Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So do Chrome and Firefox. If you sign into them, they download your saved passwords which were uploaded to their clouds.


You don't have to sign into browsers. You don't even need an apple ID, I use a local account on my macbook.

It's not the happy path though. We need a tech a company that prioritizes local-first designs.


At least with Chrome (and stock chromium, IIRC), you don't have to sign into the browser. If you sign into any Google property, the browser will use that auth to log you in.

Firefox does not, but it sure prompts the hell out of you to do so.


In Chrome Settings, You and Google, Sync and Google services, there's a toggle "Allow Chrome sign-in", which says "By turning this off, you can sign in to Google sites like Gmail without signing in to Chrome".


Sure. But it's on by default, isn't it? Just like Apple's upload is on by default.

Also, chromebooks require such a sign-in as well, and I'll bet they enable that syncing by default as well.

Singling out Apple here is kinda silly when they're encrypted (if you don't trust Apple to tell the truth there, running their OS at all is risky), and when the behavior is that which we'd expect.

And at the end of the day, using Apple's password manager is mostly (exceptions including wifi passwords) optional.


> Just like Apple's upload is on by default.

The blog post is about how it was off and then got silently toggled on.

> Singling out Apple here

I'm not a journalist covering tech companies. I'm an Apple user complaining about something that happened on my own Apple devices. It's silly to characterize that as "singling out Apple".

I do use Chrome, though, and it never silently switched that toggle back on. If it did, I'd definitely blog about that.


Why wouldn't you use local solutions for that? There is no profitability in that for companies and a lot of headaches to maintain another solution that they are just going to see as a money-sink. Companies pretty much -have- to provide a password solution on a modern OS, but they don't have to provide 2. It will have to be done by you with something like KeepassXC or Vaultwarden or something.


I think firefox asked me what I want to sync


It does, and you can configure it at any point, per browser, but it's just a click box. Someone could come in behind you and click on password I think to sync up passwords. Maybe it should ask for your sync password if you do that? It doesn't seem to right now, I just changed it with no complaints. That said I only keep unimportant passwords in firefox as a convenience, banking etc go in bitwarden




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: