Ethics of forced upgrades from Version 4
I have read all the developers comments about 1password 4. As a developer I completely disagree. Designed obsolescence is not your right. I am sorry I would never write software that implodes after a specific number of years. There is no reason to do that. New features and versions should stand on their own not to be dependent on a captured audience from the past. I am happy with 1Password 4 and have no interest in upgrading for various reasons which i will not discuss here. You should always make sure old versions at least have their basic functionality intact. It is an ethical imperative.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hi @hellimod:
I sincerely apologize for the inconvenience here. 1Password is a security product, and as such, it requires updates to stay up to date with the ecosystem around it. While you're absolutely entitled to use the standalone license you've purchased for 1Password 4 for Windows for as long as you'd like, as operating systems and browsers change around 1Password 4, there is the definite possibility that updates to those operating systems or browsers introduce compatibility problems with 1Password 4.
Jack
0 -
I really don't want to be rude but the obtuse response is a challenge. Why would I trust an organization that is frequently hacked with my passwords. The best protection from intrusion is an organizational gap. Holding a database for all your customers passwords is a disaster waiting to happen. I just don't get how you can ethically say it is more secure.
0 -
I appreciate where you're coming from. There are a couple of things you've said that are concerning, and perhaps by looking at those assumptions we can work toward more common ground.
Why would I trust an organization that is frequently hacked with my passwords
1Password has never been hacked. I'd be interested to hear where that thought comes from, and if that has been your understanding why you'd be using our software at all (especially software that is particularly outdated). If we were frequently hacked then surely updating our software frequently to close those holes would be prudent?
Holding a database for all your customers passwords is a disaster waiting to happen.
We don't have our customers passwords in a database. All data you enter into 1Password is encrypted on your device using keys only you have before the encrypted data is synced. We never have access to the keys needed to decrypt that data. What we don't have can't be taken from us.
I just don't get how you can ethically say it is more secure.
We go into great detail on the security of 1Password here:
About the 1Password security model
In particular, if you're interested in the nitty gritty, I'd highlight our 1Password Security Design White Paper. This covers the technicals of how 1Password secures your data.
1Password has been responsibly protecting your data the entire time using it; a responsibility we take incredibly seriously. That hasn't changed with newer versions.
Ben
0 -
You're making false equivalences for public consumption, not to speak to me, you are not speaking to me at all in fact. I know and you know software with an air gap has no risk no matter how out of date it is. So if i run your old software on Linux through a virtual machine, there is nothing to be outdated and the software has zero risk and that system can be isolated from the internet.
This claim that old versions have some security problem and need updating is a double edged sword as it is also the very proof that you have been hacked. If something old is less secure then you must have something to back up that claim. Thus you have been hacked. Your shooting yourselves in the foot. Is your old software hacked? Or is it secure? Pick one of these. I am also Canadian and a customer so you are on the hook to nail down your conflicting claims.
Sounds like you want your cake and eat it too. You want to claim your software has never been hacked and you want to claim your old software is not secure to force upgrades for profit. But you don't seem to realize you are now in a security paradox. Both conditions cannot exist.
I read your white paper and it suffers the same logical problem as every security white paper I have ever seen. It does not address the security/profit paradox. Why is your server involved at all if not for profit alone? You do get that you people do not see the paradox right? And that is a vector that makes your software less secure, you wont under any condition take yourself out of the process, you want those juicy greenbacks. Thus the profit/security paradox. I expect now a explosion of illogical half baked arguments as you attempt to struggle with the fact you did not see this or understand it fully. I argue with the best security in the industry and they have yet to win this argument. You are the worst vector.
I made software in 85 and all I was using was a simple xor, written in Boreland C for dos. It was secure because of how it was used then but I would not try to claim i have never been hacked.
0 -
Wow, i wrote an entire post responding to you guys and it was deleted.
I just had an entire post deleted by your system. I will keep in mind that I will keep a copy of the my posts off your system and will post them to twitter if they keep getting deleted.
I will rewrite it now an be very brief, so forgive me if it seems rude. But I read your whitepaper and have a logical problem.
You can't have your cake and eat too. You can't claim to be secure and "NEVER" been hacked and claim that old software is not secure. Pick one condition.
Your white paper suffers from the same problem that is industry wide. The security/profit paradox. The involvement of your server is a vector and nothing you do is going to change that. You cannot gaslight people into thinking your involvement in the security process is not a vector. If you drop the hope of gaining profit then you will make the software far more secure. You know that, I know that. Just stop trying to gaslight people into thinking your involvement is required.
I have been writing security software since the 80's I am sure you will not give me one inch of respect but you write like everyone who posts knows nothing. You should always perform customer support with the thought that your customers are smarter then you.
0 -
Wow, i wrote an entire post responding to you guys and it was deleted.
I'm sorry about that. It was not deleted, but it was caught in the automated spam filter. I've released it from there.
You want to claim your software has never been hacked and you want to claim your old software is not secure to force upgrades for profit.
There is a very wide margin between "being hacked" and security improvements being made over time.
Why is your server involved at all if not for profit alone?
There are features that have been highly demanded which we can offer with a proper client/server model that aren't feasible without one. Being able to share vaults with other users without having to share your credentials for 1Password is one such example.
I have been writing security software since the 80's I am sure you will not give me one inch of respect but you write like everyone who posts knows nothing.
That isn't my intent, and I apologize I've come across that way. I mean no disrespect with my responses, but we do clearly have very different ideas and frankly we may very well be at an impasse.
your customers are smarter then you.
Of that I have no doubt.
Ben
0
