chilinux

It is odd with how loud LTT was regarding Anker/Eufy that they would then move on to Keeper as a sponsor.  The two companies now both have a past track record of company behavior that seem extremely similar.
 
Even while Keeper's lawyers was trying to keep Ars Technica's Dan Goodin from ever reporting on Keeper security issues ever again, another security journalist Zack Whittaker @zackwhittaker was bold enough to continue reporting.  The types of things he found was:
 
* A motion to dismiss the lawsuit because it violated California's law again Strategic Lawsuit Against Public Participation (SLAPP):
https://www.documentcloud.org/documents/4417587-Keeper-v-Goodin-reply-for-motion-to-dismiss

* Keeper left their AWS S3 bucket *FULLY* open to the public to read and *write* to:
https://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
 
* Keeper overstated their claims of providing "zero-trust":
https://www.threatshub.org/blog/a-bug-in-keeper-password-manager-leads-to-sparring-over-zero-knowledge-claim/
 
Each of these seem like that last things you would want to be the behavior of a company you are entrust your *passwords* for storage!!
 
The responses to these on Keeper's blog has been to downplay/spin the same way Anker/Eufy did about so-called end to end encryption.

It seems either LTT isn't fully vetting the history of behavior of companies that sponsor them or there might be some "hope" that given enough time LTT will just quietly accept Anker/Eufy back.  Is LTT available to help in whitewashing past behavior for sponsors?
 
Once you become aware a "security" company will use lawyers to try to silence security researchers and journalist, it becomes less clear if lack of recent reports really means the product is free of known vulnerabilities or if the company lawyers just has gotten better at keeping silent the discussion.
 
At no point does it seem like Keeper "Security" will ever be open to the same level of open review and discussion that bitwarden password manager does (which is open source).  Rather Keeper likes to point out it continues to have certifications such as SOC 2 just like it did at the time Zack Whittaker reported on known issues with Keeper.  However, unlike AWS, I can't find a place to download the actual results of the SOC 2 audits.
 

It is odd with how loud LTT was regarding Anker/Eufy that they would then move on to Keeper as a sponsor.  The two companies now both have a past track record of company behavior that seem extremely similar.
 
Even while Keeper's lawyers was trying to keep Ars Technica's Dan Goodin from ever reporting on Keeper security issues ever again, another security journalist Zack Whittaker @zackwhittaker was bold enough to continue reporting.  The types of things he found was:
 
* A motion to dismiss the lawsuit because it violated California's law again Strategic Lawsuit Against Public Participation (SLAPP):
https://www.documentcloud.org/documents/4417587-Keeper-v-Goodin-reply-for-motion-to-dismiss

* Keeper left their AWS S3 bucket *FULLY* open to the public to read and *write* to:
https://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
 
* Keeper overstated their claims of providing "zero-trust":
https://www.threatshub.org/blog/a-bug-in-keeper-password-manager-leads-to-sparring-over-zero-knowledge-claim/
 
Each of these seem like that last things you would want to be the behavior of a company you are entrust your *passwords* for storage!!
 
The responses to these on Keeper's blog has been to downplay/spin the same way Anker/Eufy did about so-called end to end encryption.

It seems either LTT isn't fully vetting the history of behavior of companies that sponsor them or there might be some "hope" that given enough time LTT will just quietly accept Anker/Eufy back.  Is LTT available to help in whitewashing past behavior for sponsors?
 
Once you become aware a "security" company will use lawyers to try to silence security researchers and journalist, it becomes less clear if lack of recent reports really means the product is free of known vulnerabilities or if the company lawyers just has gotten better at keeping silent the discussion.
 
At no point does it seem like Keeper "Security" will ever be open to the same level of open review and discussion that bitwarden password manager does (which is open source).  Rather Keeper likes to point out it continues to have certifications such as SOC 2 just like it did at the time Zack Whittaker reported on known issues with Keeper.  However, unlike AWS, I can't find a place to download the actual results of the SOC 2 audits.
 

It is odd with how loud LTT was regarding Anker/Eufy that they would then move on to Keeper as a sponsor.  The two companies now both have a past track record of company behavior that seem extremely similar.
 
Even while Keeper's lawyers was trying to keep Ars Technica's Dan Goodin from ever reporting on Keeper security issues ever again, another security journalist Zack Whittaker @zackwhittaker was bold enough to continue reporting.  The types of things he found was:
 
* A motion to dismiss the lawsuit because it violated California's law again Strategic Lawsuit Against Public Participation (SLAPP):
https://www.documentcloud.org/documents/4417587-Keeper-v-Goodin-reply-for-motion-to-dismiss

* Keeper left their AWS S3 bucket *FULLY* open to the public to read and *write* to:
https://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
 
* Keeper overstated their claims of providing "zero-trust":
https://www.threatshub.org/blog/a-bug-in-keeper-password-manager-leads-to-sparring-over-zero-knowledge-claim/
 
Each of these seem like that last things you would want to be the behavior of a company you are entrust your *passwords* for storage!!
 
The responses to these on Keeper's blog has been to downplay/spin the same way Anker/Eufy did about so-called end to end encryption.

It seems either LTT isn't fully vetting the history of behavior of companies that sponsor them or there might be some "hope" that given enough time LTT will just quietly accept Anker/Eufy back.  Is LTT available to help in whitewashing past behavior for sponsors?
 
Once you become aware a "security" company will use lawyers to try to silence security researchers and journalist, it becomes less clear if lack of recent reports really means the product is free of known vulnerabilities or if the company lawyers just has gotten better at keeping silent the discussion.
 
At no point does it seem like Keeper "Security" will ever be open to the same level of open review and discussion that bitwarden password manager does (which is open source).  Rather Keeper likes to point out it continues to have certifications such as SOC 2 just like it did at the time Zack Whittaker reported on known issues with Keeper.  However, unlike AWS, I can't find a place to download the actual results of the SOC 2 audits.
 

It is odd with how loud LTT was regarding Anker/Eufy that they would then move on to Keeper as a sponsor.  The two companies now both have a past track record of company behavior that seem extremely similar.
 
Even while Keeper's lawyers was trying to keep Ars Technica's Dan Goodin from ever reporting on Keeper security issues ever again, another security journalist Zack Whittaker @zackwhittaker was bold enough to continue reporting.  The types of things he found was:
 
* A motion to dismiss the lawsuit because it violated California's law again Strategic Lawsuit Against Public Participation (SLAPP):
https://www.documentcloud.org/documents/4417587-Keeper-v-Goodin-reply-for-motion-to-dismiss

* Keeper left their AWS S3 bucket *FULLY* open to the public to read and *write* to:
https://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
 
* Keeper overstated their claims of providing "zero-trust":
https://www.threatshub.org/blog/a-bug-in-keeper-password-manager-leads-to-sparring-over-zero-knowledge-claim/
 
Each of these seem like that last things you would want to be the behavior of a company you are entrust your *passwords* for storage!!
 
The responses to these on Keeper's blog has been to downplay/spin the same way Anker/Eufy did about so-called end to end encryption.

It seems either LTT isn't fully vetting the history of behavior of companies that sponsor them or there might be some "hope" that given enough time LTT will just quietly accept Anker/Eufy back.  Is LTT available to help in whitewashing past behavior for sponsors?
 
Once you become aware a "security" company will use lawyers to try to silence security researchers and journalist, it becomes less clear if lack of recent reports really means the product is free of known vulnerabilities or if the company lawyers just has gotten better at keeping silent the discussion.
 
At no point does it seem like Keeper "Security" will ever be open to the same level of open review and discussion that bitwarden password manager does (which is open source).  Rather Keeper likes to point out it continues to have certifications such as SOC 2 just like it did at the time Zack Whittaker reported on known issues with Keeper.  However, unlike AWS, I can't find a place to download the actual results of the SOC 2 audits.