|
|
发表于 2021-3-2 18:05:11
|
显示全部楼层
本帖最后由 yuanyuexiaoni 于 2021-3-2 19:43 编辑
lastpass内置7个|跟|踪|器|,bitwarden 2个,1password 0个,dashlane 2个
之前看的新闻里说的数据,不知真假
新闻链接:https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/
至于Bitwarden用户:
Currently, according to an article on “The Register”, Bitwarden has two embedded trackers that send back data, “Google Firebase analytics” and “Microsoft Visual Studio crash reporting”. While the reason for these trackers may be benign, considering other apps in the category do not have these trackers, it does make you reconsider how safe the application is, especially after LastPass was caught with several trackers.
官方解释:
Q: What third-party services, libraries or identifiers are used?
A: In the Mobile apps, Firebase Cloud Messaging (often mistaken for a tracker) is used only for push notifications related to sync and performs absolutely no tracking functions. Microsoft Visual Studio App Center is used for crash reporting on a range of mobile devices. In the Web Vault, Stripe and PayPal scripts are used for payment processing only on payment pages.
For those who prefer to exclude all 3rd party communication, Firebase and HockeyApp are removed completely from the F-Droid build. Additionally, Turning off push notifications on a self-hosted Bitwarden server will disable using the push relay server.
Bitwarden takes user security and privacy seriously. Bitwarden maintains secure, end-to-end encryption with zero knowledge of your encryption key. As a company focused on open source, we invite anyone to review our library implementations at any time on GitHub.
Security FAQs | Bitwarden Help & Support 3
翻译:
目前,根据“ The Register”上的一篇文章,Bitwarden有两个嵌入式的|跟|踪|器|可以发送回数据,即“ Google Firebase分析”和“ Microsoft Visual Studio崩溃报告”。尽管使用这些|跟|踪|器|的原因可能是良性的,但考虑到该类别中的其他应用程序都没有这些|跟|踪|器|,这确实使您可以重新考虑应用程序的安全性,尤其是在LastPass被多个|跟|踪|器|捕获之后。
Bitwarden官方回答
问:使用哪些第三方服务,库或标识符? 答:在移动应用程序中,Firebase Cloud Messaging(通常被误认为是|跟|踪|器|)仅用于与同步相关的推送通知,并且完全不执行跟踪功能。 Microsoft Visual Studio App Center用于在一系列移动设备上进行崩溃报告。在Web Vault中,Stripe和PayPal脚本仅用于付款页面上的付款处理。 对于那些希望排除所有第三方通信的用户,Firebase和HockeyApp已从F-Droid版本中完全删除。此外,在自托管的Bitwarden服务器上关闭推送通知将禁用使用推送中继服务器。 Bitwarden认真对待用户的安全和隐私。 Bitwarden使用零加密密钥知识来维护安全的端到端加密。作为一家专注于开源的公司,我们邀请任何人随时在GitHub上查看我们的库实现。
来源;
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/
https://community.bitwarden.com/t/remove-embedded-trackers-from-bitwarden/18925
具体分析连接
https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/
https://reports.exodus-privacy.eu.org/en/reports/com.lastpass.lpandroid/latest/
注意Lastpass里面的那个Segment & AppsFlyer Tracker |
|
[复制链接]
楼主