Change of buisness place (and laws...) to the US

[123ABCXO]

Legal changes in corporate entity : The significant changes are in the name of the entity, governing law and principal place of business from India to the USA. The controlling entity is changed from Sinew Software Systems to Enpass Technologies Inc.

 

Hello, 

 

It is absolutely awful that you have changed the principal business place to the U. S. I - and I am sure many others - have consciously sought out a password manager which is NOT based in the U. S. as we all know that privacy is not much worth there. It has not been since years, whatever party was in government.

By going to the U. S., you are making yourself subject to all kinds of measures against the security of your users, about which you may then even not be allowed to talk. This is the more valid, as Enpass is not even open source. How can we ever trust that you are not forced to (or just will) install back doors?

It is very sad, but together with my loss of trust in you because of the recent incidents after the Windows-Store version (which I will consider an early warning now, a sign so to speak), now I know I will have to look for an alternative once more. 

Best regards from a perhaps soon-to--be user.

The world is big. There are a lot more privacy friendly countries. Please let us know - how could you not pick them instead? 

 

Edited May 28, 2020 by 123ABCXO

[Kashish]

@123ABCXO

Hello,

We understand your concern is legitimate considering the privacy of the data and the security of the app, however, Enpass secures your data encrypted with the master password you choose. There's no way by which we can access your data as it is stored offline (not on company's servers). Moreover, we don't save the master password or any of its derivative with us, the data is only accessible to the user (with the master password).

You can also visit the security page on our website to know more about how Enpass secures user's data. Let us know if you have any concerns.

Thanks.

[123ABCXO]

That may well be. But voluntarily submitting yourself to the laws of a country that has not hesitated to spy on the leaders of govenments which were supposed to be friends, a country were people can be obliged not to talk about what three lettered agencies demand, a country that does not hesitate to even try to undermine end to end encryption as for example curently with the Earn it Act (though another field, yet an example of the radicality of intention to underimien privacy severely), how can you honestly say that as a US company you would not face the danger of being forced to include back doors one day or undermining security in another way (and be silent about it)? 

One also wonders why a company that deals in privacy chooses, out of all possible countries, the U. S. There is Iceland, there are various EU countries with comparatively strong privacy laws and ethics. There is even Switzerland.

A company that is about privacy and takes that seriously should let this reflect in all their actions. Why such a company would even consider moving to the U.S. in their current state is simply beyond me.

Edited May 29, 2020 by 123ABCXO
better stated; grammar

[Fabian1]

I share 123ABCXO's concerns 100%.  The United States is not secure for encryption products.  The authorities can force you to weaken the encryption.  It is completely irrelevant whether the data is on your servers.  If Enpass will not securely encrypts, Enpass is completely useless.  

Why did you go to the USA?  Please answer this Question. This is very suspicious!

Edited June 10, 2020 by Fabian1

[Pratyush Sharma]

Hi @Fabian1,

Thanks for writing in. We understand that you are concerned regarding the data privacy, however, please note that we can not share any of the sensitive information stored in Enpass, even if the governmental institutions of any country ask us to do so. That's because Enpass is an offline password manager, and all your information is stored locally on your device. We do not save your data on our servers and neither do we have access to any of the customer’s data.

Also, when you set up the Enpass app, you are asked to set a Master Password. The key that encrypts your data is derived from your Master Password. Your master password is only recorded in your mind. There is no record of the master password or its derivative with us. In the worst scenario, if someone gets your encrypted Enpass data file, then it still requires the Master password to grant access to the stored information. That's why we highly recommend using a random and strong master password.

Let us know if you have any questions or concerns, we’ll be happy to help.

[areh]

So all data is stored on the customers devices, and the app doesn't send data to any other places than the customer's own devices? That sounds good, but only assuming I can trust this to be true. But Enpass is not open source (only the encryption part of it is?), so all I have is your word for it. After the Edward Snowden incident we know for a fact that American companies may be forced by law to create back doors in their products _and to lie about it_. The combination of closed source and being subject to US legislation seems like a total deal breaker for any IT product where security or privacy is important. How am I wrong? I would be grateful if anyone could explain this to me. (And even I were to monitor the data traffic in and out of the Enpass clients and find that it looks okay, how do I know that it behaves the same the next day?)