I don't understand how HN can complain about Google sucking up data and rarely if ever mention LassPass's terms of service which basically flat out state they share your info to marketers. Effectively they appear to be making money by looking at all the sites you log into via LassPass. If you're using their browser plugin I can only guess, given their Terms of Service, that they're spying on all pages, not just pages you're getting a password via their service for. Though even selling the info of which services you're using is bad enough.
Sure, they have a free plan and so you are not the customer. Why do they get a pass?
Note: I have no proof they are spying. I only have the fact that their TOS points to their privacy policy and their privacy policy says they can collect pretty much anything you'd expect software to be able to collect and that they can share that info with whoever they decide to partner with.
Contrast to some other password managers that stay flat out, they don't collect your data and don't want to know it.
From their Privacy Policy
> 1. Information We Collect and Receive
> Service Data (including Session and Usage data):
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data ...
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
That's pretty much everything given they put an extension in your browser and can collect all of that info for every page you visit
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure
Why would anyone want a password manager with this privacy policy?
> Why would anyone want a cloud based, proprietary, non-free, non-oss password manager is what I really want to know.
Former reputation and inertia. I use it, and when I started it seemed to have the best reputation for ease of use. I also recall that its security model was publicly endorsed by quite a few people who looked at it closely. I only use it for "less important" sites, which basically means everything that isn't a primary email account or an investment website. For those, I use 2FA whenever possible and memorize random passwords [1].
I've been interested in switching since LastPass was bought by LogMeIn, but it's never been a high enough priority for me to actually spend the time to search for another tool.
[1] when memorization gets to be too much, I split the passwords in half: a common half I memorize, and a unique half I write down on paper.
Firefox Lockwise is very new and quite frankly doesn't have very many features that people require such as import, export, etc. At this point I don't even know how to get all my password manager passwords into Lockwise even from a simple comma delimited file.
Right now, it's still impossible to switch to it for a lot of people.
Sure, they have a free plan and so you are not the customer. Why do they get a pass?
Note: I have no proof they are spying. I only have the fact that their TOS points to their privacy policy and their privacy policy says they can collect pretty much anything you'd expect software to be able to collect and that they can share that info with whoever they decide to partner with.
Contrast to some other password managers that stay flat out, they don't collect your data and don't want to know it.
From their Privacy Policy
> 1. Information We Collect and Receive
> Service Data (including Session and Usage data):
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data ...
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
That's pretty much everything given they put an extension in your browser and can collect all of that info for every page you visit
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure
Why would anyone want a password manager with this privacy policy?