Rated 2 out of 5 stars

"Our privacy policy states that we won't do this and we're not going to break the law."

You can't realy believe that someone be so gullible.

There is no proof, that you telling truth. Nobody knows how the sensitive Data be encrypted and stored. Maybe you are serious, but only your promise about the security is very little. Only open Source shows how it realy works and how safe you system is. Your idea is good, very good, and the comfort is impressive, but People are bad. Why should I precisely trust you?

I am looked for some informations about LastPass but there are no independent tests about the security. All reportings tell the same:

Only LastPass say: The passwords are stored on the local computer after the procedure with AES 256-bit encrypted. And only in this form they will be send to the lastpass server.
But which user knows so well about cryptography? Encrypt the software realy the passwords? Shure? Absolutly shure? Who knows...only you. Open Source - everyone can test it.

This review is for a previous version of the add-on (1.45). 


Trusting the people behind LastPass is necessary if you want to use the service -- even if LastPass was 100% open source LastPass could release a different binary than the source we released publicly. There's _always_ trust involved -- an open source project could be a great cover for nefarious activity since people naively blindly trust open source projects. Almost no one compiles open source projects themselves, and even fewer fully audit the code.

You don't have to rely on our word alone, you can analyze the data that's sent back and forth -- you can login via the website which is by definition 'open source', you can verify that the same data is sent to the plugins, etc. We have nothing to hide, would benefit from the audit and will help you audit if that's your desire.

You can certainly look at the people behind the project on the website, the fact that they're putting their names, faces and reputations on the line with this project and come to your own conclusion.

You can treat the product with caution until we've earned your trust.

You can wait for another 3rd party to take a look at what we're doing since Mozilla isn't enough for you.

Ultimately though you can choose to trust us and use the service or choose not to and uninstall.

-Joe Siegrist