Concerns About 1P 8 for Mac from a Web and Software Developer

Chiming in here. First, electron as a UI is a been-there-done-that-and-dumped-it pattern. Java and Flash are the two predecessors, and the issue is that don't get a mac app or a windows app. You get a flash app, or java app or electron app. They don't look and feel like native apps and the more you try and work around the framework, the more exposure you have to bugs. Sure, it's easier for developers, and looks good to the bean counters because it is initially cheaper, but in the long run the UX is always substandard compared to native code. Full Stop. Over the long term that costs more money because as customers leave, you end up rewriting to a native app anyway.

Security issues? Yes, absolutely as both Java and Flash clearly demonstrate. Electron should be somewhat better because of 20 years of advancement in coding practices and language development, but the risk is non-zero. Now any third party library has those issues, but native API's are one less abstraction layer to worry about, and Electron has a much larger attack surface and is a bigger, more juicy target.

Browsers are the most vulnerable, most commonly compromised, piece of software on the system. Browser integration is a key feature of a password system, so I accept that risk/ease of use tradeoff - especially for the less technical members of my family, but I've disabled the in-line unlock features both because it's just too darn easy to type into the wrong field (and I'm waiting for a malicious site to pop up a fake prompt), and because it covers up important information most of the time. The net is that runs in/with the browser needs to be at a higher standard than a standalone app.

I have zero issues with requiring a subscription for 1P8. Agile needs funding to support development, and their pricing is very reasonable for the capability they provide. However, that does mean I do expect a Mac application that enhances my overall security posture, not a lowest-common denominator hobbled solution based on a shaky framework with poor performance and UX.

Would I stop using 1P8 because it's electron? Not sure yet. Because of functionality gaps? Probably, but it's still early, so they should be fixed. Is there anything in 1P8 that looks like a genuine killer feature for the users? No.

Still haven't heard what's in it for the users with this migration. Maybe I'm missing something?

Net: As long as 1P7 will work on Monterey, and they commit to support it until 1P8 is full featured and stable we have time to see if Agile gets it right. If not, well, then time's really short.

P.S. At least they didn't try to build it on something like eclipse!