Bargains for Under $25 HP Envy 34 All-in-One PC Review Best Fitbits T-Mobile Data Breach Settlement ExpressVPN Review Best Buy Anniversary Sale Healthy Meal Delivery Orville 'Out Star Treks' Star Trek
Want CNET to notify you of price drops and the latest stories?
No, thank you

LastPass in privacy hot seat over web trackers

A security researcher recommends dropping LastPass after a privacy advocacy app discovered seven web trackers in the password manager.


LastPass' slate of web trackers is in the spotlight after a security researcher recommended switching away from the password manager based on the findings of a well-known privacy advocacy app. The analysis follows LastPass' recently announced restrictions to its free-tier service, which will become effective in March. 

The Exodus Privacy app, developed by the Guardian Project to document the number of trackers and permissions other apps use, discovered seven web trackers in the Android version of LastPass. Highlighting the findings in an analysis published Thursday, German security researcher Mike Kuketz recommended users move away from the password manager in favor of one without trackers. 

Read more: Best password manager to use for 2021: 1Password, LastPass and more compared

The web trackers on LastPass include those from Google Analytics, AppsFlyer and Mixpanel. While LastPass' password encryption normally protects your passwords from being viewed by any tracker or site, these trackers let third-party companies collect a startlingly complete record of the sites you visit. 

"These trackers are industry standard mobile analytics tools and are used for a limited purpose -- to collect aggregated statistical data about how LastPass is used to help us improve and optimize the product to deliver the best user experience," LastPass said in a public statement. 

The company also said it is continuously reviewing its processes to prioritize customer privacy and security. In his analysis, however, Kuketz said he was unable to opt out of sharing data with LastPass' trackers.

By comparison, Exodus Privacy found LastPass competitors 1Password and KeePass have no trackers. 

Now playing: Watch this: In a world of bad passwords, a security key could be...