Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They do store your "vault" on their server. It's encrypted though using key that doesn't leave your computer. However I can easily imagine deliberate as well as innocent "mistakes" in browser plugins and other weak links in architecture that would expose the master key and hence your vault.


That can pretty much happen to any software provider you download software from.

You don't have the time to:

- audit the source code

- check every auto-update hash matches the main hash list "just in case" you get a special update just for you

If you turn off auto-update, you will eventually get hacked because of bitrot




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: