Warning about PasswordBox.

Discussion in 'other software & services' started by Mayahana, Nov 28, 2014.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I have confirmed through PCAP and Sniffing that Password Box is sending data back and forth to MIXPANEL. Mixpanel is a data mining, profiling, and aggregate firm that has a questionable reputation according to some malware analysts.

    PasswordBox has finally directly addressed my concerns, saying they do indeed transfer data back and forth with Mixpanel, but that they have 'vetted' Mixpanel internally, and do not feel it's a problem. For me, my problem is a security software, a password database, sending data to a mining and profiling firm is extremely reckless. If you dig through Mixpanel you will find it does things like see how long Passwordbox customers are spending on websites, and see if they are checking out other password managers, and other things.

    https://mixpanel.com/segmentation/
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Thank you! Very useful info :thumb:
     
  3. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    62
    LOL. Rating on Google Chrome: 4.5 stars; 300000 users; dithyrambic comments.

    But that's not that surprising. You can't use free cloud stuff with nothing in return. I know exactly Google is tracking me in every possible way (DNS, google account, password synchronization for example), but at least I'm 1 in 1 billion (and a boring user blocking a lot of web stuff and not clicking ads), and they have security experts.
    I would never let a little inexperienced business company have access to my personal/private data.
     
  4. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Emsisoft detects Mixpanel as malicious, and I think Emsisoft is correct in this. In installed Emsisoft Anti-Malware on a test machine, turned privacy settings on, and adware detection on. It detected the Mixpanel activity from Passwordbox, and blocked it. At least one firm has it right so far.

    Password Box isn't free - by the way - it's a paid app.
     
  5. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Very useful info. Thanks. I am going to stick with LastPass (Premium).
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Wow nice find.. That kills the product for me. I need to migrate my son off of it, the last holdout using Passwordbox.

    I don't trust them after the Mixpanel issue I was the first person in the world - allegedly - to expose. Passwordbox got caught with their pants down with that, and kept deleting my posts, comments, and notes about it until I created more heat, finally admitting their product DOES have DATA MINING built into it. My guess they were data mining to boost up offers, and/or to make the product more attractive to buyers with statistics/data on the use of the product? Just a theory. But WideOpenWest Cable was implicated doing this. They were injecting user identifiable headers into every web page, and it was run by NebuAD, when caught they shut it down, but the damage was done. It's been reported this was done to boost themselves up for potential buyout. Class Actions have resulted from this.

    What gets me is why NOBODY is detecting Mixpanel as a privacy, spyware, or tracking risk other than Emsisoft? It's the only product I have found to accurately block Mixpanel, not even Admuncher, Adguard, or Adblock/uBlock detect Mixpanel. How has Mixpanel skirted the radar so effectively? I wouldn't have discovered it myself if I didn't incessantly sniff my network traffic.
     
Loading...