✨ Feature Suggestion | Explain anti-recommendations too #1910

New Issue

2020-05-12T14:37:27Z

JohnVeness commented

2020-05-12 14:37:27 +00:00

(Migrated from github.com)

Description

When I view a page such as https://www.privacytools.io/software/passwords/ I read the text:

If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here.

The immediate question raised is "what is wrong with 1Password, LastPass, etc?".

So, I think it would be good if there was a section on each page, underneath Worth Mentioning and Related Information, which would namecheck a few pieces of software or services and explain why each is not recommended. This would better help people understand why they should use one of the recommended items.

Having such a list of anti-recommendations would reassure readers that you have evaluated the alternatives. Also it would mean that when something such as Startpage or Wire is delisted, users don't think that you just are unaware of them and use them anyway, or suggest them to be added to your list.

## Description When I view a page such as https://www.privacytools.io/software/passwords/ I read the text: > If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here. The immediate question raised is "what is wrong with 1Password, LastPass, etc?". So, I think it would be good if there was a section on each page, underneath Worth Mentioning and Related Information, which would namecheck a few pieces of software or services and explain why each is **not** recommended. This would better help people understand why they should use one of the recommended items. Having such a list of anti-recommendations would reassure readers that you have evaluated the alternatives. Also it would mean that when something such as Startpage or Wire is delisted, users don't think that you just are unaware of them and use them anyway, or suggest them to be added to your list.

👍 12

Dizhonoured commented

2020-05-14 11:25:40 +00:00

(Migrated from github.com)

While this is a good idea, it's worth waiting until the comprehensive criteria sections are completed for each page. (I think the team were working on something like that, but cannot remember where I
read it?)

They will state clearly what sort of requirements the software/service needed to meet, after which you could easily infer why certain services did not measure up.

While this is a good idea, it's worth waiting until the comprehensive criteria sections are completed for each page. (I think the team were working on something like that, but cannot remember where I read it?) They will state clearly what sort of requirements the software/service needed to meet, after which you could easily infer why certain services did not measure up.

👍 2 ❤️ 2

JohnVeness commented

2020-05-14 11:49:38 +00:00

(Migrated from github.com)

Thank you. Yes, I would welcome documented criteria for inclusion on each page/category, and I look forward to that. That would definitely help with understanding and transparency.

blacklight447 commented

2020-05-14 12:26:11 +00:00

(Migrated from github.com)

Thing is though, we generaly want to be sure that what we list is up to date, which is already hard enough as is with us only recommending stuff. have an anti recommendation means that we also have keep an eye on in the case that anything changes there.

gary-host-laptop commented

2020-05-18 15:05:06 +00:00

(Migrated from github.com)

I think it's not worth it, generally there are some insights as to why some products/services are bad on some lists (for example on IM or VPNs) but doing an extensive listing would require a lot of time and it's not totally relevant.

JohnVeness commented

2020-05-18 15:33:41 +00:00

(Migrated from github.com)

Thanks for the replies. To be clear, I wasn't proposing a list that would be very long or detailed. Just a sentence or two about the most popular non-private alternatives.

GintokiHub commented

2020-05-24 10:30:42 +00:00

(Migrated from github.com)

If there are services being widely used by people whom believes it helps their sec. and or privacy bit actually doesn't or has multiple contra-indications.
If that is clear as day for, and there is a consensus on that issue.
A disclaimer about 2-3 apps per category with a real short rundown on, why not to use it.
I don't see that hurting but I haven't been running any such site so these are just my two cents.

If there are services being widely used by people whom believes it helps their sec. and or privacy bit actually doesn't or has multiple contra-indications. If that is clear as day for, and there is a consensus on that issue. A disclaimer about 2-3 apps per category with a real short rundown on, why not to use it. I don't see that hurting but I haven't been running any such site so these are just my two cents.

❤️ 3

jeremygaither commented

2020-10-22 02:34:40 +00:00

(Migrated from github.com)

I agree with @GintokiHub that it would help explain problems with commonly used services that have are not recommended. Similar to @JohnVeness I too wonder what is "wrong" with these common password managers. The only reference to any 1Password or LastPass issues I found in this repo is that they don't play nice with Linux: https://github.com/privacytools/privacytools.io/issues/722#issuecomment-454478537

Specifically, I've reviewed the security design of 1Password (https://1password.com/files/1Password-White-Paper.pdf) as well as iCloud Keychain (https://support.apple.com/guide/security/icloud-keychain-overview-sec1c89c6f3b/web) and both seem fairly well thought out and secure. 1Password has been designed so the company cannot access passwords either due to insider risk or government compulsion. Apple iCloud Keychain is similarly designed, as long as users have a strong recovery key set. Neither are open source though, so all of the claims cannot be completely verified (as may be the case with Bitwarden).

Simply because the encrypted data is in the hands of another entity, and that the tools are not open source, shouldn't be reason enough to recommend against their use. However, if there are specific, known, and documented reasons against recommending these commonly used tools, especially password managers, I feel it would help the site make a more compelling case for better tools, and help people choose better tools if those reasons are explained.

I agree with @GintokiHub that it would help explain problems with commonly used services that have are not recommended. Similar to @JohnVeness I too wonder what is "wrong" with these common password managers. The only reference to any 1Password or LastPass issues I found in this repo is that they don't play nice with Linux: <https://github.com/privacytools/privacytools.io/issues/722#issuecomment-454478537> Specifically, I've reviewed the security design of 1Password (<https://1password.com/files/1Password-White-Paper.pdf>) as well as iCloud Keychain (<https://support.apple.com/guide/security/icloud-keychain-overview-sec1c89c6f3b/web>) and both seem fairly well thought out and secure. 1Password has been designed so the company cannot access passwords either due to insider risk or government compulsion. Apple iCloud Keychain is similarly designed, as long as users have a strong recovery key set. Neither are open source though, so all of the claims cannot be completely verified (as may be the case with Bitwarden). Simply because the encrypted data is in the hands of another entity, and that the tools are not open source, shouldn't be reason enough to recommend _against_ their use. However, if there are specific, known, and documented reasons against recommending these commonly used tools, especially password managers, I feel it would help the site make a more compelling case for better tools, and help people choose better tools if those reasons are explained.

👍 3

This repo is archived. You cannot comment on issues.