Re: Proposal for an Emacs User Survey

[Jean Louis]

* Thibaut Verron <thibaut.verron@gmail.com> [2020-10-17 07:50]:
> I gave my reasons above. It's not just about "helping users", it's
> about helping them move more of their activities to the free world.
> Those packages (helm-lastpass, lastpass) are helping users who already
> use lastpass at the moment do exactly that.
> 
> > Nonfree
> > software is an injustice -- nonfree software subjugates users.
> > Our goal is to _eradicate it_.
> 
> Again, the same question: by arranging for links to such software to
> be removed everywhere? Or by offering free alternatives?
> 
> Incidentally, I see a lot of effort so far discussing how evil
> helm-lastpass and lastpass are, and how to get them moved to obscure
> parts of the internet. What I don't see is efforts discussing free
> alternatives.

There are many password managers in any GNU/Linux system, including, I
am sure, and there are cross platform free software password managers
such as keepass, then there are packages that can manage passwords
with Emacs only, those may not be well integrated, then both KDE/Gnome
have their password managers, each browser has it password managers.

Especially when we are talking about subject of password management,
advising GNU Emacs users to keep their passwords online in a cloud,
managed by proprietary software is very wrong.

Thus there is no alternative to free software.

>From Wikipedia:
https://en.wikipedia.org/wiki/LastPass

https://en.wikipedia.org/wiki/LastPass#2011_security_incident
https://en.wikipedia.org/wiki/LastPass#2015_security_breach
https://en.wikipedia.org/wiki/LastPass#2016_security_incidents
https://en.wikipedia.org/wiki/LastPass#2017_security_incidents
https://en.wikipedia.org/wiki/LastPass#2019_security_incidents

Those are only publicly announced security incidents. How many there
are not announced?

In that sense, knowing the background of the insecurities at the
company producing proprietary software, the package lastpass for Emacs
and helm-lastpass is only helping that company subjugates users to
keep their passwords online and sooner or later abuse Emacs users.

My system of keeping passwords is the file .passwords which is stored
on encrypted partition. It is appendable only file by using chattr +a,
and Emacs asks me for host name, username, email, etc. and it
generates password which is appeneded to a file. Other simple function
is grepping and finding list of passwords. It would be disaster to
keep my 4362 passwords online, unsaid of keeping it in some cloud with a
company known for security incidents.

At MELPA bug tracking, or Github issue tracker, the issue is closed,
there was no question if the package "lastpass" is driving users to
insecurities, issue was simply closed, without possibility to publish
this exact information.