Hey LastPass, Do You Not Want Us To Use You?
It’s Like They’re Advertising For The Competition
If you have used Lastpass you are probably familiar with their recent decision to reduce the value of the service they provide you. Until the very recent past you were able to use your Lastpass account on both mobile devices as well as whatever type of computer you wanted. This has changed and you will have to pick one or the other, as your passwords will no longer sync between devices.
One obvious solution to this is to switch from the free version of the app to the paid for version. For $3/mo you can sync your passwords just like you used to, or $4/mo will get you a half dozen accounts you can install wherever you feel like it. Of course the majority of people will opt to switch to one of the competitions free offerings which still let you sync between devices, though it will be a bit of a pain to get your passwords moved over.
Before you do consider giving your hard earned cash over to Lastpass, you should take a look at the research conducted by Mike Kuketz. Thanks to work done by hacktivist group Exodus he discovered that there are seven different trackers embedded in the app. Four are not quite horrific, in that they are analytics and crash reporting services sent back to Google but three are less innocuous. sending quite a bit of data to AppsFlyer, MixPanel, and Segment. Thankfully they do not send actual passwords to those marketing companies, though the app does let them know when new passwords are created and what type they are.
You can apparently opt out of these trackers if you can find the option, and as LastPass is quick to point out they need to make money off of their free service somehow. The question many are asking though is why they should use LastPass when almost none of the competition do the same thing?
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. The software's maker says users can opt out if they want.