frustbox
That depends on the password manager.
There are password managers that work on your computer and the data never leaves your hardware. KeepassXC for example. The database is just a file on your computer - you are in charge of backing it up, synchronizing it to your other devices (i.e. phone) etc. The database file is fully encrypted so you could share it with a cloud provider like google drive or dropbox, or you could use syncthing which synchronizes files between your devices without cloud storage. If you use cloud storage there's a small risk that the encrypted file gets into the wrong hands (but it is encrypted so it's most likely worthless to any would be hacker).
Some other password managers offer a web service where you can log into a website to see your passwords, and they have mobile apps and browser extensions. These do store your passwords in their cloud - the risk that those get breached is considerably higher. But even there it depends on the implementation details. Bitwarden for example kind of does something similar to keepass, where your "vault" is encrypted locally and then stored on their servers. Even if they get breached, the data would be useless. Lastpass had a breach recently and it turned out that they didn't encrypt everything - so someone with access to the data could determine some details such as which sites a user had accounts on. And apparently some vaults used a weaker encryption so those might be decrypted eventually.
And a lot of password managers are closed source so there's no telling what they may do, just "trust me bro".
If I had to give a recommendation it would be bitwarden - it's open source, it's free although there is a paid plan if you need it and want to support them. It's really easy to use. If you have extreme paranoia (no judgement) then keepassxc - it's also open source and free, it's just a little more effort to set it all up so it doesn't get my first choice.
Several points
They generate strong passwords - completely random with no scheme or method to guess. They are long and use many different characters. These won't be easy to memorize, but that's the point of a password manager, isn't it? Much stronger than "google-monkey123", "lemmy-monkey123" etc.
They generate unique passwords - different passwords for every login. When, inevitably, one website had their database breached and it turns out that they stored the passwords too (you never store the passwords, only a "hash", a scrambled version of it), that password of yours can't be used on other websites. Or any scheme be detected "hey that guy just appends 'monkey123' to the name of the site!" That password was truly unique and is not a danger to your other online accounts.
They protect you from phishing - consider this scenario: you get a message with a link, you click on it and the site asks you to log in, so you type in your login and password, but that was a phishing site, it looked like the real website, but really it wasn't. And now the attacker knows your username and password. A password manager that automatically fills your login details will only do so if the domain name is exactly correct, on a phishing site it will not auto-fill, giving you a moment to stop and think.
A few things come to mind:
The "Mr. Robot" promotion was pretty bad - they force installed an extension without user interaction. This is IMHO still the worst thing they've done.
Their finances could be seen as a little sketchy, at times, like executive pay vs. layoffs at the start of COVID. The fact that they're hanging off the teat of Google (or maybe Microsoft, which ever search engine has the higher bid at the moment) could also be seen as a conflict of interest.
Some might criticise Mozilla for a lack of focus. While Firefox was getting stale they invested in Pocket, and VPNs and stuff.
It's a thing of the past, but there was this whole thing about Brendan Eich …
Honestly most of these things seem pretty par for the course under capitalism.
I like to change the metaphor. We're not visiting websites. We are inviting them into our homes.
But when we open the door, our friend brings a group of rowdy drunks with him, they're rummaging through closets (privacy invasion), they drink the beer (draining batteries and using internet data volume) and maybe they damage things (malware) - so I have a bouncer. If you're not invited, you're not getting in.
As for creatives, I'll happily tip them, i have no issues with sponsored content (as long as it is declared) - they probably get more from that then the ad-impressions.
We have made mistakes.
We wanted it all to be free. It was free. I remember the early days of the internet, the webforums, the IRC, it was mostly sites run by enthusiasts. A few companies showing their products to would-be customers. It was awesome and it was all free.
And then it got popular, it got mainstream. Running servers got expensive and the webmasters were looking for funding. And we resisted paywalls. The internet is free, that's how it's supposed to work!
They turned to advertising. That's fair, a few banners, no big deal, we can live with that. It worked for television! And for a while that was OK.
Where did it all go sideways? Well, it was much too much effort to negotiate advertisement deals between websites and advertisers one website at a time, so the advertisement networks were born. Sign up for funding, embed a small script and you're done. Advertisers can book ad space with the network and their banner appears on thousands of websites. Then they figured out they can monitor individual user's interests, and show them more "relevant" ads, and make more money for more effective ad campaigns.
And now we have no privacy online. Which caused regulators like the EU to step in and try to limit user data harvesting. With mixed results as we all know. For one it doesn't seem to get enforced enough so a lot of companies just get away with. But also the consent banners are just clumsy and annoying.
And now we're swamped with ads, and sponsored content written by AI, because capitalism's gonna capitalism and squeeze as much profit as they can, until an equilibrium is reached between maximum revenue and user tolerance for BS. Look up "enshittification"
I wonder how the web would look like if we had not resisted paid content back then. There were attempts to do things differently. flattr was one thing for a while. Patreon, ko-fi and others are awesome for small creators. Gives them independence and freedom to do their thing and not depend on big platforms or corporations. The fediverse and open source are awesome.
There's still a lot of great stuff out there for those of us who know where to look. But large parts of the internet are atrocious.