I don't understand how HN can complain about Google sucking up data and rarely if ever mention LassPass's terms of service which basically flat out state they share your info to marketers. Effectively they appear to be making money by looking at all the sites you log into via LassPass. If you're using their browser plugin I can only guess, given their Terms of Service, that they're spying on all pages, not just pages you're getting a password via their service for. Though even selling the info of which services you're using is bad enough.
Sure, they have a free plan and so you are not the customer. Why do they get a pass?
Note: I have no proof they are spying. I only have the fact that their TOS points to their privacy policy and their privacy policy says they can collect pretty much anything you'd expect software to be able to collect and that they can share that info with whoever they decide to partner with.
Contrast to some other password managers that stay flat out, they don't collect your data and don't want to know it.
From their Privacy Policy
> 1. Information We Collect and Receive
> Service Data (including Session and Usage data):
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data ...
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
That's pretty much everything given they put an extension in your browser and can collect all of that info for every page you visit
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure
Why would anyone want a password manager with this privacy policy?
> Why would anyone want a cloud based, proprietary, non-free, non-oss password manager is what I really want to know.
Former reputation and inertia. I use it, and when I started it seemed to have the best reputation for ease of use. I also recall that its security model was publicly endorsed by quite a few people who looked at it closely. I only use it for "less important" sites, which basically means everything that isn't a primary email account or an investment website. For those, I use 2FA whenever possible and memorize random passwords [1].
I've been interested in switching since LastPass was bought by LogMeIn, but it's never been a high enough priority for me to actually spend the time to search for another tool.
[1] when memorization gets to be too much, I split the passwords in half: a common half I memorize, and a unique half I write down on paper.
Firefox Lockwise is very new and quite frankly doesn't have very many features that people require such as import, export, etc. At this point I don't even know how to get all my password manager passwords into Lockwise even from a simple comma delimited file.
Right now, it's still impossible to switch to it for a lot of people.
You can't have HTTPS everywhere until we can get HTTPS for IoT devices. My router doesn't serve it's configuration screen via HTTPS. How could it? I have to connect to it to configure it before it's on the internet.
Same with my IoT cameras and all the various local apps I run that can start a web server. Heck, my iPhone has tons of apps that start webservers for uploading data since iPhone's file sync sucks so bad.
We need a solution to HTTPS for devices inside home networks.
I agree that having an elegant and secure solution to enable HTTPS on
non-internet-facing equipment would be nice. I work mainly on embedded devices
and all my admin interfaces are over HTTP because there's simply no way to ship a certificate that would work anywhere. It would be nice if you could easily
deploy self-signed certificates that would only work for local addresses and
only for specific devices, although of course doing that securely and with
good UI would be tricky.
In the meantime having big warnings when connecting to these ad-hoc web
interfaces makes sense I think, since they can effectively easily be spoofed and
MitM'd (LANs are not always secure in the first place so it makes sense to warn
the user not to reuse a sensitive password for instance). It's annoying for us embedded devs but I think it's for the greater good.
An answer will already decay naturally if it goes out of date as people will downvote it for being wrong. There are plenty of relevent 10yr old questions and answers. Decaying old answers will just make good info harder to find.
imo they should get rid of the gamification. change the upvote to a "thanks" button and don't so the totals
IANAL and I'm sure this will get downvoted since people won't like what I have to say.
I'd concentrate on the positive rather than the negative, that if you get to work on this project via your employer from this point on you'll be getting paid to do the thing you were doing for free.
Getting paid for past work seems unlikely. You already admitted you didn't care about compensation by open sourcing the project. You were willing to give it to anyone, including your own company as open source. Not that you can't ask, maybe they'll be nice about it, but just saying it's strange that before they asked you were giving it away for free to any company and now that they asked you want compensation.
To be harsh you arguably did something wrong by making something that directly competes with your employer. It doesn't matter that it was on your own time. It's called a "Duty of Loyalty" and basically means you can't get paid as an employee and at the same time stab them in the back by competing with them.
Maybe you don't think it competes but you said yourself it directly relates to what they do so yes, as you admitted, you've cornered yourself in a bad place.
Some companies, like Google, have an easy way to get a signed contract saying they will not claim interest in your project before you start (or they'll point out it's a conflict of interest like if you said you wanted to make a cloud based mail service ... in which case my guess is they would try to get you to join the gmail team, contribute to it, or you could quit and start your cloud based emails start up). The point is they are upfront about the legal issues and provide a way to work out a solution. Most companies don't have a procedure for this until it's too late.
Well, for Google it's not that ideal. Google claims 100% of the IP done inside and outside of your work.
"As part of your employment agreement, Google most likely owns intellectual property (IP) you create while at the company. Because Google’s business interests are so wide and varied, this likely applies to any personal project you have. That includes new development on personal projects you created prior to employment at Google. However, we understand and sympathize with the desire to explore and ship technology projects outside of Google."
If that's in the Google employment agreement, I salute them for using plain understandable wording, so one can agree or not. instead of EULA-ish doublespeak.
I have this concern too that by putting something out there without permission as an employee you may have done harm to the company. You need a lawyer. You may also want to consider hiring a coach to help you develop a voice within the corporate setting so that you can better influence the direction of products without having to build an alternative in your precious spare time. And if the company doesn’t currently have policies like described above maybe this example can be used to help shape them with your input.
Can you please elaborate on “coach to help you develop a voice within the corporate setting”? What are these coaches called? Can you link to an example?
It sounds like to me that rather than interact with his colleagues to ensure their enterprise product was built incorporating the approaches he took in his package, he just went a built his package in isolation and then pushed it to github. Was that because the organization was ignoring his input, or he wasn’t in the right position to influence the direction or maybe he saw an unserved niche that the company wasn’t serving. or maybe it was just a drive to do something that needed to be explored. Either way, something got created. And that’s good. You never want to stifle creation sometimes that drive to create outside of work helps exercise part of the brain that helps you break through hurdles at work. Whatever got produced was a gift. The question is now what to do with that gift? I get the sense that OP is searching for how exactly to communicate with his company. The advice to seek counsel is sound. But counsel isn’t going to all of a sudden make him a great strategic-thinking leader in the eyes of his employer. That is something that will take work and practice if that’s what he is seeking. He can read books, he can take classes or he can find a business coach that will give him critical feedback and mentoring. In the past senior members of the organization might mentor junior people into leadership positions but I think unfortunately that art has been lost. So probably the best path would be to find someone who can do this 1:1 outside the org.
I am curious how hard a problem it is for the system to figure out what side of the road the driver should be on. Could they put a little arrow or something in the UX so I could point to which side of the street I'm on? Ideally before I order the car so the dispatch algo can prioritize cars that are more likely to approach from the correct side.
If the street is busy it can be hard as a pedestrian to safely get to the other side of the street. I've also had drivers just go the wrong way like I was standing between Gough and and Octavia on Market maybe 10-15meters from Gough. The driver came down Gough and turned left on Market at which point I knew it would be > 10 minutes before they could make all the correct turns to get back to pick me up. I cancel the ride and was surprised the system didn't direct them better.
It was a 3 lane one direction road and each time he went to the right hand side because the instead of trying the left handside. And instead of waiting for traffic to clear and thinking she might be on the otherside of the building he went to the back...twice.
Looks like civilian GPS accuracy is 4m or so. I could imagine that dropping someone's dot in the middle of a street, and then a driving having to guess which side of the street the error is coming from.
Some places will put both evens and odds on the same side of the street if there's only one side, and then use more numbers if there is subsequently development on the other side of the street. Some places will assign a new house number whenever a new building is added, no matter where it is located. Some places will number in clockwise (or counterclockwise) direction.
I loved reading OkCupid's Blog but it rarely matched my experience with the site and the conclusions they reached almost always had other plausible explanations.
Sure, they have a free plan and so you are not the customer. Why do they get a pass?
Note: I have no proof they are spying. I only have the fact that their TOS points to their privacy policy and their privacy policy says they can collect pretty much anything you'd expect software to be able to collect and that they can share that info with whoever they decide to partner with.
Contrast to some other password managers that stay flat out, they don't collect your data and don't want to know it.
From their Privacy Policy
> 1. Information We Collect and Receive
> Service Data (including Session and Usage data):
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data ...
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
That's pretty much everything given they put an extension in your browser and can collect all of that info for every page you visit
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure
Why would anyone want a password manager with this privacy policy?