Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Tuesday January 24 2017, @05:03AM   Printer-friendly
from the 1000-words-is-worth-a-picture dept.

As a software engineer and long time LastPass user, I've always been an advocate of password managers. With data breaches becoming more and more common these days, it's critical that we take steps to protect ourselves online. However, over the past year LastPass has made some decisions that have made me question their motives and ultimately has recently caused them to lose my business.

Last year LastPass introduced a new redesign of their vault in which they added nice pretty logos of all the sites in your vault.

This got me wondering, if LastPass is encrypting all of my data before it goes to their servers (like they claim) how are they able to show these logos to me when rendering the vault webpage? I turned to my browser's developer tools to find out.

The rest of the story relies fairly heavily on graphics to show what the author is doing. Worth a read to see the process in tracking down the problem.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by bradley13 on Tuesday January 24 2017, @12:50PM

    by bradley13 (3053) on Tuesday January 24 2017, @12:50PM (#458071) Homepage Journal

    How can they be this dumb? Or even remotely sensible? Leaking the websites you visit could be, in particular circumstances, extremely dangerous. It certainly is a betrayal of their (supposed) goal to keep your data private.

    It'ś not even necessary! If they think users want icons, they could have the local client fetch a site's favicon, and encode and save it along with the other information. I'm not sure I want my password manager accessing the internet, so this needs to be optional behavior.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @05:33PM

    by Anonymous Coward on Wednesday January 25 2017, @05:33PM (#458545)

    LastPass is a for-profit company that rents-out proprietary software.

    Seriously, what more do you need to know? The user's security and privacy is not even in the top five of their list of priorities.