{"id":39178,"date":"2023-04-26T13:55:24","date_gmt":"2023-04-26T17:55:24","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=39178"},"modified":"2023-10-23T08:38:59","modified_gmt":"2023-10-23T12:38:59","slug":"1password-to-add-telemetry","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/04\/26\/1password-to-add-telemetry\/","title":{"rendered":"1Password to Add Telemetry"},"content":{"rendered":"

Pedro Canahuati<\/a> (Hacker News<\/a>):<\/p>\n

\n

1Password is beginning an internal test of our new, privacy-preserving in-app telemetry system.<\/p>\n

[…]<\/p>\n

We’re only interested in how people use the app itself, what features and screens they interact with – not what they store in their vaults, what sites they autofill on, or anything like that.<\/p>\n

[…]<\/p>\n

This data will be gathered from a randomized selection of accounts, de-identified, and processed in aggregate.<\/p>\n

[…]<\/p>\n

Over the years, we’ve relied on our own usage in conjunction with your feedback to inform our decision making. This presents a challenge, though: we don’t know when you run into trouble unless you tell us. […] But there are millions<\/em> of people using 1Password now, often in cool and innovative ways! If we’re going to keep improving 1Password, we can no longer rely on our own usage and your direct feedback alone.<\/p>\n<\/blockquote>\n

I don’t really understand how they plan to figure out these cool and innovative uses from anonymized, aggregate data. But it does have the potential to identify hot spots that they should be paying attention to. And it’s good that they’re going to offer a way to opt-out. Of course, my preference is for a password manager to make no network connections at all.<\/p>\n\n

rdl<\/a>:<\/p>\n

Telemetry in a “trust us, this closed-source application which contains all your secrets, which we provide you and which we update periodically, is only contacting us for “privacy protecting telemetry” and not exfiltration, intentionally or not, of your most sensitive of all data” application is a hard pass for me. This seems like an IQ test kind of question.<\/p>

(So many times error reporting, etc. have accidentally leaked highly sensitive data, which was then the source of a major compromise, in other systems. Maybe 1Password won’t get it wrong, maybe 1Password will never be subject to any pressure to get it wrong…)<\/p><\/blockquote>\n\n

Casey Liss<\/a>:<\/p>\n

In and of itself, no, telemetry doesn’t bother me. And rolling it out to your own internal users first is 👍🏻<\/p>

But it seems pretty clear that this isn’t a problem that needs solving: customers have been SHOUTING FROM THE ROOFTOPS explaining what is wrong.<\/p><\/blockquote>\n\n

Mostly, I have been hearing about problems with the browser extensions.<\/p>\n\n

torstenvl<\/a>:<\/p>\n

\n

Users: We want standalone non-subscription licenses!
\n1Password: I really wish we knew what users wanted.<\/p>\n

Users: Please don’t move to Electron, I don’t want Chrome bugs in my password manager.
\n1Password: I’m just baffled. We never hear from users.<\/p>\n

Users: Please, for the love of God, give us control over our vaults. Don’t go cloud-only, we’re begging you!
\n1Password: Better turn on telemetry. It’s the only way to solve this mystery for the ages.<\/p>\n<\/blockquote>\n\n

The fundamental issue is that they decided to focus on a larger market that has very different concerns than their original customer base. This sets up the situation where they feel like they are listening, and in many ways the product is<\/em> better for its target audience; yet some us feel like we’ve been ignored for the last 7 years or so, with each successive version straying farther from what we originally liked.<\/p>\n\n

Previously:<\/p>\n