1Password on Mastodon

Self hosting or alternative source syncing?

_B__B_
Community Member
edited January 10 in Lounge

Hi 1password,

I hope you’re well! I recall in late 2021 some conversations around beginning development of a self hosted version of 1password (according to a 1PW blog post). I was wondering where that stands on the roadmap, and if there’s any hope of either (a) a self hosted version, (b) the ability to sync via a custom folder instead of 1PW’s cloud (like v5-7 offered) in the short- to mid-term.

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Dave_1PDave_1P

    Team Member
    edited January 9

    Hello @"B"! 👋

    We don't have any plans to bring back old standalone vaults and legacy sync. If you're interested our founder posted a great mini-essay on our decision to go all-in on 1Password.com here: The future of local/standalone vaults — 1Password Support Community

    I recall in late 2021 some conversations around beginning development of a self hosted version of 1password (according to a 1PW blog post). I was wondering where that stands on the roadmap,

    The latest update regarding a possible self-hosted version is here: https://1password.community/discussion/comment/642184/#Comment_642184

    If you haven't already then please fill out the self-hosting survey as we're still collecting data to gauge the demand and use case of such a product: Self-hosted 1Password kick-starter

    -Dave

  • JoshSJoshS
    Community Member
    edited January 9

    I'm not saying this particular proposed solution is the solution, but I definitely agree with the sentiment. And I think companies should take notice when the literal designer of the most used internet protocol, aside from dns, says we shouldn't trust our personal data to be stored in a central location. I can't think of anything more personal than my password vault, which is also why I haven't been able to upgrade.

    “I think we’ve all come to realize that the value of the web is embodied in the data available on it,” [John Bruce] adds. “In this new world of you looking after your own data, it doesn’t live in big silos that are lucrative targets for attackers.”

    And I’m not, necessarily, suggesting 1PW will abuse it. But, let’s be honest, Google was founded with a “Don’t be evil” code of conduct… which they’ve removed. It’s not generally in anyone’s best interest to trust any company to put their interests first.

    “I think the public has been concerned about privacy — the fact that these platforms have a huge amount of data, and they abuse it,” he says. “But I think what they’re missing sometimes is the lack of empowerment. You need to get back to a situation where you have autonomy, you have control of all your data.”

    https://www.cnn.com/2022/12/16/tech/tim-berners-lee-inrupt-spc-intl/index.html

  • Dave_1PDave_1P

    Team Member

    @JoshS

    Thank you for linking to the news story, that's a very cool idea! I'm definitely going to keep an eye on the "Solid Pod".

    At 1Password, we take data security very seriously and we deliberately limit the information that we can access here on our end. All of your actual 1Password data is end-to-end encrypted using a private key derived from your account password and Secret Key so all that we see on our end are encrypted blobs of gibberish. You can read more about what we know and don't know about users here: What we (don’t) know about you | 1Password

    Your actual data never leaves your devices with first being encrypted using a secret that only you know. Even if we wanted to look at your data we have no ability to do so since we don't have your account password and Secret Key.

    You can read more about our security here: Find Out How Safe 1Password Really Is

    -Dave

  • _B__B_
    Community Member

    Thanks a bunch for your reply! Very informative and helpful. I'm disappointed more people aren't interested in self-hosting too -- I get why... people who use 1PW for its (amazing) ease of use shouldn't be interested in self-hosting, but those who use it for maximum safety probably should. If 1PW data were to ever get hacked, I rest assured that its encrypted well, no doubt. The problem is that well within our lifetimes its likely even the best of today's encryption will be easily brute forceable. So I'm worried about the situation where someone hacks 1PW, holds onto the encrypted data for some years, and is able to decrypt it down the road. It seems to me the only protection (above the strong security 1PW has today) is decentralization of data, so no one server is a treasure trove.

    If you have any thoughts about the safety of our data come a quantum computing era, I'd certainly be keen to hear! Otherwise I'm afraid there's just a limit to what I'll be able to store in 1PW.

    Thanks a bunch for the super helpful reply!

  • Dave_1PDave_1P

    Team Member
    edited January 23

    @"B"

    If you're interested, our Principle Security Architect wrote a post answering some of those questions here: https://1password.community/discussion/comment/671157/#Comment_671157

    Let me know if you have any other questions after giving that a read or you can reply to him in the other thread. 🙂

    -Dave

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file