Setup with standalone vault [restored for paid customers in 7.3.4]

135

Comments

  • Howdy,

    I am also disappointed in this feature removal. I am a long-time (since 2008) 1Password user, not just with standalone product but also having personally signed up for 1Password Teams subscription as soon as it was offered and still using this (I didn't migrate to Family). I am also the Product Manager at a software company. The OP of this thread didn't expand on how exactly they use this feature, but I will. I travel internationally often for both business and personal reasons, having now traveled to more than 50 countries, many of which do not have the same concepts of personal freedoms/rights for privacy as my home country does. In order to travel to some of these countries while still being able to safely conduct business or to enjoy myself, I have to take extraordinary measures, and 1Password is part of my operational security posture. What I do depends on the country I'm traveling to.

    A simple example is that for travel into China I take a burner iPhone loaded with a 1Password local vault only, no syncing, with passwords only for some basic essentials and some burner accounts for that trip. I take a burner laptop as well, which has a fresh install of Linux with no personal data on it, and I mail ahead of time an encrypted flash drive containing any personal data I need during my trip to my hotel to be loaded to the laptop/phone upon checking in. It's not perfect, but this is the reality of just doing normal travel into some countries due to their overzealous security services and complete disregard for basic human rights to privacy. Many of the places I travel, both personally and for business, are not countries that are exactly hot tourist destinations, so I encounter situations like this somewhat frequently.

    I hope given this example you can see the basic product requirement here and why a SECURITY product has an essential need for non-synced local-only data. Additionally, as a PM myself, I should point out to you that removing a feature in a point-release with no prior deprecation notice or mention in the release notes is extremely bad form and out of character generally in the software industry. Typically point releases are expected by most people (especially those of us who are also in tech) to contain no significant breaking changes, these are reserved for major version releases.

    Given this feature removal I now need to re-evaluate my choice of 1Password as being essential to my operational security, which is unfortunate because I love your generally strong focus on UX and I've really had no other major complaints for over 11 years. Not only is this feature itself essential to me, the way you've handled it in this thread leaves a lot to be desired. Please reconsider.

    Thanks

  • haafhaaf
    edited July 12

    @brenty wrote:

    I appreciate you taking the time to try to boil this down, but I think you've misunderstood. That's likely our fault because of the lack of clarity in the first place, and I suspect you're just just going off of some of the other comments here. To be clear, you can still sync standalone vaults in 1Password for iOS.

    Thank you for trying to clarify, but I don't think I've misunderstood. AgileBits has removed the capability of synchronising to file/folder on iOS (also called the filesystem), and doesn't support e.g. "send file via iTunes". Furthermore, it's only possible to synchronise the primary vault (which is not my use-case) using iCloud.

    Also there WLAN server doesn't support synchronising stand-alone vaults to iOS.

    In my setup I have a backup, from where I have opvault files, but there's currently no good mechanism in 1P to get access to those on iOS. There used to be, but it's been removed. Since the thread is about "Local Vault Option Gone" I felt it was valuable to share my experience with the local vault sync disappearing from 1P.

    Sync to folder is possible on desktop, but not on iOS

  • edited July 12

    Is the reason Agile Bits removed this feature from the iOS app, because iPad OS 13 will support local USB storage?
    So people could store their 1PW database on a USB device and switch between devices locally?
    Removing the need for cloud subscription in that use case?

  • MrRooniMrRooni

    Team Member
    edited July 12

    1Password Approved Answer

    Hi, everyone. I wanted to take a few minutes to respond to the thoughts you’ve laid out above. First off, thank you for taking the time to drop in here and let us know that we’ve messed up. Whenever I write our release notes I typically take a moment to thank those of you who have gotten in touch and helped us make 1Password better. While usually that takes the form of a new or improved feature, holding us accountable when we misstep also falls into that category.

    Let me start by saying that I am sorry. I am sorry that we removed a feature that some of you rely on for your workflow and I’m sorry we didn’t communicate its removal. In all honesty I assumed it would go mostly unnoticed. I figured that existing customers already have 1Password setups that are working for them, so no one would miss it. And really, why draw attention to the removal of a feature that shouldn’t really affect anyone anyway?

    Clearly I missed the mark on this one.

    While it’s too late for most, I have gone back and updated our release notes to indicate that we removed this feature.

    I also want to touch briefly on why this feature was removed. For better or worse, a good chunk of the answer comes down to how we want 1Password viewed as a product among the field of other password managers. Prior to this change 1Password would frequently appear on the list of the “best free password managers” and while that’s flattering, it’s not where we want to be. 1Password is a paid product, and prior to today 1Password for iOS was the only 1Password app on any platform that could be used entirely for free. That is no longer the case. Another large reason why we removed this feature was that an unsynced vault on an iOS device is a dangerous thing. We receive enough customer support from people who set up 1Password in this way and then lose their device and lose everything that we wanted to take a very deliberate step in removing the possibility that people could find themselves in that state.

    Lastly, I’d like to understand how folks (such as yourself @gross) were using this feature and see if we can come up with a decent workaround for you.

    Again, my apologies for the way this was handled, thank you for holding us accountable, and we’ll try and do better in the future.

  • MrRooniMrRooni

    Team Member

    @Tyler Duzan Thank you for taking me through your use case for standalone vaults. When setting up your burner phone could you sync to an existing iCloud or Dropbox vault and then disable syncing in 1Password for iOS:

    1. Tap Settings
    2. Tap Vaults.
    3. Select your vault.
    4. Tap on the Sync Service row.
    5. Choose Disable Sync on the following screen.
  • @exitstrategy I dont think there will be a replacement. Even though changes in iOS 13 would come very handy. I think this is another push to force users into a subscription model.
    As @Tyler Duzan pointed out, there are very serious use cases for local, independent vaults. And it is not only china, this also applies e.g. for Europeans travelling to the US.

  • edited July 12

    @MrRooni:

    Thanks for taking the time to reply and provide a possible workaround. I will attempt this at some later point in time and see how it works for me. From an op-sec perspective though I have some concerns about this approach that you may be able to help me alleviate. Namely I need to know an accurate answer to the following questions:

    1) Is there ANYTHING stored in 1Password/iOS which would allow a motivated attacker to determine a vault originated from off-device (e.g. syncing was done then disabled).

    2) Is there ANYTHING stored in 1Password/iOS which would allow a motivated attacker to determine which 1Password Teams/Family user account was used to connect the app? (e.g. its apparent there was a cloud-based connection at some point after vault syncing has been disabled).

    Both of these are critically important things for operational security in the use case for local vaults, as it speaks to plausible deniability and has extremely important legal and human rights implications for my travel. Regarding #2 above, while it wasn't really brought up in the thread previously, one important implication of there not needing to be any special connection to your subscription for local vaults is that there is no residual identifying information related to the app and the vault. So in a large way the iOS mobile app being "free" was critical to my use case as a long-time paying customer and subscriber.

    Additionally, unless I'm mistaken, on first glance it appears iCloud and Dropbox syncing both support only syncing the primary vault. In this case, this would not be a valid workaround for creating a local vault on the device.

    To be really clear about how deadly serious this is for me:

    In my travels on more than one occasion I have been arrested by secret police in foreign countries, interrogated, sometimes held and interrogated at gunpoint under threat of violence/death, and in all of these cases my electronic devices were seized, taken from me elsewhere, for unspecified and unknown purposes including potentially motivated nation-state level local attacks. This is despite the fact I am effectively nobody special, I don't do anything that's national security related, and I'm not involved in any espionage activities of any kind. I NEED, literally my life could depend on, to be able to say "Yes sir, this is my password for the password manager, there are no other accounts. I don't have any other accounts." and to a significant degree this should be verifiable by the attacker, or at least not falsifiable. Based on @tom_tom's comments, I think he gets my situation here.

    Given that you are fundamentally a security company offering security software, I find your adherence to the same laissez faire approach of "move fast, break things" that seems to permeate the wider software industry deeply concerning. I understand that people like myself, OP, and @tom_tom may not be your primary customers. Most Americans hardly ever travel abroad, and when they do they got to hot tourist spots in Europe, Canada, and Mexico, hardly a significant security barrier. But there are those of us who travel much more extensively and have very critical and important operational security requirements, and the need to have reliable communications and working technology is so high that it necessitates the risk of taking a smartphone and laptop at all. To the degree with which we are comfortable with that risk, we need to mitigate it as much as possible in our security posture and software like 1Password can be a lynchpin to that posture which could literally determine whether or not we live to make our flight home or end up as an unfortunate news story about the dangers of traveling outside commercially relevant tourist destinations.

  • I wrote a rather long comment that was in response to @MrRooni, and then I got a notification in response to an edit saying it'd appear after being approved, and it's no longer listed anywhere on my profile. I'm unsure if this is because I made so many edits for formatting, or if it is a deliberate response due to the security nature of the comment?

  • LarsLars Junior Member

    Team Member
    edited July 12

    Hey @Tyler Duzan - sorry for that. Looks like you're right; the combo of multiple edits and who knows what else triggered our forum software's (Vanilla) Spam filter. I've restored the post from there.

    edit: to be clear: nothing wrong with your post that I could see. :)

  • Thanks @Lars. No worries :)

  • MrRooniMrRooni

    Team Member

    @Tyler Duzan Wow, thank you for that breakdown.

    I'm not to going to answer in the affirmative on either question 1 or 2, given the incredibly sensitive nature of the situations in which you find yourself. However I may have a better workaround for you. You can seed your burner phone with a collection of items you export from 1Password for Mac. At the end of the process there will be no information that this data came from somewhere else with the exception of the import file left in 1Password's Inbox storage on your device.

    1. Open and unlock 1Password for Mac.
    2. Select some items from your vault.
    3. Click on File > Export > Selected Items…
    4. Enter your Master Password.
    5. Choose a location to save the exported 1PIF folder.
    6. AirDrop that entire folder to your burner phone.
    7. On the burner phone choose to open it with 1Password when prompted.
    8. You will then be walked through the process of creating a standalone vault (with whatever password you choose) and it will import the data for you there.

    As I mentioned above the 1PIF folder will be left on your iPhone, but other than that there won't be a record of where these items came from. You can even inspect the 1PIF before bringing it to your burner phone to ensure nothing will be brought in that you don't want there.

  • @Poolart: New local vaults cannot be created in any version since 7.3.3. This means that sharing the app in the family (Family Sharing) has also become useless for old (pro) users who paid for the app. Family members can of cause get the app but are not able to create a new local fault. My wife for example bought the app long time ago but she failed to set it up. But since she's installed all the updates from the app store she will never be able again to use the app without paying again either for an abo (a desktop version would imply buying a mac or computer).

  • BenBen AWS Team

    Team Member

    Hi @spuch

    Family Sharing has never applied to in-app purchases such as the 1Password Pro features:

    What types of content can I share with my family using purchase sharing? - Apple Support

    Ben

  • PoolartPoolart Junior Member

    @MrRooni
    Its wrong! 1Password for IOS was never complete free! I paid for it and the Pro-Functions are an In-App-Purchase
    Why not place it in there as Extra Purchase for Users who need to create local vaults. Or give it for free to the Users who have the Pro-Version? For Pro-Users that were a adequate solution. Only my two cents

    @spuch
    Thats absolute an argument

  • MrRooniMrRooni

    Team Member

    @Poolart You're right that we've painted with a broad brush here by removing the option to create a standalone vault for all users (including previous purchasers of the Pro Features). I can see that being a good place to distinguish between having this feature available or not.

    Let me think on it a bit, but you do make some good points.

  • @Ben Maybe my wording wasn't 100% correct. Users who paid once for the app got the pro features when the iOS app became free. That's why I called it pro version.
    In fact family sharing became useless when the app became free (from the paid version), because creating a new local vault was never a pro feature, it was a normal, default feature.
    But now, with the removal of the feature creating local vaults, (my) family users can neither use the free version from the app store nor an old paid app version without abo, because they are not able to create a new local fault. And I assume there are more long-time users than I'm.

  • BenBen AWS Team

    Team Member

    @spuch

    I think the primary concern with such setups is: what happens when such a customer loses / breaks their device, or it is stolen? If they aren't syncing their data or backing it up to a computer there is a high potential for data loss.

    Ben

  • @Ben I can fully understand your point of potential for data loss and it is honest that you care about the users, but I think it is up to the user to decide if he/she want to take that risk. It's not a good idea to tell the user thy MUST do sth. I think there are enough responsible users...
    Anyway, by doing a backup using iTunes or iCloud it is possible to restore data to a new device if the old was lost / broken, unless the app in version 7.3.3 prevents data from being stored in such a backup? Did you remove that feature as well?

  • @MrRooni:

    Thanks for the reply. That sounds like a workaround that is much more likely to meet my needs. Does the 1PIF file need to remain on the iPhone afterwards or can I delete it via iTunes once I've loaded it in the mobile app? My understanding is 1PIF is unencrypted export.

  • One question about your motivation, you said that some places on the internet (and I’m paraphrasing here) claims 1Password one mobile devices is free, and because of that you felt the best response was to remove a feature while keeping the app free to download?

  • MrRooniMrRooni

    Team Member

    @Tyler Duzan That is correct. You can delete the file once done with it.

  • My1My1

    oh this is some juicy stuff. but well sarcasm aside I think this is kinda done very badly in so many ways. while I can understand removing the free usage for iOS as the last standing platform, there are many problems on this:

    1) doing such a thing in a point release (7.3.3), sure semantic versioning is more for APIs but it generally isnt a bad idea to at least think about it when doing such changes.
    2) doing so without a changelog, and then even because you assumed it would go unnoticed. do you keep statistics about such things?
    3) also affecting Pro versions, this is where we go into the REALLY "fun" territory. This gets double fun when according to german Tech-News Site Heise, "in 7.3.3 any mention of the previously sold Pro version has vanished", which is a BIG RED FLAG if you ask me. while apparently stuff still works in it even without account or desktop license, hiding the pro thing completely sounds like the start of something BAD.

    customer trust is a hard thing to build but rather easy to lose and this is now the third time I have seen the cracks starting to form.
    1) 2016 when accounts and subscriptions started, doubts where coming and you guys shut them with the note that you guys wont eliminate perma licenses or sync methods
    2) 2017 when perma licenses were "no longer being marketed" but 1pw version 6 on windows got subscription only
    3) this right now, especially in combination with 1. while "staying local" technically isnt a sync method, it certainly is a mode of usage for the vault.

    but while I love ranting I at least have to admit it is less ugly than it could have become.
    1) dropbox, icloud and WLAN sync is intact (last one apparently only on mac/iOS, lol)
    2) you haven't completely taken users' control over their vaults
    3) there are workarounds for the local thing.

  • @MrRooni seriously i am not sure if you guys are dumb or if you think your customers are dumb:
    1. if you dont want your app to be known as the best free password manager, you remove a feature but keep the app as free download in app store? what kind of logic is behind this?
    Simply put a price tag on your iOS app by in-app purchase, many people would gladly pay it. As did i, when i bought the pro vrsion.
    2. you claim to care about your customers, yet all you do here is evading the real reasons behind your move: force people to you subscription. i think a lot of customers would not feel as offended by you as they do now, if you would at least admit that. but claiming to care about people who lose their unsynced phone and the inherent loss of data: just make the option to sync a choice! then no one would complain either. but removing an essential feature and then claiming you do it in order to protect peoples passwords so they are in the cloud is quite ridiculous.

  • My1My1

    @exitstrategy
    1) you do remember that the app can and is supposed to be used in combination with a subscription on their site, isnt it? you cant just start forcing people to pay for something they ARE ALREADY PAYING FOR.
    sure free as an app price tag sux but the app stores probably dont give you a way of saying "free to download but not free to actually use"
    2) as you can sync with a perma license on desktop or use dropbox/icloud it isn't THAT much "forcing" into the subscription, but I can see your point.

  • edited July 12

    @My1
    1. i even remember when the app was useable as a standalone version, do you remember? and i remember when the app had a PRO in-app purchase (16 euro i think) and was also still useable as standalone. now thats is not possible anymore.
    so contrary to what you say there are people you can force to pay for something they already paid for.
    besides, as i mentioned already: i would not even mind to pay a subscription for an app or a service. but not for one which takes away freedom of choice. Why do they need to take out a feature if people need to subscribe to use the app after 30 days anyway?

    1. i have a perma license on PC. Yet with 1PW7 on PC i can only use sync via cloud (icloud, dropbox etc) which i can not / dont want to use

    for me it is not about not paying for something i use on a regular basis. it is about choice they take away, in a secretive manner. Same as when WLAN sync from 1PW7 Windows was suddenly gone.

    What happens next? Removal of 3rd party cloud services so you are stuck with 1password.com only? and then they suddenly need to increase prices as hosting gets more and more expensive?
    all this will happen, without any announcement of course.
    you get the picture?
    but nevermind, we are only talking about the company you trusted your most sensitive password data with...
    so nothing to worry :) (sarcasm off)

  • I too am super upset by this. I used to think of you guys as honest. Like MacPaw, the OmniGroup, or CulturedCode. Reality is, you guys are far from it.

    I’m switching me and my family to a different password manager as soon as my subscription expires.

  • brentybrenty

    Team Member

    @haaf, @exitstrategy, @tom_tom: I apologize if I've missed other comments that clarified this already, or if I've misunderstood what you're talking about...but it sounds like you're saying that 1Password for iOS used to support Files integration and that we removed that feature. That isn't the case. 1Password for iOS has never integrated with the Files app or otherwise had a way to write data to an arbitrary location. It's something that's been requested, but there is not currently a way for iOS apps to write directly to the filesystem (like we do for Folder Sync on other platforms); and unlike other apps that integrate with Files, 1Password's data is encrypted and not something that we can simply "plug in" to that to make its data available, nor would we want to unless we can maintain the same fundamental security model we all expect from 1Password: your data is encrypted using your Master Password, and therefore can only be decrypted with it. Vending data to Files would require it being decrypted first, or it would be useless. There are five ways 1Password for iOS can make data available outside of its sandbox*: syncing with iCloud, syncing with Dropbox, syncing with WLAN Server, saving a backup archive using iTunes on a computer, and syncing with a 1Password account. none of that has changed recently, and the only change we've made to that list ever was that we added support for 1Password accounts a few years ago. I hope that helps clear up any confusion about the status of 1Password for iOS with regard to Files and iTunes.

    *If you're having difficulty with one of those, follow the appropriate link above for troubleshooting information, and then start a new forum discussion or shoot us an email at [email protected] so we can help.

  • brentybrenty

    Team Member

    I can fully understand your point of potential for data loss and it is honest that you care about the users, but I think it is up to the user to decide if he/she want to take that risk. It's not a good idea to tell the user thy MUST do sth. I think there are enough responsible users...

    @spuch: You're not wrong. But from years of helping people in that situation, I can tell you that it's not as black and white as you're portraying it: "responsible" users who know to backup and do so regularly versus "irresponsible" (not something you said directly, but there really isn't any point in dancing around it) users who either do not know the importance of backing up or simply don't do it. Everyone makes mistakes, and has different levels of technical expertise/awareness. I don't think it's fair to characterize people as being in one group or another, and that's based on me thinking of actual people I've interacted with.

    Nobody thinks it will happen to them, even if they think about it in the first place, but to many it simply doesn't occur that they could lose data because it has never happened to them before. I can't stress that enough. So while I agree with your whole free will/personal responsibility argument in principle, in practice, we're the ones who are going to be on the receiving end of confused/frustrated/angry messages when -- not if -- 1Password users lose their only device with their data. You can make that call for yourself -- using 1Password only on a single device -- if you want, but we're not going to help millions of other people who haven't made the same informed decision with the benefit of the same experience/expertise make what for the vast majority of people would be a mistake effectively set a self-destruct for their data which may or may not go off in the future.

    Anyway, by doing a backup using iTunes or iCloud it is possible to restore data to a new device if the old was lost / broken, unless the app in version 7.3.3 prevents data from being stored in such a backup? Did you remove that feature as well?

    As always, you'd need to have backed up your data preemptively using a computer, and have that handy to restore from for that to be an option.

  • brentybrenty

    Team Member

    One question about your motivation, you said that some places on the internet (and I’m paraphrasing here) claims 1Password one mobile devices is free, and because of that you felt the best response was to remove a feature while keeping the app free to download?

    @Niklas: As Rooni said above,

    Prior to this change 1Password would frequently appear on the list of the “best free password managers” and while that’s flattering, it’s not where we want to be. 1Password is a paid product, and prior to today 1Password for iOS was the only 1Password app on any platform that could be used entirely for free.

    But I get where you're coming from. The problem is that someone coming to 1Password seeing it listed as a "free password manager" gives them the impression that there is no cost whatsoever. We get messages like that all the time from people whose expectations were set at "free". So, for example, they'd try 1Password for iOS, be happy with that, and then be totally miffed when they install the desktop app on their computer and they're asked to pay for it. That's what we're trying to avoid, by having it be clear from the start that 1Password is a paid product. The mobile app can be freely used _as a companion to the (paid) desktop app. I hope that helps clear that point up. You're right to ask for clarity. :)

  • brentybrenty

    Team Member
    edited July 13

    if you dont want your app to be known as the best free password manager, you remove a feature but keep the app as free download in app store? what kind of logic is behind this?

    @exitstrategy: Rooni explained this above, and I tried to offer some clarification as well. But to answer your specific question, 1Password for iOS, like many (most) iOS apps, became a free download originally because there is no "trial" option available in the App Store. If there had been, we'd probably have used that to make it 10$ or whatever since the user could test drive it. But that's never been the case. And now, in addition to that, with 1Password memberships, I can't see any logic in us making people who are already paying a subscription pay again if they want to use 1Password on one or more iOS devices. So it's a free download with options to sign up for a new (paid) membership, sign into an existing (paid) membership, or sync an existing vault from the (paid) app on another device. Hope that helps. :)

    you claim to care about your customers, yet all you do here is evading the real reasons behind your move: force people to you subscription. i think a lot of customers would not feel as offended by you as they do now, if you would at least admit that. but claiming to care about people who lose their unsynced phone and the inherent loss of data: just make the option to sync a choice! then no one would complain either. but removing an essential feature and then claiming you do it in order to protect peoples passwords so they are in the cloud is quite ridiculous.

    Nope. Were that the case, you would not be able to use the app without a membership at all. All of those options would have been removed. Also, I've personally helped hundreds of people with data recovery -- many who had been using the app for free --- and I hope you'll think long and hard about your baseless comments suggesting that I and my colleagues here do not care. It's a heck of a thing to judge people like that without knowing them at all. I'm not going to take offense to that because there is a long list of people I've helped who were kind and grateful -- again, some who never paid us a dime -- and I think they're in a better position to judge. That's what makes all of this worthwhile. Take care. :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file