Local Vault

Hi foolioCA, thank you for this post. I'm afraid that if standalone vaults are a must-have for you, then we're at a bit of an impasse.

We made the decision to move to the 1Password.com model for a number of reasons - including an increased ability to add more security-related features and better support folks who have encountered issues.

While we'd welcome your input on the self-hosting survey, the days of standalone vaults (or syncing to third-party services like Dropbox) aren't coming back. We had the chance to create a dedicated security architecture, greatly improve the functionality of the apps, and provide better support, and we took it.

To address a specific point:

Yes I have read and understand your private key logic and I understand the technology. But it doesn't convince me to take an unnecessary risk due to another companies selfish or poor business decision - it's just not worth it.

I think it's worth saying for anyone who's following along that the elements needed to decrypt your data are still stored exclusively with you. We never, ever have access to your account password or Secret Key. While I respect your decision not to put some or all of your data in the cloud (it's your data, and your decision), I'd be interested in what the specific concerns are around this - how should an attacker break strongly-encrypted data without access to the keys that only you, the local user, have?

I am sorry to learn that you're disappointed with the direction we're going, but these decisions were taken with an eye towards usability, convenience, and (very importantly) security. I hope you'll stick with us, but if not, we wish you all the best, and safe travels.