Request to move my 1password.com account to 1password.eu

2»

Comments

  • We would like to add a more comprehensive (i.e. not platform-dependent) export option in the future, but that has nothing to do with the topic of this discussion.

    Currently copying/moving breaks all links between items.

    If exporting/importing would retain them I would love this functionality exactly for the topic of this discussion.

  • ag_anaag_ana

    Team Member

    Thank you for sharing this use case @XIII! I can see how that could be useful to you :+1:

  • I'd like to weigh in on this, I noticed when migrating from a Dropbox vault to a Family account that it offered to automatically move everything and it kept the references so it seems the code to do this already exists.

    I noticed though that I had signed up on the .com and wanted to migrate to .eu, which led me to this post.

    So I then tried to do what you suggested, and as XIII noted, it will not keep links when selecting all and moving them. It will helpfully inform you about that fact though.

    Under Advanced on iOS there is also the "Migrate Data to Your Account". But I am not able to make it sync to my EU account, even if I have added the standalone Dropbox vault back.

    So it seems, that if the "Migrate Data to Your Account" would be made slightly more flexible it would allow migration between 1password.com and 1password.eu .

  • BenBen AWS Team

    Team Member

    Hi @Gabriel_

    I noticed when migrating from a Dropbox vault to a Family account that it offered to automatically move everything and it kept the references so it seems the code to do this already exists.

    Migrating attachments on items in a standalone Dropbox vault to linked Documents in a 1Password membership account is not the same as moving said Documents between accounts. The code for that would be different.

    So it seems, that if the "Migrate Data to Your Account" would be made slightly more flexible it would allow migration between 1password.com and 1password.eu .

    Making this process easier / less manual is definitely on the "nice to have" list. We'd like to do it. We have started to make some progress toward smoother interaction between the various 1Password regions, while maintaining a "no direct contact" principal. It is possible that in the future some of the foundation we're building there will make it easier to perform such migrations. No promises, but fingers crossed. :)

    Ben

  • rickfillionrickfillion Junior Member

    Team Member

    Currently copying/moving breaks all links between items.

    This drives me bananas myself. We really need to fix that.

    Rick

  • Has this issue been addressed by now? Will need to migrate to the EU site soon because of GDPR and have quite a lot of linked documents in several vaults that I don't really fancy relinking manually one by one.

    Michael

  • BenBen AWS Team

    Team Member

    Hi @MIB

    Moving items between vaults does not preserve links; sorry. :(

    Ben

  • Why is it that hard to enable your customers to somewhat easily comply with an actual law requirement? It's not that I'm doing this because of too much spare time. This is especially frustrating for long time customers like myself who have accumulated quite a bit of data in your service.
    Could you at least make a tool that exports everything into a classic vault (where the documents become directly attached to the entries again) which you could then re-import to the new cloud realm (where the documents will automatically get separated again)? I mean, at least half of that code is already in place, isn't it?
    The thing is, if I need to manually correct so many entries anyway, I may also switch to a different service all together. Same amount of work.... Not really a good sales pitch if you ask me.

    Michael

  • ag_anaag_ana

    Team Member

    @MIB:

    Thank you for the feedback! I think we just have to find the time to work on item linking, it's going to be the best solution in the long term. Sorry for any inconvenience it might cause you right now.

    The thing is, if I need to manually correct so many entries anyway, I may also switch to a different service all together. Same amount of work.... Not really a good sales pitch if you ask me.

    I certainly understand. However, if you have to go through all of this effort either way, I hope you will consider staying with 1Password if you are happy with everything else it offers. At least after the migration you would find yourself using the tool you already know and like.

  • Hi,

    I recently discover that a "1password.eu" exists — and it seems it already existed when I signed up for a 1password.com account... There's definitely something to do in your subscription process to better highlight the 3 different instances to your users. It might also help avoid those kind of discussions in the first place.

    Anyway, being today a 1password.com user living in Europe, I'd like to move my data to 1password.eu. However, reading through first your assistance page, and then this discussion, it seems to be quite a cumbersome thing to do (to say the least). Like others here, I have 500+ items in my vault (+ Family members with their own items), and a lot of documents and linked items built over the years...
    There's no way I will move that and recreate all of them manually! I agree with MIB above, such a process is almost the same as switching to another password-manager tool entirely... Combined that with the lack of "advertising" for the 1password.eu instance, I'm wondering how the use/business case for such an instance was created initially ;)

    The migration process should be WAY easier. How come that almost 2 years after the first post, absolutely nothing at all has moved? :(

  • BenBen AWS Team

    Team Member

    Hi @ant_richard

    I don't have further to report here at the moment. What you've already read is still the latest information. If you're set on moving to 1Password.eu it is a fairly manual process. I'm not sure what the advantage of that might be for you, unless you have an ISP that has fast connections to our Amazon EU region, but slow connections to our Amazon US East region. Even then, the real world differences that you would see are likely to be minimal.

    I'm sorry I don't have more encouraging news but due to the siloed nature of the instances this is unlikely to change in the foreseeable future.

    Ben

  • dancodanco Senior Member Community Moderator

    I'm not sure what the advantage of that might be for you, unless you have an ISP that has fast connections to our Amazon EU region, but slow connections to our Amazon US East region.

    Isn't one advantage being subject to EU laws rather than US ones.

    And I moved to.eu from .com because I am in the UK and wanted to show my support (not that anyone would notice) for EU membership.

  • ag_anaag_ana

    Team Member

    @danco:

    1Password services comply with GDPR requirements however:

    AgileBits GDPR Statement

  • As I understand it, as an EU citizen, my data would be quite a bit more strongly protected from being accessed without my consent by law enforcement, at the border, or through spurious lawsuits, etc. – at least, in the EU, I can contest such things to the extent possible. Doing so as a foreigner in the US, good luck with that.

    Claiming that data locality doesn't matter, without further explanation why it matters a lot for many other apps and services, but not for 1Password, in this day and age, comes across a bit tone-deaf, especially since 1Password vaults may contain all sorts of sensitive information in practice; mine sure do. Given how even Apple struggled to not unlock an iPhone a while ago, I doubt AgileBits is in a position to refuse if it ever came to that. And maybe you actually cannot help with decryption, currently, but with the current US government's openly xenophobic tendencies, who knows what is to come?

    It's disappointing that this EU instance isn't communicated much more clearly during account creation; if it's there, I never noticed it, and that was only a couple of weeks ago I think. For a security-minded app, data locality should be a very important concern these days, and ever-increasingly so, with Privacy Shield having bombed recently and current practices for trans-atlantic data sharing being under fire from other directions as well.

    This thread was my #2 Google result underneath the how-to with that ridiculously manual process, and my impression so far is that AgileBits doesn't really care about that sort of thing; is it the same way with other concerns that don't affect US and EU customers equally? This really doesn't do much to instill confidence.

    Having to go through that ridiculously manual process for several accounts with lots of documents again, after onboarding a few weeks ago, that's very frustrating. I still have no definite idea if I'll have to pay doubly for a while; it's kinda hard to imagine a worse user experience for trying to get an additional layer of security for my data. I get that it can't be seamless, but no bulk export/import for documents?

  • DanielPDanielP

    Team Member

    @1flx:

    As a member of the 1Password security team, I thought I could elaborate on this. And it's great that you are thinking about these things. No matter the opinion on the efficacy of GDPR overall, I think it's important that it brought awareness, so I am always happy to see folks thinking about it.

    But I should probably start with a disclaimer: I don't have a law degree and I am not a lawyer. My knowledge of GDPR goes as far as needed to allow me to apply it to my security work. In-depth questions about the directive, especially from a law perspective, will certainly be better explained by a lawyer.

    Having said this:

    As I understand it, as an EU citizen, my data would be quite a bit more strongly protected from being accessed without my consent by law enforcement, at the border, or through spurious lawsuits, etc. – at least, in the EU, I can contest such things to the extent possible.

    I hate to be bearer of bad news here, but there are exceptions to where GDPR can be applied. Law enforcement is one of them. And as far as your data security at the border, you should not rely on policies to protect you in that case: when a copy of your data is on your local device, it won't really matter what your data jurisdiction is, if a border official can just access it on your device directly, good luck claiming GDPR protection afterwards (this is why we created Travel Mode, by the way).

    Claiming that data locality doesn't matter, without further explanation why it matters a lot for many other apps and services, but not for 1Password, in this day and age, comes across a bit tone-deaf, especially since 1Password vaults may contain all sorts of sensitive information in practice; mine sure do.

    Well, not knowing what other apps and services you are thinking about, I could only guess, but I suppose it's because they have data to give away if asked. 1Password on the other hand is based on encryption, and mathematics works the same everywhere. It doesn't matter where your data is stored if it's encrypted, and all we could give away was your encrypted blob (which, as a reminder, is useless to everyone but you, who have the keys).

    Given how even Apple struggled to not unlock an iPhone a while ago, I doubt AgileBits is in a position to refuse if it ever came to that.

    This is simple: we just don't have your encryption keys. Period. So there is nothing for us to give away, even if we were compelled to. Indeed, this is one of our fundamental security architecture decisions: the best way not to expose something is not to have it in the first place.

    This thread was my #2 Google result underneath the how-to with that ridiculously manual process, and my impression so far is that AgileBits doesn't really care about that sort of thing; is it the same way with other concerns that don't affect US and EU customers equally? This really doesn't do much to instill confidence.

    When GDPR became a thing, we had two options: comply to the directive in our EU servers, and continue with business as usual in the other environments, or make every environment GDPR compliant. We chose to increase the compliance of every environment instead, and I believe that was the right choice. This is another reason why data jurisdiction is not as important a factor in 1Password as it might be with other services.

    Having to go through that ridiculously manual process for several accounts with lots of documents again, after onboarding a few weeks ago, that's very frustrating. I still have no definite idea if I'll have to pay doubly for a while; it's kinda hard to imagine a worse user experience for trying to get an additional layer of security for my data. I get that it can't be seamless, but no bulk export/import for documents?

    I certainly agree about the document handling part, that grinds my gears as well. But reading through the lines here (and correct me if I am wrong), it sounds like this is what really frustrates you: it's not the data location per se, as much as the fact that it's currently painful to move from one environment to the other when you have several documents. I cannot but agree with you on this.

    ===
    Daniel
    1Password Security Team

  • it's not the data location per se, as much as the fact that it's currently painful to move from one environment to the other when you have several documents. I cannot but agree with you on this.

    What efforts is Agilebits putting in implementing a working export feature? What I want to see:
    1) 1Password.com -> export to some encrypted 1password dataformat.
    2) 1Password.eu -> import encrypted 1password dataformat.
    3) Done.

    Is that wishful thinking? As a computer scientist with experience in databases, I'd tend to think not.

  • BenBen AWS Team

    Team Member

    @msxtj

    No argument that would be great to have but I don't know of any work currently happening on such a thing and as such wouldn't anticipate it being something we're able to offer in the near term.

    Ben

  • hmm, .. interesting.

    I don't need such feature as I started with the EU instance (but more coincidentally, I wanted to see prices in € not in $, advertising for that is pretty bad).

    But what puzzles me is the fact that a company offering secure services in US, CA and EU strictly refuses to offer a (secure) import/export feature, which could be simply implemented with a e.g. encrypted database dump, which preserves everything.

    So technically it is not a problem ... but still it leaves me a bit speech-less, that Agilebits simply doesn't want to ...

    just my 2p, no offense ..

  • BenBen AWS Team

    Team Member

    None taken. I don't think we refuse to do so... it is just a matter of other priorities. I realize that isn't an entirely satisfying answer either, and everyone has different opinions about what our priorities should be, but that's the state of it.

    Ben

  • Thank you for your reply, Daniel!

    Of course I find it frustrating that moving my data to the EU is such a hassle. That's a let-down on the UX side, in what otherwise is an absolutely stellar product, as far as UX goes. It's also not ideal that my data isn't as portable as I'd have expected, what with the lack of a true "export everything I have as a blob in a documented format" functionality.

    This is simple: we just don't have your encryption keys. Period.

    I have to believe you as far as that's concerned, and pretty much blindly trust you on that, no way I can be sure; as far as security goes, this kind of trust isn't worth very much. Plus, such things can change; is it unthinkable, in the current political climate, that you may at some point be required to store encryption keys, at least for non-US customers? I don't think so, honestly, so I'd prefer US entities getting at my data, encrypted or not, to be as difficult as feasible. Even in the worst case, will that ever affect me directly? Most likely not. But that may be different for others. People stick with secrets managers for a while (especially if moving is such a hassle), so such decisions may have consequences years later.

    I hate to be bearer of bad news here, but there are exceptions to where GDPR can be applied. Law enforcement is one of them.

    EU countries have their own law enforcement agencies that are fully independent of US law enforcement. There is no provision in GDPR I know of that allows foreign, non-EU law enforcement to access my private data at will. Of course GDPR does not shield me from domestic law enforcement, or them passing on data to US counterparts, but I'm considerably better protected in such cases as a citizen here than as an alien in the US that isn't even present. Such things can be contested where I live, and such cases can be won. Will I ever be subject to that sort of thing? Unlikely. But others may.

    And as far as your data security at the border, you should not rely on policies to protect you in that case

    I don't have to make policies my sole line of defense to appreciate the added layer of protection. Data not stored in the US is harder to access without my consent. Not a pressing issue for me personally, but apparently it is for others, else you'd not offer that Travel Mode of yours.

    We chose to increase the compliance of every environment instead, and I believe that was the right choice.

    And that's the way to go, and a commendable decision, but (somewhat simplified) as long as you take my business and process my personal data, you have to be GDPR compliant wherever you do this. As far as I understand it, it's much not entirely clear if you'd be able to uphold that against US authorities if it came to that; after all, any data you store on US soil is under US jurisdiction.

    But all of this is beside the point. You have the ability to offer data locality in the EU to your EU customers, why is this not the default? Why don't I have to opt out of the EU instance if I'm located in the EU? As a security app, any additional layer of security and protection, especially legal protection that comes without additional inconvenience or any other drawbacks (that I can think of) – that should be on by default.

    Fine if that's something you're planning to do, but haven't got there yet; but here we are, discussing whether data locality makes any difference at all; this is a strange argument to have, in this day and age, and again, this doesn't instill confidence. Of course it makes a difference, and while it's probably not a very substantial difference for most currently, it's a layer of protection that may become more important in the coming years, seeing as US-EU relations are changing and all. Seems a bit strange to argue that's a useless thing to have in a secrets manager.

  • DanielPDanielP

    Team Member
    edited July 29

    @1flx:

    It's also not ideal that my data isn't as portable as I'd have expected, what with the lack of a true "export everything I have as a blob in a documented format" functionality.

    It should be noted that if you have the 1Password for Mac desktop app, you can already do this. Perhaps you are not a Mac user, but it was worth pointing out.

    I have to believe you as far as that's concerned, and pretty much blindly trust you on that, no way I can be sure; as far as security goes, this kind of trust isn't worth very much.

    You should not trust me on this: you should trust the external pentesters and security assessments, not to mention all the security researchers who study 1Password every day on our bug bounty program.

    I also encourage you to read our security white paper, so you can draw your own informed conclusions without trusting anyone to do that for you.

    Plus, such things can change; is it unthinkable, in the current political climate, that you may at some point be required to store encryption keys, at least for non-US customers?

    After reading the security white paper this part will be clearer, but it's not a matter of having a choice to store encryption keys or not. Currently, we don't receive the encryption keys at all: the architecture has been built so that we are as far removed as possible from this. Everything happens locally, on purpose.

    But there is really just so much we can do. At the end of the day, this really comes down to trust: if you don't trust us to do the right thing, that's the end of the discussion. If, as you say, our current decisions and explanations still "don't instill confidence" in you, it would be very difficult to make you change your mind, that's a decision that ultimately only you can make.

    But all of this is beside the point. You have the ability to offer data locality in the EU to your EU customers, why is this not the default? Why don't I have to opt out of the EU instance if I'm located in the EU? As a security app, any additional layer of security and protection, especially legal protection that comes without additional inconvenience or any other drawbacks (that I can think of) – that should be on by default.

    This would mean tracking your location even before you become a user though. Currently, we are only able to know where you are based if you decide to subscribe, the moment you add a credit card to your account (for VAT purposes). We collect as little data as possible about our users on purpose, and tracking your location before someone decides to become a paying customer is probably not a tradeoff I am willing to make. It would certainly help with folks in your situation, but I believe our current design is the right privacy decision.

    Ultimately, I understand that data jurisdiction is very important for you, and I respect that. However, I am not sure at this point that I understand your point anymore: if we did not have EU servers, I would understand your complaint, but we do have EU servers, and you have the option to create your account there if you wish. If you create an account on 1Password.com, you also have the option to move your data away from it. The procedure is currently certainly lacking if you need to transfer documents as well, and again I agree with you on that, but it's not like there is no solution: just move your data, reupload existing documents if necessary (ugly, I know), and you are done.

    In light of this (and I might of course be wrong): is it possible that the real reason is actually a deeper one, and that you actually do not trust us to make sound security decisions? That can certainly happen, and it's a stance that must be respected like any other, but it's also the only scenario where I think that nothing I say would help change someone's mind.

    Of course it makes a difference, and while it's probably not a very substantial difference for most currently, it's a layer of protection that may become more important in the coming years, seeing as US-EU relations are changing and all. Seems a bit strange to argue that's a useless thing to have in a secrets manager.

    Let's put this another way: the 1Password security model is not based on GDPR. Our core security principles existed even before GDPR became a thing. GDPR does not change that.

    For what it's worth, I am a EU citizen, and I store my data on 1Password.com. I don't know, perhaps at the end of the day I am such a hardcore computer scientist at heart that my trust in crypto and maths is much stronger than my trust in any sort of lawmaking and policymaking. Maybe this makes me cynical, but maybe this is also why I ended up working in security after all ;)

    ===
    Daniel
    1Password Security Team

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file