I think this thread has been really unfair to the 1Password team. If you read this blog post the iOS and iPadOS apps are being written in SwiftUI. They decided to use Electron for the Mac App so they could support older versions of macOS. But one thing to keep in mind is that if they have the iPadOS version written in SwiftUI, it will be fairly easy for them to port that over to macOS once SwiftUI is mature and better supported on the Mac. I think the future of 1Password looks good on Apple platforms.
I doubt that it is. But businesses apparently see a future where both computation and storage are cloud based. ā85% of enterprises will adopt a cloud-first principle by 2025, according to Gartner research VP Sid Nagā.
āThe Futureā is likely subscriptions. Will businesses only target people who can afford thousand dollar phones and computers that cost much more? Apple doesnāt. ATV+ is available on just about everything.
Considering how different the iPadOS and macOS Apps (and contexts) of 1Password are I doubt that.
Mac or iPadā¦before long Both will be using the same chip architecture. Do you think the operating systems will diverge or converge? My 2 cents, 1PW will be the same app (Electron or not) on both. Now the iPhoneā¦ā¦.
Theyāre already using the same chip architecture, but the OS, UI and UI frameworks running on each platform are different enough that the platform-specific apps likely require separate (but related) development efforts.
IMO macOS and iOS will remain separate for the foreseeable future. The increasing use of cross platform technology like electron suggests the core of many apps will be web based.
Agilebits started with the users in their mind. They made a really good password manager and for years they delivered improvements. Most of their user base who supported them for years bought every single version that came out. Then they decided to explore the corporate market.
So lets summarize what they have done since they got the 200 mil $ investment:
- they broke their promise they made to their userbase to always keep the Mac app native. So yes, some may say this is a promise that canāt be kept. Then why make it in the first place?
No. This isnāt to support older machines. This makes no sense. Because no matter what Electron will be more demanding than a native app. This is because their new market demands it. An app that looks the same on any platform. So the admin of the customer company has less work. - they went subscription only. And no, this is not needed to feed developers. This is reason number one for companies and devs to go full subscription model but itās crap. How did all the devs and software engineers survive before? How did they survive the 90ās? The millenium? Not a single one died of hunger. And they still provided constant updates and good programs.
- they stripped the possibility to let users save their vault where they want. Why would you do this? This makes no sense. Their main argument is that the standard user is too dumb to handle it (how did we manage all the years before?) and that it is more secure on their servers. Uhm, no. If you just spend a day reading about privacy there is not a single case where data would be more save on a companies server than on your harddrive. No matter how well it is protected. It could be hacked. If your PC gets hacked, then you could loose all your data. If theirs gets hacked, they loose not just your data, but the one of your relatives, friends and all the people who use it. So why are they doing it? Yes, again, corporates. Because admins donāt want company employees saving vaults on company computers where lots of people have access to.
- Then they started to make more strange excuses. Security audits of 1Password found out about major vulnerabilities in their software. A user asking about this got the answer, that itās the users fault because users shouldnāt have malware on their machines in the first place.
After months of public knowledge they hadnāt closed this vulnerability but gave the official advice to just not let malware on your machine. The post was deleted but the official answer is still there.
https://www.reddit.com/r/1Password/comments/st17do/advised_workaround_for_vulnerabilitiy_1pw18003/?ref=share&ref_source=embed&utm_content=title&utm_medium=post_embed&utm_name=2d8ae143ca964af3a054cab019ec32e1&utm_source=embedly&utm_term=st17do
-
Then they suddenly start hiding the cancel button for their subs in sub menu 3, while the 2 pages before about your billing are 70% empty. On iOS they hide the cancel button on a page that doesnāt look like itās scrollable but it is, revealing just the button if you scroll down. Then they hid the stand alone of version 7 for people that bought the standalone and putting it back on after public backlash.
-
Then they got another 620 mil investment this year. They still want to make people believe that they are your friendly neighborhood garage developers while they are a 6.8 bil $ company that acts like any other big tech big corporate stuff company. Cutting costs, smoothing edges.
The reason why they use Electron? Because itās cheap. The reason why they do stuff like they are doing without any good explanation? Because they now have to please their investors and shareholders. They donāt answer to the average user anymore, to the people that made them big. They are answering to the big sharks.
And all they want is making money.
This may be ok for stuff I canāt avoid, like social media. I have to use Whatsapp, so take my data. But do I like to give my most important data, my precious stuff, my credit card information, my personal info, my access to health insurance, social insurance and all to a company like that? Not at all.
Iām not arguing with you with this question; I am genuinely curious, āwhy canāt you avoid social media and WhatsApp?ā
I have avoided all SM with the exception of LinkedIn, which I only use for my profile in case someone wants to find me for some professional reason. I understand better the possible need for WhatsApp, though I tell folks (including family) either text me via plain text or Messages, email me, or call me. I tell them I will not use SM or an app like WhatsApp. Again, please understand, I am NOT arguing nor in anyway being critical. I just find, somewhat in tune with Newportās Digital Minimalism, that I seldom if ever run across a problem in communication requiring a SM app or a text app that I donāt want to use. Iāve always found a work around.
After three to four years of this approach, perhaps longer, I have not noticed any personal or professional negative consequences as a result.
Something didnāt work, I somehow deleted my answer. Here it is again:
The reason is because here in Austria, Europe, everyone is using it. It is almost the only messenger people are using. Iām a teacher. My colleagues are using it. My schools are using it. My principals are using it. My students are using it. Iām a father. The kindergarten is using it. My not so tech-savy friends are using it. My elderly parents are using it.
Even if I could persuade my friends and family to use something else for me, they still would have to use it because every of their friends is using it.
I worked for 2 years to persuade people. It resulted in a Signal group of six of my closest friends.
My work depends on it because there literally are Whatsapp groups where the principal writes most recent and important information into the group. Parents are informing me that their children are sick. Colleagues are telling me that my students werenāt that great. And so on. I would miss important information if I wouldnāt use it.
Well, I being the Head of a private school, I just donāt see the problem! Seriously, that is pretty compelling! I recommend you continue using WhatApp!
My situation is obviously different. We use email-based communication (including newsletters) for 99% of all staff to staff, staff to parent, parent to staff, and staff to student communications. We generally only use texting for emergency situations, partly because we want an audit trail of our communications should it ever be necessary.
If I was the Head of a school I would forbid the usage of Whatsapp but Iām still at the base of the food chain, so I have to grit my teeth and use it.
Oh, we started using email at the start of the pandemic. Everyone got his own school email address.
But it is just used for very formal stuff. Like if the boss of the boss sends informations, the boss forwards it to everyone else. And then checks on Whatsapp if everyone has seen the email.
Itās really hard sometimes. Some teachers still used overhead projectors some years ago. Recently I was called into the office to delete the row of an Excel sheetā¦
Well, it sounds like they need you!
Iām not a 1PW apologist, but Iām pretty sure they didnāt change their software just to irritate people. Things change. āSuccessful companies are dynamic. Companies that stick to their guns and refuse to change when the market does, even when they are wrong, are companies that fail.ā - Inc.com
āWhat drives IT executives to initiate cloud migration? Deloitteās survey of more than 500 IT leaders and executives reveals that security and data protection is the top driver. With 58 percent of respondents ranking it No. 1 or 2, security is top-of-mind for everyoneā
And it appears that 1Password will still have a local cache on our devices, āAfter all, 1Password needs to be able to work offline.ā
https://www.reddit.com/r/1Password/comments/scpb5l/am_i_missing_something_no_local_backup_of/
But I didnāt say that. What I said is that they are changing their focus from single users and families to corporate while still trying to make us believe that they are the friendly garage programmers from the neighborhood.
They already implemented usual big company behaviour by cutting their costs at every corner, by shoving ads into your face (upgrade to v7 / v8 subscription for 50% now!!) that canāt be disabled, hiding the cancel sub button in submenus, deleting critical posts in their forums, blaming the users for THEIR security issues like bugs that get discovered in November 2021 and in February 2022 a user tried to get answers on Reddit in the link I provided above and the answer was:
Yes the problem that malware on a Windows machine can execute malicious code by using 1Password is known, but it is not 1Passwordās fault, it is the users fault who let malware on their machines.
Here is the audit:
Iām neither saying that they shouldnāt have success nor that they are bad just because they are adopting to the market or exploring new possibilities. Iām saying they are bad because they start to behave like any other big corp big investment company.
Critical security issues in their software? It isnāt their fault. It is you, the users, who browsed shady websites and got malware on your machine. It seems it isnāt their responsibility to keep their app secure. Itās the users to not get any malware.
Yes. For corporate live it is more secure as I pointed out. If you have people who are not knowing what they are doing it is better to strip away any possible way they could use to compromise their computer. But it isnāt for single users.
And yes, they have a local cache, because if there is no internet you still want to access your passwords. But the original file is on their servers. And donāt tell me that in the history of the internet all the company servers have been as secure as the companies promised. Why not just keep an option to choose? Why completely strip it away? It makes no sense at all.
Letās try it the other way round:
You have a new house and you get the keys to it. Some times later the lock company tells you to give your main key to them because obviously it is too insecure to keep it with you. You will still have a copy of it. It is too dangerous for you to keep it. Because the average person is too dumb to do it. Would you do it?
With all the things I pointed out, itās rather hard for me to trust them. And letās be clear, they are not open source, so it is all about trust.
They arenāt trustworthy anymore. This isnāt some text editor or some OS I need to play video games. This isnāt a service like Google where you pay for the service with your data. We are talking about passwords, social security data, credit card data, health data and so on.
Iām not a privacy hardliner. But I lost my trust in them because of all the reasons above.
We have a difference of opinion and you are certainly entitled to yours. Iām a 1password.com user because I havenāt found one reason to doubt them in the past fourteen years. That could change tomorrow.
IMO that ship sailed when companies like IBM started using their software.
The main reason I started moving my company to the cloud was security. We had redundant firewalls that were regularly tested by a third party security company. And I had a separate downstream firewall scanning email. I had an antivirus server that automatically deployed and updated the software on our devices which would alert me to any problems. And I routinely checked logs, etc. to make sure everything was working. And while I was doing all that data from corporations like Facebook, Alibaba, LinkedIn, and Adobe was being stolen. IMO what I was doing wasnāt enough.
āA manās got to know his limitationsā
- Inspector Harry Callahan
As of October 2021 97% of their customers were using 1password.com. Why continue a feature that isnāt important to most of your customers? We still have the ability to export all our data whenever we choose.
I agree, it is about trust. And Iām not able to audit open source code.
And I very much respect yours. I understand why people stick to it. It is still the most convenient one- app- solution.
But that is what Iām talking about. Even bigger companies with bigger pockets get hacked and loose data. People are always thinking about a script kiddy sitting in a dark cellar and hacking into a server. More often itās corrupt employees. Known security issues that donāt get patched fast enough. And so on. 1Password isnāt prone to that. There will always be flaws in the code. Holes in the firewall. Not so satisfied employees that just donāt care anymore.
There are several reasons to use it, not just because you prefer the server based vault. I was using it for remote access, managing my subscription,ā¦
Iām neither but Keepass is a very well known and much used ecosystem. It is easy to go to Reddit and ask if there are any issues. But you are right, if you canāt audit the code, with small team devs, you arenāt save, either. I tend to trust them more, nonetheless, than the audit team that is payed by the company to do it.
I guess the big point with the open source solutions is not the code but the trust that the compiled file you download via App Store or webpage is the same like the code. And the vector might not be the keepass app but the app you use to access it at this most probably is opening connections to some destinations. You have to trust that this app is not stealing anything as you enter all your authentification keys into it. Might be the same problem with closed code software. At some point it is all about trust.
Rebuttals to a couple of your points (though on the whole Iām no fan of where 1Password has been going):
That seems a bit like hindsight bias. Had they known where they would be over a decade later from the outset, Iām sure they wouldāve said and done a lot of things differently. But if they did indeed make that promise explicitly, then I believe they meant it when they said it.
I blame Appleās App Store for this. First, software also used to cost a lot more than it does today. WinZip in 1998 cost $29āwhich is over $50 in todayās dollars! A decade later, along comes the App Store, and apps start showing up for sale at 99 cents, with fancy ones costing a little more. Most of these prices were probably justified, since they were pretty simple apps at first, but as they became more complex and intricate, prices stayed low, devaluing software in generalāespecially once the Mac App Store hit and people expected similar pricing there.
The real clincher, though, was Appleās refusal to include an easy way to incorporate paid updates into the App Store. As an alternative means of maintaining cash flow, subscriptions were born. The rest is history.
Excellent point. If $30 is a fair price for LumaFusion, Final Cut Pro should be around $59.99.
1Password 8 for Mac is no longer a beta, but an official release: