💬 Discussion | Ease to use vs privacy/analytics #722

Open
opened 2019-01-15 16:48:38 +00:00 by Mikaela · 6 comments
Mikaela commented 2019-01-15 16:48:38 +00:00 (Migrated from github.com)

I cannot format this so I would be happy with it, but I am wondering how important is privacy or something having analytics compared to it being easy to use?

For example Bitwarden was said to have Google Analytics enabled in https://github.com/privacytoolsIO/privacytools.io/issues/719 which led to it being removed in https://github.com/privacytoolsIO/privacytools.io/pull/720 (and I am happy to see GA being removed and it coming back in https://github.com/privacytoolsIO/privacytools.io/pull/721).

Everyone has a lot of usernames and passwords. Everyone is told that they should use a password manager. Bitwarden handles syncing the passwords between devices, while the other proposed solution, KeePass, leaves that for the user.

I haven't been able to make my family use Bitwarden and I often feel frustated when I listen to them having no idea what their passwords are somewhere or I hear them reusing passwords and me saying that I am not even supposed to know their password isn't heard.

I hope you can understand my question, how much does ease to use weight when compared to privacy or Google Analytics? I don't know how to format this better as obviously privacy weights, but I am assuming everyone understands that if something did something very evil, it wouldn't be on PrivacyTools.io, and I am probably desensitivized towards analytics.

I am mainly thinking of comparing Bitwarden to KeePass, if I cannot make my family use even Bitwarden, do I have any hope of getting them to use KeePass and sync the database onto their phones and all devices they use etc. (while I am not doing that either)?

I personally moved from KeePassX to LastPass probably more than ten years ago as it was easier than resolve sync conflicts of the database and when Firefox Quantum was in beta I moved to Bitwarden while having issues with LastPass who also wasn't updating their extension for Quantum until it became stable.

I cannot format this so I would be happy with it, but I am wondering how important is privacy or something having analytics compared to it being easy to use? For example Bitwarden was said to have Google Analytics enabled in https://github.com/privacytoolsIO/privacytools.io/issues/719 which led to it being removed in https://github.com/privacytoolsIO/privacytools.io/pull/720 (and I am happy to see GA being removed and it coming back in https://github.com/privacytoolsIO/privacytools.io/pull/721). Everyone has a lot of usernames and passwords. Everyone is told that they should use a password manager. Bitwarden handles syncing the passwords between devices, while the other proposed solution, KeePass, leaves that for the user. I haven't been able to make my family use Bitwarden and I often feel frustated when I listen to them having no idea what their passwords are somewhere or I hear them reusing passwords and me saying that I am not even supposed to know their password isn't heard. I hope you can understand my question, how much does ease to use weight when compared to privacy or Google Analytics? I don't know how to format this better as obviously privacy weights, but I am assuming everyone understands that if something did something very evil, it wouldn't be on PrivacyTools.io, and I am probably desensitivized towards analytics. I am mainly thinking of comparing Bitwarden to KeePass, if I cannot make my family use even Bitwarden, do I have any hope of getting them to use KeePass and sync the database onto their phones and all devices they use etc. (while I am not doing that either)? *I personally moved from KeePassX to LastPass probably more than ten years ago as it was easier than resolve sync conflicts of the database and when Firefox Quantum was in beta I moved to Bitwarden while having issues with LastPass who also wasn't updating their extension for Quantum until it became stable.*
ghost commented 2019-01-15 17:00:39 +00:00 (Migrated from github.com)

I agree. Ease of use is very important, which is why we recommend Signal as the first IM tool.

In some cases, such as the IM section, a reasonably secure, yet easy-to-use tool is better than some tool that's somewhat more secure but difficult to use.

However, when it comes to analytics (especially Google Analytics), I think it would be against our principles to recommend such tools. I personally wouldn't mind using for example BitWarden with GA but I don't think it's a good idea to recommend such tools on PTIO.

I agree. Ease of use is very important, which is why we recommend Signal as the first IM tool. In some cases, such as the IM section, a reasonably secure, yet easy-to-use tool is better than some tool that's somewhat more secure but difficult to use. However, when it comes to analytics (especially _Google_ Analytics), I think it would be against our principles to recommend such tools. I **personally** wouldn't mind using for example BitWarden with GA but I don't think it's a good idea to recommend such tools on PTIO.
Mikaela commented 2019-01-15 17:11:57 +00:00 (Migrated from github.com)

I haven't researched passwords managers much, but are there any as easy alternatives/equivalents to Bitwarden or is it the "Signal of passowrd managers"?

I haven't researched passwords managers much, but are there any as easy alternatives/equivalents to Bitwarden or is it the "Signal of passowrd managers"?
danarel commented 2019-01-15 17:28:22 +00:00 (Migrated from github.com)

@Mikaela IMO, Bitwarden is the easiest to use for newcomers. Sure, there are "easier" ones like 1password, LastPass, but their support for Linux is terrible, but also, they are focused on a bigger for-profit model over privacy and security.

I certainly think apps like KeyPass are the best way to go, but they are certainly not as clean and user friendly when you're trying to get new people on board with taking privacy seriously.

@Mikaela IMO, Bitwarden is the easiest to use for newcomers. Sure, there are "easier" ones like 1password, LastPass, but their support for Linux is terrible, but also, they are focused on a bigger for-profit model over privacy and security. I certainly think apps like KeyPass are the best way to go, but they are certainly not as clean and user friendly when you're trying to get new people on board with taking privacy seriously.
AshTex commented 2019-01-15 22:44:44 +00:00 (Migrated from github.com)

I agree that we should include Bitwarden somewhere (such as the "worth mentioning" list) as it fits the FOSS, encrypted at rest, and has had a third party security audit. Much like @Shifterovich I don't mind using Bitwarden (I'm a paying subscriber of it!) with analytics turned off but I think it's against the ethos of PTIO.

I agree that we should include Bitwarden somewhere (such as the "worth mentioning" list) as it fits the FOSS, encrypted at rest, and has had a third party security audit. Much like @Shifterovich I don't mind using Bitwarden (I'm a paying subscriber of it!) with analytics turned off but I think it's against the ethos of PTIO.
ghost commented 2019-01-15 22:46:01 +00:00 (Migrated from github.com)

Again, the analytics have been removed from BitWarden.

Again, the analytics have been removed from BitWarden.
AshTex commented 2019-01-15 22:56:36 +00:00 (Migrated from github.com)

Ah sorry! I didn't see the comment on the original PR. That's great news. :)

Ah sorry! I didn't see the comment on the original PR. That's great news. :)
This repo is archived. You cannot comment on issues.
No Milestone
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#722
No description provided.