this post was submitted on 13 Jul 2025
78 points (96.4% liked)
Privacy
39870 readers
374 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There have been too many data breaches from cloud-based services to trust another one. I have a Proton account for email and online storage, but I won't use their password service because it's cloud based.
https://blog.lastpass.com/posts/notice-of-recent-security-incident
Lastpass leaked their password database in 2022, and bad actors are still using it to access peoples files, stealing passwords and hundreds of thousands of dollars in crypto.
DON'T trust anything important to cloud-based storage or services. Use Keepass. Use Syncthing if you need to keep the database on multiple devices.
(I see other comments using Dropbox. Dropbox = cloud. Don't store anything security related in the cloud.)
Isn't protonpass E2EE?
So was LastPass. But when they're source code leaked, turned out their encryption method was crappy. Just because something is encrypted doesn't mean that it's safe.
The key is that proton pass and bit warden and keypass are open source and have all passed independent security audits.
You can't talk about E2EE on a closed source client.
What is this fight club? /s
You could totally talk about E2EE if the client was SA/Electron. If the blob is just getting transferred and stored and the passphrase is never transferred, that's E2EE.
Come to think of it, if they throw in extra keys when you make your blob, it's still E2EE, even if they have a key for it. Perhaps we need to think differently about E2EE being then end all.
lol I'll just mute this convo
I know I can probably google this. But where are the passwords from Keepass stored? Or what makes it harder to hack?
I still use 1Password because the subscription is still running and I was planning to switch to Proton Pass once that is over. I know 1Password is harder to crack due to their 2nd master key password (or whatever they call it)
Keepass just uses a (local) file, but it expects and can handle if the file is modified externally. That's important because it means you can store it on a network share, or in some sort of synchronized storage, self hosted or not (next cloud, sync thing, Google drive, whatever). It's just up to you. If you have it open on your PC and you add an entry on your phone, your PC won't "overwrite" it, but integrates any changes you're making there at the same time.
For example the android client has direct support for a long list on storage services for this exact reason.
They are are stored encrypted on your computer if I'm not mistaken