712

Concerns Raised Over Bitwarden Moving Further Away From Open-Source (www.phoronix.com)

submitted 1 month ago by AsudoxDev@programming.dev to c/technology@lemmy.world

186 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[-] unskilled5117@feddit.org 207 points 1 month ago* (last edited 1 month ago)

This is an important issue IMO that needs to be addressed and the official response by Bitwardens CTO fails to do so.

There is not even a reason provided why such a proprietary license is deemed necessary for the SDK. Furthermore this wasn’t proactively communicated but noticed by users. The locking of the Github Issue indicates that discussion isn’t desired and further communication is not to be expected.

It is a step in the wrong direction after having accepted Venture Capital funding, which already put Bitwardens opensource future in doubt for many users.

This is another step in the wrong direction for a company that proudly uses the opensource slogan.

[-] solsangraal@lemmy.zip 99 points 1 month ago

nothing lasts forever without being enshittified

[-] umbrella@lemmy.ml 13 points 1 month ago

not in capitalism no

load more comments (1 replies)

[-] ShittyBeatlesFCPres@lemmy.world 130 points 1 month ago

Oh, for fuck’s sake. Can we have a decent password manager that isn’t tied to a browser or company? I pay for Bitwarden. I’m not being cheap. But open source is more secure. We can look at the code ourselves if there’s a concern.

[-] wetsuiterest 27 points 1 month ago

Keepassxc? Vaultwarden?

[-] pmc 18 points 1 month ago

Isn't Vaultwarden used with non-free Bitwarden clients?

load more comments (9 replies)

load more comments (8 replies)

[-] cmrn@lemmy.world 111 points 1 month ago* (last edited 1 month ago)

EDIT: The article has been updated and it was described as a “packaging bug” and not an intended change.

How many times do I need to pack up and move to the next “best option”

[-] JustARaccoon@lemmy.world 49 points 1 month ago

Sadly as many times as needed, complacency is how these companies get "loyal customers" who are willing to put up with bs

[-] cy_narrator@discuss.tchncs.de 27 points 1 month ago

Just go to Keepass and its over

load more comments (3 replies)

load more comments (6 replies)

[-] Snowpix@lemmy.ca 89 points 1 month ago

[-] john117@lemmy.jmsquared.net 22 points 1 month ago

oh thank god

load more comments (1 replies)

[-] ghostface@lemmy.world 83 points 1 month ago* (last edited 1 month ago)

Vaultwarden updated link

Open source version of bitwarden written in rust.

Where is the foundation to support foss?!?

[-] r00ty@kbin.life 50 points 1 month ago

If they're moving away from open source/more monetisation then they're going to do one of two things.

1: Make the client incompatible (e.g you'll need to get hold of and prevent updating of a current client).
2: DMCA the vaultwarden repo

If they're going all-in on a cash grab, they're not going to make it easy for you to get a free version.

[-] schizo@forum.uncomfortable.business 28 points 1 month ago

Don't forget option 3: someone writes a vaultwarden client independent of the closed-source crap.

If you can write a server that fully supports the client via the documented API, then you know everything you'd need to do to make a client as well.

[-] humorlessrepost@lemmy.world 13 points 1 month ago

That’s not a third option in the same list (things they are going to do), it’s an item in an entirely different list (foss responses to their actions).

[-] potustheplant@feddit.nl 15 points 1 month ago

You can't "dmca" the fork that was created while it was still open source. They could only prevent it from getting future updates (directly from them).

load more comments (2 replies)

[-] hedgehog@ttrpg.network 26 points 1 month ago

You have your link formatted backwards. It should be Vaultwarden, with the link in the parentheses.

load more comments (1 replies)

[-] ayyy@sh.itjust.works 80 points 1 month ago* (last edited 1 month ago)

600 upvotes and only 10 downvotes on literal fake news. I wish readers were less lazy, it’s very frustrating.

Edit: made my statement a bit less toxic. I was mad.

load more comments (6 replies)

[-] Boozilla@lemmy.world 60 points 1 month ago

Goddammit. It's getting to the point I'm going to have to figure out how to write my own app for this.

[-] Humanius@lemmy.world 22 points 1 month ago* (last edited 1 month ago)

It shouldn't even be that complex...

I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
All you'd need is a nice UI stringing it all together.

Edit: I'm not sure why people are downvoting me. Is that not what a password manager essentially is?

[-] wintermute@discuss.tchncs.de 29 points 1 month ago

Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

load more comments (5 replies)

load more comments (3 replies)

[-] NanoooK@sh.itjust.works 45 points 1 month ago

Great, I've just started to use it last week 🤡

load more comments (4 replies)

[-] gwen@lemmy.dbzer0.com 41 points 1 month ago

can we start reading the articles and not just the headlines??? it literally says it's a packaging bug

load more comments (7 replies)

[-] mli@lemm.ee 39 points 1 month ago

Update: Bitwarden posted to X this evening to reaffirm that it's a "packaging bug" and that "Bitwarden remains committed to the open source licensing model."

According to Bitwardens post here, this is a "packaging bug" and will be resolved.

[-] magnus@lemmy.ahall.se 37 points 1 month ago

Daniel García, owner of the Vaultwarden repo, has recently taken employment for Bitwarden.

The plot thickens.

load more comments (4 replies)

[-] ocassionallyaduck@lemmy.world 31 points 1 month ago

Keepass vault synced over syncthing.

I keep not regretting it.

[-] druidjaidan@lemmy.world 105 points 1 month ago

This is incredible

Right next to each other lol

load more comments (1 replies)

[-] cyberwolfie@lemmy.ml 31 points 1 month ago

Was going to be my solution as well, bjt Syncthing-Android just got discontinued.

[-] ocassionallyaduck@lemmy.world 15 points 1 month ago

F-Droid syncthing-fork is still actively developed and had a patch in the last few weeks.

So hopefully this isn't the end.

load more comments (3 replies)

load more comments (2 replies)

[-] telescopius@lemm.ee 22 points 1 month ago

This is disheartening.

[-] ArkyonVeil@lemmy.dbzer0.com 22 points 1 month ago

I wonder~ I wonder~ I wonder whyyyy...

load more comments (3 replies)

[-] Suavevillain@lemmy.world 19 points 1 month ago

Well this ain't good. I don't really feel like switching apps.

[-] DoucheBagMcSwag@lemmy.dbzer0.com 13 points 1 month ago* (last edited 1 month ago)

That's how they get you. Jump ship now

Anyone looking at this...what alternatives are out there?

load more comments (4 replies)

[-] ealoe@ani.social 17 points 1 month ago

Some guy at bitwarden clicks a button wrong on a license drop-down option and all these people crawl out of the woodwork to declare the end of bitwarden being trustworthy. Nothing in the article or the company's statements indicates an actual move away from open source. Big nothingburger

load more comments (1 replies)

[-] solsangraal@lemmy.zip 15 points 1 month ago

so what's the best pw manager?

[-] winterayars@sh.itjust.works 73 points 1 month ago

Honestly, it's Bitwarden right now. This move signals their intent to change that, though.

load more comments (8 replies)

[-] anamethatisnt@lemmy.world 29 points 1 month ago

Vaultwarden is a nice self hosted bitwarden alternative
https://github.com/dani-garcia/vaultwarden

Some prefer using KeepassXC and sync the database between devices
https://www.ctrl.blog/entry/keepass-vs-bitwarden-server.html

[-] ilmagico@lemmy.world 22 points 1 month ago

+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox... or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.

Based on this news, I think I made the right choice back then when I decided to go with KeePass.

load more comments (5 replies)

[-] winterayars@sh.itjust.works 20 points 1 month ago

Vaultwarden is Bitwarden--at least for now, this change may push them apart.

[-] oaklandnative@lemmy.world 22 points 1 month ago

Proton Pass is open source and the company that runs it recently reincorporated as a Swiss non-profit to ensure their privacy mission can't be bought out by venture capitalists etc.

https://www.reddit.com/r/ProtonPass/comments/153t85q/proton_pass_is_open_source_and_has_now_passed_an/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

https://proton.me/blog/proton-non-profit-foundation

[-] ChillPill@lemmy.world 15 points 1 month ago

Keepass? No cross device support, you need to manage that yourself through something like Google Drive...

[-] ilmagico@lemmy.world 20 points 1 month ago

What do you mean "no cross device support"? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available...

As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that's a feature, not a limitation :)

load more comments (10 replies)

load more comments (2 replies)

load more comments

this post was submitted on 20 Oct 2024

712 points (100.0% liked)

Technology

59517 readers

2790 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS