Hacker Read

FabHK · 2017-06-12 19:15:46

Good question!

1) I trust them ever so slightly more than your average off-shored telco rep.

2) AFAIK, they do not hold the credentials in unencrypted form, they're only decrypted on the device with the backup password.

reply

gbear605 | karma 2974 | avg karma 2.97 · | 2019-11-29 04:37:51+00:00

I trust them to keep their products relatively secure from hackers, not to not use my data.

aaomidi | karma 5622 | avg karma 1.62 · | 2023-11-23 23:02:58

They have cryptographic proof of what types of devices you’re on. There’s a lot of metadata that they have access to because of their closed ecosystem.

mnemnc | karma 46 | avg karma 2.42 · | 2021-04-14 07:19:52

They at least offer local network syncing, instead of requiring a cloud account (which is a deal breaker for me). This lets you keep your passwords in sync between your Computer (master) and mobile devices without them ever leaving your home.

All that does of course still require trust in the company, but at least not in their cloud infrastructure and, well, the internet...

reply

sliverstorm | karma 24708 | avg karma 2.23 · | 2014-01-27 16:51:05+00:00

I trust them with encrypted blobs, no problem.

killerpopiller | karma 444 | avg karma 1.96 · | 2014-07-30 20:40:08+00:00

call me naive, but I actually trust them.

..and it is the best solution for guaranteeing confidentiality and the encryption need/problem - not to need it, since there isn't a server to eavesdrop on

reply

nizmow | karma 522 | avg karma 5.07 · | 2019-11-29 09:38:20+00:00

I trust them in the sense that they're going to _mostly_ keep the data they steal to themselves and are capable of doing so.

delano | karma 2609 | avg karma 2.92 · | 2011-11-07 15:43:26

Nothing is entirely secure. We're two guys with no ulterior motives that take all reasonable precautions to keep the data safe. For most people that's not only enough, it's much better than having their passwords stored in their email archives and chat logs.

ipsin | karma 2276 | avg karma 4.53 · | 2016-03-26 19:03:42+00:00

Even if you trust the company, you also have to trust that they have no logs that can be subpoenaed and that they cannot be compelled or hacked to wiretap you.

nwh | karma 5848 | avg karma 3.22 · | 2013-09-05 14:10:27+00:00

They're a company that you're probably trusting most of your keys and data to. Trust in them must be absolute anyway.

guitarbill | karma 4239 | avg karma 2.71 · | 2016-09-09 15:54:38

Right, they have all your files already, so there's clearly some level of trust.

HyperSane | karma 1232 | avg karma 1.68 · | 2023-02-17 20:25:08

At a minimum you need to trust that THEY don't get hacked.

sbierwagen | karma 12882 | avg karma 3.77 · | 2016-09-20 17:55:32

There's a distinction between trusting a company not to look at your data when you hand it to them in plaintext, (Skype) and trusting them to have completely flawless, bugfree code that the NSA hasn't backdoored. (Dual_EC_DRBG)

nmridul | karma 600 | avg karma 2.06 · | 2012-10-19 02:05:01

They have the open data policy allowing you to take your data with you. And this is what makes people less suspicious of them.

bradstewart | karma 1229 | avg karma 2.07 · | 2019-10-31 20:15:24+00:00

The convenience outweighs the risks for the vast majority of users. My parents need something that is available on all devices, syncs automatically, and requires no maintenance.

You get a master encryption key that never leaves your device when setting up the account. Anything that touches their servers is encrypted with that key. You need that key to setup a new device (in addition to your username and master password).

reply

taytus | karma 4948 | avg karma 4.87 · | 2021-02-08 21:02:39+00:00

This is my question as well. It's an honest question and hopefully someone can educate me.

Why would anyone trust a third party with what is the most important asset, their users?

Thank you in advance.

reply

slingnow | karma 257 | avg karma 0.76 · | 2023-01-18 10:06:50

You're right. I'm sure their security design is 100% bulletproof and none of my sensitive data will ever be leaked. And even if it were somehow possible for it to be leaked, I'm also sure the company would be completely forthcoming as quickly as possible.

gohohn | karma 5 | avg karma 1.0 · | 2022-11-23 11:37:19

That is true. But then many people put a lot of trust in the major providers in many other areas too, such as hosting their private files and email, holding card payment information, and so on.

mynewtb | karma 1183 | avg karma 2.64 · | 2016-06-15 21:59:16+00:00

I guess control over their user's privacy and the integrity of their connections is more important to them and I like that.

inetknght | karma 7946 | avg karma 2.72 · | 2019-09-04 21:50:15+00:00

That sounds very secure indeed. Nobody would ever guess that I'd recently called my folks! /s