The Linux priorities I outlined are fundamentally different. It’s a demand that the maker of the software alter the core of their business model.
This is very different from asking for a native UI or to use a core OS API, etc.
Again, it’s fine to ask for a radical business change or require it but the frequency of this as a demand does help explain why few companies go down this path.
(As for 1Password abandoning one time sales for subscriptions, to me this is a separate issue. One, it’s not news or part of the linked article, two it’s not particularly related to the Linux release, three it affects all platforms. However if you did try and relate it to this discussion I think their current business model is actually much more compatible with going open source than the old one. I don’t think they will do this but the bundling of storage with software that came with the subscription model offers a more economically viable path for open sourcing because their revenue is less dependent on being the software provider. You could argue it would actually help their sales by providing a fallback ecosystem that shows customer there is no lock in and by making it possible to audit the crypto used to ensure their infra is zero knowledge. I think even among Linux users only a small fraction want to run their own password servers. I know I don’t. But I think they would judge the risk of enabling a low rent low quality low cost turnkey competitor too high and frankly I would agree with them. I think an open core model could work where they keep the UI chrome closed but this will not satisfy the critics.)
(Also I’m a longtime 1Password user myself. I was VERY bummed by the change to subscriptions but I don’t find it as dark as you do. The product I paid $60 or whatever for many years ago still works fine; old vaults continue to function so we were not really “left in the dust.” When I moved to a subscription it was because I needed new capabilities. Sharing passwords and other secrets with other people chief among them. This is IMO worth the subscription cost. My main concern is security; I do not like having to trust their closed source crypto to keep my stuff secure on their server. One party with sensitive data and crucial code is excessive risk. However I do not want to stand up my own server. That is even worse. And all the open source alternatives would require me to do this for sync support. Which is a bit odd considering 1pw used to offer peer to peer WiFi sync. I guess this is too hard for any of the open source projects to offer.)
You make a very fair point and raise a reasonable concern. We do participate in external security audits, and will be having Cure53 do an in-depth one of 1Password for Linux. https://support.1password.com/security-assessments/
This is very different from asking for a native UI or to use a core OS API, etc.
Again, it’s fine to ask for a radical business change or require it but the frequency of this as a demand does help explain why few companies go down this path.
(As for 1Password abandoning one time sales for subscriptions, to me this is a separate issue. One, it’s not news or part of the linked article, two it’s not particularly related to the Linux release, three it affects all platforms. However if you did try and relate it to this discussion I think their current business model is actually much more compatible with going open source than the old one. I don’t think they will do this but the bundling of storage with software that came with the subscription model offers a more economically viable path for open sourcing because their revenue is less dependent on being the software provider. You could argue it would actually help their sales by providing a fallback ecosystem that shows customer there is no lock in and by making it possible to audit the crypto used to ensure their infra is zero knowledge. I think even among Linux users only a small fraction want to run their own password servers. I know I don’t. But I think they would judge the risk of enabling a low rent low quality low cost turnkey competitor too high and frankly I would agree with them. I think an open core model could work where they keep the UI chrome closed but this will not satisfy the critics.)
(Also I’m a longtime 1Password user myself. I was VERY bummed by the change to subscriptions but I don’t find it as dark as you do. The product I paid $60 or whatever for many years ago still works fine; old vaults continue to function so we were not really “left in the dust.” When I moved to a subscription it was because I needed new capabilities. Sharing passwords and other secrets with other people chief among them. This is IMO worth the subscription cost. My main concern is security; I do not like having to trust their closed source crypto to keep my stuff secure on their server. One party with sensitive data and crucial code is excessive risk. However I do not want to stand up my own server. That is even worse. And all the open source alternatives would require me to do this for sync support. Which is a bit odd considering 1pw used to offer peer to peer WiFi sync. I guess this is too hard for any of the open source projects to offer.)