✨ Feature Suggestion | Explain anti-recommendations too #1910
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1910
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
When I view a page such as https://www.privacytools.io/software/passwords/ I read the text:
The immediate question raised is "what is wrong with 1Password, LastPass, etc?".
So, I think it would be good if there was a section on each page, underneath Worth Mentioning and Related Information, which would namecheck a few pieces of software or services and explain why each is not recommended. This would better help people understand why they should use one of the recommended items.
Having such a list of anti-recommendations would reassure readers that you have evaluated the alternatives. Also it would mean that when something such as Startpage or Wire is delisted, users don't think that you just are unaware of them and use them anyway, or suggest them to be added to your list.
While this is a good idea, it's worth waiting until the comprehensive criteria sections are completed for each page. (I think the team were working on something like that, but cannot remember where I
read it?)
They will state clearly what sort of requirements the software/service needed to meet, after which you could easily infer why certain services did not measure up.
Thank you. Yes, I would welcome documented criteria for inclusion on each page/category, and I look forward to that. That would definitely help with understanding and transparency.
Thing is though, we generaly want to be sure that what we list is up to date, which is already hard enough as is with us only recommending stuff. have an anti recommendation means that we also have keep an eye on in the case that anything changes there.
I think it's not worth it, generally there are some insights as to why some products/services are bad on some lists (for example on IM or VPNs) but doing an extensive listing would require a lot of time and it's not totally relevant.
Thanks for the replies. To be clear, I wasn't proposing a list that would be very long or detailed. Just a sentence or two about the most popular non-private alternatives.
If there are services being widely used by people whom believes it helps their sec. and or privacy bit actually doesn't or has multiple contra-indications.
If that is clear as day for, and there is a consensus on that issue.
A disclaimer about 2-3 apps per category with a real short rundown on, why not to use it.
I don't see that hurting but I haven't been running any such site so these are just my two cents.
I agree with @GintokiHub that it would help explain problems with commonly used services that have are not recommended. Similar to @JohnVeness I too wonder what is "wrong" with these common password managers. The only reference to any 1Password or LastPass issues I found in this repo is that they don't play nice with Linux: https://github.com/privacytools/privacytools.io/issues/722#issuecomment-454478537
Specifically, I've reviewed the security design of 1Password (https://1password.com/files/1Password-White-Paper.pdf) as well as iCloud Keychain (https://support.apple.com/guide/security/icloud-keychain-overview-sec1c89c6f3b/web) and both seem fairly well thought out and secure. 1Password has been designed so the company cannot access passwords either due to insider risk or government compulsion. Apple iCloud Keychain is similarly designed, as long as users have a strong recovery key set. Neither are open source though, so all of the claims cannot be completely verified (as may be the case with Bitwarden).
Simply because the encrypted data is in the hands of another entity, and that the tools are not open source, shouldn't be reason enough to recommend against their use. However, if there are specific, known, and documented reasons against recommending these commonly used tools, especially password managers, I feel it would help the site make a more compelling case for better tools, and help people choose better tools if those reasons are explained.