Thanks, but no thanks Rated 1 out of 5 stars
I was about to install this add-on, when I noticed the part about uploading all my MOST sensitive data to some unknown developer's site. Are you KIDDING ME??? What is WRONG with just storing and encrypting this stuff locally?? (Maybe in a file that I can carry around on USB key, if I absolutely must.) Why should I have to trust these guys? How strong is THEIR security? If (when) their server is hacked, what are they going to do - apologize to everyone? Forget it. There are other add-ons that do the same thing without this hideous security vulnerability.
PS: regarding the developer response. I can only speak for myself, and for me it still doesn't add up. Your 'host-proof hosting' thing sounds swell... but the fact remains that posting my passwords to you or any other unknown party requires that I trust you, your software, the security of the transmission and the security of your storage. No matter how brilliant your cryptography and bullet-proof your code, that's always going to be a non-zero risk... and an entirely needless one. So no thanks. Why not simply add an option to disable this wonderful uploading 'feature' of yours? If you don't, I can only wonder why not...
You read nothing and jumped to the wrong conclusion.
Sir or Madam,
You obviously read nothing available to you and jumped to the wrong conclusion because you had no facts and you're not familiar with Host Proof Hosting: http://en.wikipedia.org/wiki/Host-proof_hosting To answer your questions:
2. What's WRONG with storing it locally? It's not convenient, and we have a more convenient method that is safe. If you study it you'll recognize that we've built a better mouse trap.
3. Yes you should make a trust decision on us -- but you should use the tools we point out in our FAQ, and look into the the hundreds of times people have jumped to the wrong conclusion like you only to recant went they look into it -- see http://forums.lastpass.com/
4. Our security is very strong: https://lastpass.com/technology.php -- so strong that if our server was hacked we will be able to tell you that your data is still safe -- that you may want to consider changing your most critical accounts just for paranoia -- but as long as you have a strong master password it's the end of the universe before your data would be compromised.
Given all this, I urge you to actually look into how things work before jumping to judgment.