Hi, just as I was feeling more confident with 1P families and so added another family member to our account I (or my sister in law) spotted what we consider a security issue.
I was showing her assigned vaults - Personal, Holidays and Shared and how there were a few things already in the shared vaults that my wife and I had set up. However she spotted that when she clicked on the Shared vault the Trash icon (which I think is only visible in the OS X app?) had 53 items in it. I was surprised, and When we looked these were things that I had moved to other folders while I was figuring out a good structure for the wider family.
Comparing these items to their counterparts in other vaults, they are current logins and things I didn't necessarily want my sister in law to access. I have a hunch that when you move an item to another vault it's actually a delete and add operation internally and as such it keeps a copy in the trash - although in the case of shared, this deleted copy is still public in the trash. I'm not convinced this is what users would expect (it certainly hadn't occurred to me that moving it somewhere less accessible would leave this copy around, and it wouldn't occur to me to empty the trash can to prevent this).
I think this behaviour needs a rethink. At the very least make the trash can an admin only accessible location - or don't consider a move as a delete+add operation.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided