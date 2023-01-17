from the 1000-words-is-worth-a-picture dept.
As a software engineer and long time LastPass user, I've always been an advocate of password managers. With data breaches becoming more and more common these days, it's critical that we take steps to protect ourselves online. However, over the past year LastPass has made some decisions that have made me question their motives and ultimately has recently caused them to lose my business.
Last year LastPass introduced a new redesign of their vault in which they added nice pretty logos of all the sites in your vault.
This got me wondering, if LastPass is encrypting all of my data before it goes to their servers (like they claim) how are they able to show these logos to me when rendering the vault webpage? I turned to my browser's developer tools to find out.
The rest of the story relies fairly heavily on graphics to show what the author is doing. Worth a read to see the process in tracking down the problem.
A few months back they moved all their premium features to the free tier.
I think they started offering a dropbox clone as a purchasable option
But it sounds like they are probably spying on the free users too.
I pay for LastPass. It's tremendously convenient - I have four computers at home, and two at work, along with two cell phones, between my wife and I. Using LastPass to generate unique passwords for every site, and being able to sync them across all those devices is remarkably convenient.
However, if they're leaking information like the list of sites I visit, then they've been taken over by marketing geeks and are no longer run by the engineers. There is no recovery from this; they will become, like Symantec or McAfee, a security company that sells to the C's but is despised by the technically literate.
