I have been using Bitwarden for around 7~ years. Subscription for this long too, at 10USD p/year. I will be switching due to lack of transparency, and would love to hear others thoughts on this.
The linked article goes into further detail, but here is a small summary that very much concern me / are sus:
- that 10USD per year has gone up quietly . I just checked and I have no email telling me it's increased. It renews in like 2 months, so this is good timing for me
- Originally Bitwarden had values as apart of the acronym "GRIT". Gratitude, Responsibility, Inclusion, and Transparency. They have changed the last two words to "Innovation, Trust"
- There is now a new CEO, this was not announced and the only reason people outside of Bitwarden know is that someone saw this change on LinkedIn
- The free tier momentarily disappeared from their product page for about a month (april14-may14). People were likely still able to make free accounts during this period. Bitwarden says it was a marketing mistake
The price hike is one thing, but for me the acronym change is most concerning, which is why I will be looking at another password manger (probably keepassxc)
Does KeyPassXC have passkey and TOTP support?
Both, yes
Do you know if I can get KeePass working on both PC and Android in sync with Syncthing?
I have been using it that way for years and it works well (for this scenario no problem). Only recently I switched from Syncthing to using mounted SMB share. I switched partly because of the Syncthing for Android maintainer switch (though I still think its safe) and because Syncthing sometimes didn't sync on my Iodé custom rom and I got tired of having to open the app to sync.
Lol.. From Transparency to "Just Trust Me Bro".
I know right. Even in an Enterprise environment why would trust be a better word to represent your values over transparency
Yeah, I switched to KeePass for the same reason. The only way I trust software is if they'll show me the code, and the only reason to replace "transparency" with "trust" IMHO is because they want to go closed source. Innovation also tends to just mean 'we're going to be charging you for features that used to be free '
Not really, just had to install KeePass on my computer and export my bitwarden passwords BW makes that easy to do) and import them to KeePass. I haven't set up the browser extension yet, as at a glance it says it doesn't work with browsers installed with flatpak and that's how I have LibreWolf installed. Setting up syncthing was also pretty straightforward.
I tested this a few weeks ago, but one thing I struggled with was having custom fields imported. Don't know if I somehow did something wrong, but while the export data had them as expected, KeePassXC just didn't import it all? The standard Notes did get imported, but none of my custom fields.
It got bought by a company owned by Vista Equity partners, a private equity firm.
The loss of values happened at Citrix when it was Vought by Vista. They installed Tom Krauseasthe CEO to gut it from the inside out.
Everybody should have an exit plan ready to be able to leave bitwarden
Well, when u say supereasy to set up, i don't know. The need for reverse proxy was driving me nuts. For someone that doesn't expose anything to the outside world, the need for a reverse proxy is overkill in my opinion. But i did hive up fairly easily, so i'll have another go in the future when i have time. For now my Syncthing + Keepass setup will have to do but i do find its not 100% robust. If i have keepass open on both mobile and laptop, i'm at risk of loosing changes. If the change is made on one device and i close after change, i won't see the change until i close keepass on the other device. But by then syncthing thinks that the latter is the most recent change and marks the file of first device as conflict file. So the chsnge is not lost but its not in the most "recent" version of the database.
If you have several, it really is convenient to set up an internal reverse proxy for all your internal-only services. One place to set up let's encrypt and set up subdomains or different paths for the different services. No need for URLs with different port numbers or IP addresses.
Yeah this is why I don't want to bother self-hosting. There are just too many ways to fuck it up. I'd rather pay a small fee for professionals to handle it for me 🤷 If Bitwarden goes to shit, I can always move to something else - I never heard of a password manager that didn't let us export passwords.
I know this options exists, but honestly I don’t think I have reliable enough infrastructure. It’s hardly ever offline, but my backup game is super weak, and I have had to rebuild from scratch once in the past three years.
What happens if I fuck up again and have to rebuild? Just feels like a massive potential failure point.
Bitwarden app is fully compatible with Vaultwarden and stores copies of all your passwords for offline access, so as long as you have access to the app somewhere, you'll have them.
Also, Bitwarden can export your passwords as a file in several formats, readable by Bitwarden, KeePassXC etc. You can have that stored somewhere safe.
How do you use it on mobile? I didn't find an app version
Totally agree. I've been a multi-year paying customer of bitwarden for the family, always happy with their service, especially when compared with the 1pass I use at work. But that CEO avatar picture alone gives me enough bad vibes, let alone his credentials, the acronym change, so yea I too reckon I've been putting off the switch long enough now.
I came from keepass, can't go back there, even if I now have syncthing set up everywhere. Also, how would that work for the family, you force everyone to set up their own file and hope they manage it well? Highly doubtful.
I saw aliasvault pop up too, this last week. Haven't looked into it yet, and although a great contender, it's probably too young to seriously consider.
These are the alternatives according to selfh.st/apps :
- Vaultwarden
- Password Pusher
- KeePassXC
- Passbolt
- Infisical
- OpenBao
- YeetFile
- AliasVault
- OrigamiVault
Anyone here had some bad experiences with any of these?
If bitwarden went completely rotten could they cease and desist vault warden?
I'd asked a similar question. Basically, the response I got was: if the something goes sideways, the community can hard fork all their clients and use vaultwarden as a server (their current licenses would allow that).
Another suggestion was that you can always use the web ui bundled with vaultwarden directly (heh, I've been using vaultwarden for years and I don't think I ever used the web ui - just the applications, CLI, browser extension).
Switched from keepassxc to vaultwarden a while ago (mostly due to the horrible syncing experience, and to use the same password manager as my family so I could help out better).
It's a selfhosted and open source version of the Bitwarden server, you'll use the (open source) Bitwarden clients. So its all features of Bitwarden plus full transparency
Yes, the clients (Desktop, Web, Browser, Mobile, CLI) are published by Bitwarden under GPL3 license, so you can always fork them.
Bitwarden could delete the repos, but the code is out there.
Password Pusher is no password manager, only for securely sharing information.
Running on Vaultwarden, though that still depends on the official BitWarden Clients. Works great though, and can be selfhosted on pretty small machines. Very satisfied with it.
Passbolt was not on my radar when I was in the market for a new password manager, but would be a serious consideration today.
If considering a self hosted alternative, remember that backups are your responsibility then as well.
It’s not a backup if it’s stored in the same place as the original
I use the 3-2-1 rule.
still in beta
any idea when they will release a major version?
Is AliasVault here for the long term?
Yes. We build AliasVault with a long-term vision, not with a quick exit in mind. The product is never "done"; we keep developing, improving, and refining AliasVault continuously to give users the best possible experience over the long term.
Our spiritual predecessor, SpamOK.com, has been running since 2013. That is more than 13 years of uninterrupted service helping people fight spam and protect their privacy online. The same long-term mindset applies to AliasVault.
That does inspire confidence, so I'll add it to the list!
This is the email I received at the begining of the year when there were multiple articles about the price increase.
I think it's important to note that you may have missed or deleted the email, or it potentially could have gone to your junk folder, but they did send out emails letting people know.
Yeah. If you're using the services that might required a paid subscription, it's not out of the realm of possibilities for there to be a price increase eventually.
I'm not discounting that there's the potential for a pivot to less transparency and auditability going forward, I just wanted to point out that this wasn't done with no warning.
I don't trust the company that bought them. Private equity is almost always a bad time for consumers/users.
Yeah. I obviously can't be positive that they didn't mess up, but I got an email about the price increase so it was more of a "for the record" rather than a "you're a liar" comment. I don't work for Bitwarden so I can't say they didn't miss a bunch of customers or something like that when they notified people.
Sure, Go for it. I've been using KeePass for a long time now and I am very satisfied with it. Aside from the security and privacy (Which you know is BEST out there), It comes with many customizations too. I used to use BitWarden but now I use KeePass.
Yes, you can add multiple files to an entry.
Great to hear. One thing I liked about Bitwarden is that you change choose Aegon2id and its KDF iterations, etc. Is that standard? Can you do that in keepass?
Don’t be evil!!
In the same boat as you.
I don't like how it's changing, I also don't like how the UI is changing and, sadly, as a EU citizen I can't trust it any longer since it is made in the USA.
But I'm no hurry to switch. I mean, I won't rush or worry about paying one more year subscription if I have to. I'll try alternatives as long as I have too. So far, there is
- the Canadian 1Password and
- the non-synced/local but free to use KeepassXC that are standing out.
Both work with Linux.
Migrated to Keepass shortly before the price increase ( not because of it) just for the reason of wanting my vault fully offline. Seeing these changes at BW still makes me sad, was a long time paying user & truly enjoyed it
Keepass is fantastiic, my vault is pretty static so just manually copy to other device as needed. And of course, have your full backup plan in place as with all things
Great resource. However, I remember one of them recommending straight up poor advice (and I think suspected sponsored recommendations), and the community shunned them for it. I just can't remember if its https://www.privacyguides.org/en/ or https://www.privacytools.io/
Thnx
The price hike was announced months ago iirc and brings bitwarden in line (still cheaper) with all the other services after being the same price over years and years of inflation.
I got my eyes on em because of the vc money but the price hike isn’t out of line.
Idk what to tell you, the price hike was announced months ago and I had to field a lot of questions from people I help with computers about it.
Another person posted the receipts for when emails got sent out and I remember warning people about this when it first “hit” the news cycle in January.
What would have been enough announcement?
didn't KeepassXC go full into vibe coding?
https://lemmy.world/post/47036606/23815574
otherwise that would be the most appealing alternative to me too
I mean they recently posted a pretty reasonable explanation about their usage of AI (https://keepassxc.org/... ).
I'm not sure what the guy in your link is referring to since he didn't provide any additional context.
Well that would make sense. I was actually going to switch to bitwarden back in May after keepassxc decided to corrupt my entire database along with the backup. I had to begin the lengthy process of resetting every single password I have, I was pretty furious and never wanted to touch keepassxc again. But when I went to bitwarden's website I noticed only paid options, so I decided to continue researching alternatives.
I’ve asked this before but does any of this enshittification affect vaultwarden?
None of the above effects vaultwarden (how could it?), but it does raise concerns about long term FLOSS-friendlyness. I got bit by the sudden price increase earlier this year and decided that is the 1 year warning to migrate to either self hosted vaultwarden or something else. I move slow, so need some time anyway.
Well since most if not all use the Bitwarden client they could lock that down. Which would suck.
Since we still need to use the official clients with Vaultwarden, I'd say time is running short, even if these changes don't directly affect it yet. Definitely need some FOSS alternative clients for it.
Even if it doesn't affect it directly Vaultwarden is strongly linked to Bitwarden, for example I think you're using official clients on your devices, Vaultwarden is not self sustainable (for now)
The price is still reasonable for me. I don't want to switch services because they might enshitrify someday.
you should get a notice no later than 2 weeks before the actual renewal
Yea this is what has likely happened to me, just haven't got the email about it. Then I was thinking: If I never heard any news about the price hike (which I didn't) it would be good if I got an actual email from Bitwarden - perhaps when they decided the price would be higher, therefore I could actually choose to stay with them or have time to research other options
Out of a desire not to switch, I'm going to ask what I know to be a naive/dumb question: what's the worst that can happen? It's a mature gpl codebase
Was LastPass open source to the same degree that Bitwarden is? It's super easy to run your own Vaultwarden server already, and it shouldn't be a problem for the community to fork and maintain unofficial clients either. Doesn't seem like there's much Bitwarden as a company could do about that, even if they wanted to.
I'm surprised that nobody has (meaningfully) forked the clients yet, it seems like all the warning signs are there
I am looking at aliasvault.net or keepassxc. Vaultwarden I'm not super interested in either as one of its big developers works at Bitwarden, they could be pressured to stop working on it etc. Potential conflict of interest
That's a good point
Yep seems to be the way 🙏
although its advertised as self hosted & for companies, you can create a personal account on their server.
That's cool I haven't heard of that one. I personally will be avoiding Enterprise products from now on since Bitwarden
fair enough brother, Keepass + syncthing is a great alternative also:
for PC: https://keepassxc.org/
for Phone: https://www.keepassdx.com/
for syncing: https://syncthing.net/
Just FYI there's two KeepAssDX versions in FDroid: the square key and the round key logos. The round key is the Libre one you want, whereas the square one is aka the Google Play version. IzzyOnDroid mirrors the square one and it shouldn't.
Are you sure it's not the square key one you want? I just checked and that one is available from both Izzy and f-droid itself, whereas the round version is only available from Izzy (though that one has foss in the name and the other doesn't)
That's it. Thank you for your service until now.
What happens if the electricity goes out or your server craps out?
Oh that really sucks. Does anybody know any alternatives that support Addy.io integration and shared vaults? I use those heavily
I've already decided to move away from Bitwarden for these reasons but I'm still looking for what comes next.
Curious what did you move to?
They are quitting becuase they see another lastpass happening. The new CEO is a toxic private equity leech.
True, but FOSS software is not immune to enshitification from private equity.
It's true - apart from the price hike, Nothing really has happened. And yet I ask you, which are you more comfortable with:
- A company with closed communication, and still asks to be trusted at the end
- A company having open, transparent communication
@lemmy.ml
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
go to feed...
@lemmy.ml
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
go to feed...
The CEO apparently is a big private equity guy, and those bloodsucking ticks only know how to do one thing: Suck every last drop of money and goodwill from the company and its customers as quickly as possible.
Breaks my heart, I've been a massive Bitwarden advocate for years. Been happily paying for the individual paid plan. I'm now working on setting up KeyPassXC with syncthing.
save