Well this is the end of the road for me with 1password. I refuse to use anything that doesn't have a local vault. The potential damage if my vault is somehow is accessed is too high, if the vault is stored in the cloud, how can I verify that no one can access it? In that case I have to give access to this app with little snitch since it relies on internet access which means that if I received an update that would disable end to end encryption, I would be none the wiser.
Granted, the chance of attack is small but the consequences are extreme. There's no single file more valuable on my computer than my password vault.
I prefered buying the license compared to the subscription but I don't particularly mind a subscription for a service I use regularly. I mind the risk to my privacy.
Is it? I would be surprised if attacking 1Password wasn’t a priority for governments and hackers. If the encryption used on vaults is ever broken, compromised, or buggy, users are screwed.
They don't have to break the vault encryption. They just have to gain access to 1pwd's git and push out a compromised update. And then watch the passwords roll in automatically.
Yes exactly that's what I'm worried about, I'd say if that happened it would be targeted and the chance of me being targeted is small but I also don't want to ever leave myself open to such a thing (also because I've lived in autocratic countries, I don't automatically think all governments are trustworthy).
Granted, the chance of attack is small but the consequences are extreme. There's no single file more valuable on my computer than my password vault.
I prefered buying the license compared to the subscription but I don't particularly mind a subscription for a service I use regularly. I mind the risk to my privacy.