 8. The telemetry news only validates my decision. What I consider important in a security product and what AgileBits considers important diverged a while ago and that's ok I guess.
I strongly disagree with this and think much less of companies who do it that way. That said, that battle is already lost anyway.
It's not like this is telemetry in some open source thing for nefarious reasons. It's literally for their customers. They already know who you are, it's not like they're using this for targeted ads.
It absolutely isn’t.
What makes them different?
1Password has not yet had that, they've made some missteps, but have handled it relatively well (based on my experience, and that I still use them).
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
- Purchase a stand-alone license, getting well-performing and feature-complete native clients with several options for vault sync that are under my control.
- Upgrade to 1Password 8, a version that sounds great, but has quietly removed local sync unless you checked forum and blog posts before buying.
- Watch the clients go from being native to Electron and losing many, many features. Get forced into using the web app for simple things like seeing history.
- Watch browser integrations get progressively worse (check out the reviews on the Firefox extension, oh boy)
- Even if you've been using 1password 7 (the version you paid a good chunk of change on for, in 1Password's own words, a life-time license), you won't be able to use it with browsers at all soon https://support.1password.com/kb/202303/.
- Get popups and unwanted opt-out integration with social media logins, when I've gone out of my way to purge garbage like "login with google" from my internet experience.
- Get unwanted opt-out telemetry forced on you, which regardless of their assurance will eventually leak PII like it always does. People make mistakes, c'est la vie. I would have no issue with opt-in telemetry.
I think this is it for me. Forced telemetry is a small thing, but it's just one of many poor decisions. I'm sure it's a smart business decision and their investors will be happy finding more and more ways to extract value out of users. I just want a simple password manager, so after a decade this is it for my family and myself.
Stayed for cheaper price, linux support, simplicity and "out of my way" philosophy. Never looked back to 1password.
Bitwarden is great.
https://github.com/dani-garcia/vaultwarden
Your password data, back under your own control.
It's been good. Very simple and reliable. Has barely changed in years of use and hasn't needed to.
The biggest loss for me on v7 -> v8 is 1Password Mini - that's a wonderful little 'browser extension for the desktop', and quick access is just awful to use in comparison.
It's not helped by their responses basically always being "but we like this, so it's better!" - they don't listen to customer feedback any more, and they pair it with their 'quirky' comms style that just comes off as condescending & dismissive. Collecting telemetry doesn't help if they ignore the feedback they already have.
edit: plus, they keep showing hard/impossible to dismiss UI in web pages to try to capture/fill fields, and it makes using the web pages really difficult!
In v7 with 1Password Mini I can do a fuzzy search outside of the browser and then just press enter to fill the details.
I'm still holding on to v7, but apparently we just can't have nice things. Sounds like it may be time to move on soon. :'(
Purchasing licenses in those times before everything moved to subscriptions was a good deal.
This doesn't align with my experience, and I've been using their app/service for years (the Windows & Mac apps, along with the Chrome and Firefox extensions). I don't mean to sound harsh but I'm scrolling through the negative reviews on the Firefox extension page as you suggested, and it's hard to take the majority of them seriously:
"i have never been happy with 1Password. Too frustrating to use."
"TOO DIFFICULT TO SIGN ON."
I use browser extension in Edge on macOS. I am on a page signing up for a new website and want to save credentials. It doesn't. Keeps erroring out. Disabling and re-enabling extension, and then refreshing the tab finally fixes it. I reached out to customer support and they told me to sign out to force refresh the cache. I did it, but the problem wasn't fixed.
1Password needs to fix the bugs that their customers are already reporting, instead of alienating their users with telemetry. I don't think the learnings from telemetry will be worth the damage it will cause to their brand.
Great products get built by someone with a vision to create them, mediocre products gets created by product managers justifying their positions with data they've gleaned by spying on users.
The field of UX wasn’t born the moment someone wrote the first telemetry library.
If anything, people seem to have much more difficulty understanding user pain points right now.
This is why companies like Microsoft cram it down our throats.
Telemetry has been the default for networked applications since longer than I've been alive. Think of a terminal connecting to a mainframe, how much telemetry it has access to, all of it, of course.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
> This data will be gathered from a randomized selection of accounts, de-identified, and processed in aggregate
Applies to much more MS products than just Office these days. I personally stopped being able to justify Office when they moved to subscription and iWork moved to bundled and already installed.
I still have Office on my work Mac and boy is it laggy typing as it analyzes the words and sends them to who knows where.
I love (although loved more in the past) 1Password and have deployed it in two separate companies. Between this and recent UI updates (well, over the last couple of years), maybe it's time to look at alternatives.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
Citation needed on this one.
That would make any dashboard that showed which api endpoints are the most popular also illegal.
Anomyous telemetry is not PII. GDPR is personal data.
Don't get me wrong, it's still light years ahead of the Bitwarden clients and extensions, and that's why I stay, but I for sure would not use the present tense for their quality
I’m quite possible a simpleton but I can’t see how it’s light years ahead of Bitwarden. Can you provide an example of such difference?
Every time I used to check 1password (before the Great Purge of local vaults) I always arrived at the same conclusion. It’s a bit more beautiful but not 3x or 4x (whatever the price is) more beautiful then Bitwarden.
Functionality wise I couldn’t see much of a difference. Both save passwords, both share passwords, both generate passwords and both have Totp support.
I loathe having to migrate out of 1P 7, but there really is no choice now.
The transition was very smooth, and I have no regrets! Plus, now I'm supporting an open source product, which is a nice bonus.
I was hoping to use 1P 7 for as long as I can, but with the Chrome extension dying it's going to become unusable. What have you found as an alternative?
Trusting Dropbox for sync (which I did) meant trusting a cloud service, too, but IMO it is a less lucrative target for hacks than a server that stores _nothing but_ credentials. Also, using DB made me less dependent on connectivity (LAN sync) and would let me switch providers quite easily.
Just for 7?
Add the recent announcements that the company will no longer support their last stable version -- 7 -- and move to using telemetry -- I'm out.
I've jumped to Bitwarden; open source, cheap, and competitive features. It was a no-brainer.
1. Export 1P passwords to a 1pux file
2. Import file into Bitwarden
3. Done.Pity they can't gather telemetry on something that they have removed.
I did actually consider trying to PR a change to one of the open source keyboards in F-Droid but ... TBH, the new 1P feels less and less like team players so until they start to open up some of their own stuff, I shouldn't throw good glucose after bad
Mac/Apple only customers have this strong inclination for some kind of Stockholm syndrome when it comes to software and devs going shitty and hostile. I find this weird kind of loyalty added to software as well that somehow starts as Mac only and that loyalty stays even after they go crap. Often blown out of proportion.
I mean I always wonder what is the reason that these people don’t even want to acknowledge BitWarden.
For decades, Mac users didn't have the same software choices that Windows users had, and a lot of what was available were shitty ports. When a company released high-quality Mac software, it was noticed and appreciated by Mac users.
Obviously that situation has changed in a post-iPhone world, but the culture of appreciating when someone made a really great Mac-native app is still there for a lot of people.
It's exactly the opposite of what you wrote. Mac users abhor the software that turns shitty. However, as on all modern platforms, there's no choice: all software is turning shitty.
You can ask the users. You can apply some common sense (which 1Password team increasingly doesn't). They can look at the support forums listing the many issues (especially with UX) which are condescendingly dismissed. Etc.
Thank you for the comments on this important topic. 1Password's mission is to help people safeguard their most important information and to do that, we have always taken a human-centric approach to security. In order to deliver the exceptional product experience our users expect from us, we need to better understand how they use 1Password.
And while our goal is to deliver better 1Password products, we won’t require our community to help us if they don't want to. We're fully committed to transparency and will provide updates coming out of our research and development period. When we are ready for a wider rollout of this functionality, we will provide clear, in-app messaging, and you’ll be able to control whether or not telemetry is active on your account.
In the meantime, thank you for sharing your feedback – these discussions are always valuable to us, and we appreciate your constructive candor.
-Ben, 1Password
This functionality will have a prominent in-app message that will ask Individual and Family account users to choose whether they prefer to keep telemetry on or off their account. Nothing gets collected until they’ve made this choice, and users will be able to change their preferences whenever they would like.
-Ben, 1Password
> we’ll be able to gather only a small set of general events and interactions within our apps. Things like when you unlock the app, when you create a new item (but not its contents!), or when you use autofill (but not what sites you use it on!).
> We use data for analytics and measurement to understand how our the Site and Bitwarden Service are used. For example, we analyze data about your visits to our Site to do things like optimize product design. We use a variety of tools to do this, including Google Analytics. When you visit the Site using Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.
-Ben, 1Password
Sure they do, and a lot. But they don't talk about with with the companies doing it. What would be the point?
Explain to me how my admittedly naive solution fails to deliver for all consenting parties.
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
I also don’t like the idea of locking password management into a specific browser because I switch browsers more often (last time 5 years ago) than password managers (last time 15 years ago).
I don’t have an issue with passwords, even important ones, being synced with the cloud. As long as the crypto happens locally, and as long as I’m forced to trust the app developers anyway, what difference does cloud vs. local storage even make, security-wise?
> And, of course, once this functionality rolls out to customers, you’ll be able to control whether or not telemetry is active on your account.
("account" sounds like you can turn it off family-wide or even organization-wide)
[ Reposted my comment from duplicate post: https://news.ycombinator.com/item?id=35685170 ]
It bothers me quite a bit to read that we’ve normalized telemetry as much as we have. If you’d asked more or less any random hacker 10 years ago if any of this was remotely OK they’d all be slack-jawed to learn what has happened.
Where did all the privacy conscious hackers go? Did they all get replaced when JavaScript and Electron became the norm?
tl;dr If we roll this out to customers, we'll be asking for consent, and won't be collecting telemetry data unless we have it.
-Ben, 1Password
Do 1Password do security/privacy audits the way Mullvad do? That's a pretty decent way of building goodwill over time when it comes to decisions like this. It's probably a fine decision, but they should probably have gone to greater lengths to write this blog post in more exhaustive detail.
-Ben, 1Password
Product quality, especially with 1Password8 has deteriorated significantly. A big bag refactor to electron with no telemetry is probably the root cause. Not necessarily poor strategy, but certainly poor execution.
Telemetry is actually a good thing for 1Password users who see product quality decreasing bc it gives the PMs there some information to go off. The product surface area is huge now, and it's natural to lose sight of the most important stuff.
If I was in charge, what would I do?
1. Introduce telemetry and get data into hands of PMs + Designers
2. Pause all new feature development until table stakes features are working flawlessly: 1Password opens under 200ms for most users; auto fill in Chrome + Firefox actually F*king works like it used to before v8.
3. Trim down product surface area by killing features. E.g. decide is the default UX for auto-fill based on interacting with a button inside form inputs OR simply hitting the keyboard shortcut to autofill? Kill the other bc the interaction between these choices is painful.
I'll give them a year to figure this out. In the meantime, a Copilot / ChaptGPT enabled bootstrap founder will come along and build out a trimmed down version with just the basics and start eating their lunch.
If I have to fight with a product to block telemetry, I’m not going to have it be one I’m paying them for like this, and I’ll take every company I can with me.
“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” - Upton Sinclair
It's just too much risk exposure for me. Why on God's green earth would anyone trust some random assholes with something as important as passwords? I just don't get it.
They're gonna screw you over. And they're gonna continue screwing you over because you continue to be their customer. Just recognise that and move on.
You’re going to have to trust the app’s code no matter what. As long as encryption and decryption happens locally, how does a hosted password manager make a difference to local storage?
The experience with 1Password 7 isn't all that great right now anyway, so I'm not losing much really. The syncing is super useful, but there is a solution to that too.
It's been a good ride. Now it's good riddance.
Podcast: https://open.spotify.com/episode/6RZm7V8IcvuMuaCmVBE4EG?si=v...
1Password, don’t do it!
Rely on other means to collect usability feedback like surveys, internal usability testing and developer tooling for build-time usability testing. Your app is simple enough that you absolutely, categorically do not need to subject your users to mass surveillance.
I am currently paying for a 1P family subscription and I will be moving to another provider or self-host a free/OSS password manager should your telemetry plans eventuate.
Right now, the only thing I am missing is something that will sync with a KeePass vault and push TOTP tokens to my Apple Watch (as well as a couple of rarely used credit cards whose PIN codes I would like to have always available for emergencies).
Other than that, if you’re not an enterprise customer I think OS or browser-based password managers (which now sync across machines and platforms and even have the ability to do TOTP, at least on the Mac) are finally good enough for end users.
If you need to store software licenses, recovery codes, etc., KeePass XC is excellent for that as well, and available everywhere (and no, sorry, I don’t want to use Bitwarden because I don’t want to run a dedicated sync service for myself, or use anyone else’s).
Is there another user-friendly, powerful password manager out there that I can recommend instead?
They took an amazing product that worked better than every competitor and was easy to use then ruined it with the absolute dumbest product decisions I've ever seen.
They gave Apple the green light to put them out of business and I'll be switching as soon as that feature is available.
Their product decisions were almost as bad as Sonos, almost.
'Climate change' in 'cloud' world.
Supporting it on Windows could be another nail.
As development has continued, the 1P app seems to have gained in bugs. I've tried reporting these - I like 1P and the 1P team seems to care about delivering a quality product - but using their forums is very frictionful and I've often given up on reporting bugs because it's not worth the faff. Telemetry holds the promise that they can fix the bugs without me needing to manually report.
> At that point, we’ll also provide guidance on how you can opt out if you’d like to.
Better than nothing. But they're moving away from being the #1 choice and a great product step-by-step...
I'm not a 1Password user (and won't become one), but if I were, I wouldn't necessarily be in a huge rush to stop as a result of this.
I have low confidence they will listen, but might as well try.
Well, at least there is opt out. Probably, will be on account-by-account basis, not family/organization-wide.