Re: Mass surveilance VS privacy Lastpass

info963 · ‎12-11-2017

Hello everyone,

I use lastpass for a couple of months now and I saw things on the news that there is mass surveilance in countries like USA, I don't live in USA, but it is likely that my passwords en data are stored there.
So that made me think about the following question: If i purge a password in the lastpass recycle bin, are they fully removed, or are they still being kept on the servers for lastpass itself? (in logging files, lastpass backed up files, etc)
My second question is: Is lastpass forced to make and give off logfiles from their systems (passwords and data from their customers) if requested by local authorities like FBI and so on?

I'm curious what the answer is on this topic

BobDobalina · ‎12-11-2017

LastPass claims (right on their homepage) "Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass." If that's accurate, they could only provide encrypted data to any authorities, which should be useless to them.

That said.... corporations lie, and software has bugs. I would be disappointed and angry to learn that authorities were able to collect usable passwords from LastPass, but I wouldn't be shocked. And of course, lol, that could already be happening and we know nothing about it. Or there could be a massive breach that we don't learn about for months. I no longer believe in "guarantees".