I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
Self hosting is the new battefront for the individual’s right to sovereign data
The company has long defined its values with the acronym “GRIT,” which used to stand for “Gratitude, Responsibility, Inclusion, and Transparency.” After May 4, it changed the acronym to stand for “Gratitude, Responsibility, Innovation, and Trust.”
It’s not as bad as the headline seems. Transparency is still in the motto. The actual change is:
But still. Why change it at all? Why replace “inclusion” with “innovation”?
It smells like Tech Bro.
There’s just no way to spin that positively, even giving them the benefit of the doubt, especially since they aren’t rolling it back. Someone spent effort to make that values change, so its not an accident nor a “nothingburger”.
I don’t need my password manager to innovate anything. I would very much like it to include support for all of my tools and machines though.
Removing ‘inclusion’ smells like a pivot to the right, same way DEI is a target for maga
Well, trust is literally the oposite of transparency. So i would call it quite bad, especially if you consider that right now i trust these guys with my credit card details, my taxID, all my passwords.
Exactly. In cybersec, trust is someting you try to avoid or at least minimize. Trying to use it as a selling point is ridiculous.
Or it’s something you earn through transparency.
That’s what they are trying to communicate here, yes. But 8.5 million users didn’t need to be told they need to trust the platform, they chose to. As did I with a premium plan to cover MFA and attachments.
Now with business types in charge and a hidden doubling of the fees, that’s more than halfway out the window no matter what the website stands for. I’m guessing somebody decided it’s time to cash in on the goodwill they built over the past decade.
That’s a great point.
I don’t want to trust them either. I don’t want to have to.
The only “devil’s advocate” argument I can think of is they’re trying to appeal to enterprise clients (who would not know that and want to “trust” a security company). That would explain the “I” change: “inclusion” (sadly) sounds political, “innovation” is like corporate catnip. Bitwarden could be trying to attract big fish to fund development, having their cake an eating it.
It’s the change from “users” and “community members” to “customers” for me.
Ty. So many comments here didn’t see your post and others did but didn’t read it. My take is innovation is a greater priority, and trust protocols. I’ll watch but I’ll wait for it to be a something burger.
Because the “inclusive” part is already described by the first letter’s “story”?
“Equity” or “Capital” = the kiss of death
Great I bought a paid subscription for it all this time for it to end up like this, I’m done with anything that is not self hosted now on, I’ll just convert my old laptop into a home server
This. At this rate everything that has growth and not open source is just a resource to exploit.
I swear, equity is literaly just pure evil, allowed to thrive only due to lack of force opposing it.
I guess it’s time to move to vaultwarden sooner rather than later… This wasn’t supposed to be the weekend project, but fuck it; let’s roll with it!
My question is move to vaultwarden, and trust they will still develop the open source client apps, or just preemptively move to another system. The UX isnt perfect, but it seems a lot easier to use than kerpassxc. Time to do some research.
Very easy to migrate to vaultwarden from bitwarden I think, so I’d probably do that and hope the clients are forked if ever needed. I’d probably just live with vaultwardens web ui before swapping completely to keepassxc (because setting up keepass db sync to all devices manually doesn’t sound fun).
No personally using KeePass, but I’ve heard Syncthing is great to sync the database. Might wanna try to look into that.
Ah for fuck’s sake. Seems like every month I have to change something because some fucking company starts getting a taste for greed via data sucking. I’m goddamn sick of it.
That’s why you use open source alternatives everywhere :) just replace one at a time when the company fails
Enshitification
Start using open source then
Unprompted snark from an .ml user, how surprising. I am a bigger cheerleader for open source than any of my friends or family. It’s the only real path to stay free of corporate influence, greed, and spying (in regards to software). Live free or die.
Bitwarden is, by definition, open source. It has been since I started using it ~6 years ago. I’m tired of literally everything having the potential for enshittification. Nothing is safe in the long run, not even volunteer-run projects. If you think your favorite project is safe because of some “core ethos” or “guiding principles”, you’re just drinking the kool-aid. As long as we exist under capitalism, anything under the sun can be enshittified.
I will never give up, even if things seem even more dire than they are now. But I’m tired of having to maintain constant vigilance.
Troll better.
I guess I won’t be recommending Botwarden to normies anymore.
Is it that time when I say “oh shit!” and starts to look at alternatives? I’ve seen this scenario a hundred times already and I’m tired.
I don’t have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.
This is absolutely a red flag though.
It takes a full 3 minutes to try an alternative. Export, install new one, import. Install extensions where you need them and sync.
Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC
All the attachments, though… man this is going to be such a pain :/
Same question here. What are the best alternatives?
KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
Syncthing is probably a simple fix.
Assuming you have a degoogle’d phone. The syncthing-fork devs announced that they aren’t going to certify for Google Play when that’s made a requirement in a few months
Ugh, I forgot about this. Aren’t you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.
Yes, that’s the plan
I think other apps will require ADB to install
fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck
I use both KeePassXC and Syncthing for passwords. Works fine.
And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.
make sure to use post-quantum encryption algs
Which algs would that be? ed25519 okay? Is that even an encryption alg? I’m not too hot with encryption.
or use syncthing, no hosting experience required
Syncthing on the phone seems to use up a lot of battery, though.
If you don’t need real time sync you can disable background use of the app. That’s what I’ve done, and I just open the app when I need to update. Probably a smarter way to do it, but it works for me.
It doesn’t need to be complicated. I use syncthing to synch them. It’s pretty trivial. You just tell it what folders to synch, between which devices, and it’ll synch whenever it’s running.
post-quantum encryption algs
I use the built in ftp sync option with any file explorer that makes an ftp server on my phone.
I found the easiest way to sync is to use rclone. This way you can use any cloud provider like Google Drive or OneDrive or DropBox. First create the rclone remote for your cloud provider using
rclone config. Second step is to create a second remote using the encryption option (menu item 16), choosing an appropriate path<first remote>:<path to directory>. Upload your KeepassXC database to this encrypted remote usingrclone copy.On Android you can use the RoundSync app from F-droid to configure the the same remotes, then create a task to copy or sync from that encrypted remote and a trigger to run that task on a schedule. Overall, this one-time setup works really well for me. This is my backup in addition to using Bitwarden for several years. Bitwarden is not going to get my money any more.
I use Vaultwarden
But you still use the official BW client apps, correct?
Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.
Are there any alternative FOSS clients/apps that work with Vaultwarden?
Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.
I just use the webapp UI and don’t bother with the clients/extensions. Easy enough to just log in, copy/paste from there.
But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.
What about passkeys?
For now
Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.
I’ve been hosting it for a couple years now and question why it took me so long.
Proton Pass.
I’m pretty sure that isn’t self hostable.
That’s true.
I use keepassxc. It does the job.
KeePassXC + Syncthing to sync passwords across devices
Alias vault seems the most feature complete and self hostable https://www.aliasvault.net/
Sigh. This will be a huge pita. I have probably over 100 things saved into bitwarden. Where’s a good foss alternative.
GabeN, please don’t die before me.
Cute. A hundred items :p /j
I’ve been pretty happy with Apple passwords
Oh great. Let’s go from an open client to a vendor closed-source lock-in.
Sometimes I am baffled by the polarity of Lemmy.
From Tryhard-only-libre-software type of users over A-bit-of-each users (but tending to sway towards (F)OSS application) over to this opinion/suggestion.Wild.
Vendor lock in is an issue, true, but it’s a different issue than the enshittification we’re starting to see from Bitwarden. Also, apple passwords isn’t “locked in” per se, as passwords aren’t difficult to export.
Lately, I’m starting to feel like finding good software (often FOSS but not exclusively) is increasingly a hook for later increased monetization. The ‘agreement’ I had with Bitwarden was they provide a solid service, and (while not required) I pay the $10/year honor system fee. That’s been upped to $20 now, and now they’re appearing to move away from their core principles. I won’t be paying for another year.
With Apple, the unspoken agreement is I “overpay” for my hardware, and they don’t have incentive to monetize me otherwise. I’ll admit, there are cracks forming in that agreement, but that’s my read on it currently anyway, and I think probably the person to which you are replying to as well.
Your decision are sound.
Not a fan of the usability of Apple devices (I have an iPad, so I am not talking ou of my butt) but I can’t deny they reduced user hostility is attractive.
iPad usability is in a really weird place. It’s definitely the least “usable” of Apple’s platforms, and to be honest I probably wouldn’t be an Apple user at all if all they had was iPadOS and iOS. macOS is still attractive to me (the Liquid Glass theme notwithstanding). For the record, I split my password manager use between Apple Passwords and [now] self-hosted Vaultwarden. Each has advantages, and while I’d like to just use one, having two is working okay for me for now.
What? Is it frowned upon here to just use what works?
A lot of people chose Bitwarden because it was open-source, so they don’t see the very closed Apple Passwords as a suitable alternative.
Why the fuck does everything that’s good turn to shit? This world sucks. This timeline sucks.
it’s all motivated by the accumulation of wealth = capitalism
Accumulation of power is a common motive regardless of political system. Money is just one way power gets expressed.
Not claiming our system is perfect by any means. But this thought, to me, always felt like kicking the can down the road.
I think there’s a difference though, in that capitalism rewards this kind of innate motive, while socialism doesn’t, so I think it would be much easier to build a system based on that that’s not fucked from the foundations like capitalism is. The societal benefits of capitalism always feel like an accidental side effect at most, when it should be at a heart of any economy system.
Also it definitely seems that holding power over others warps the human mind, so I would definitely advocate for distributing policy-making power as evenly across the population as possible.
Kicking the can down the road implies you have a better solution?
A solution that stops evil people from being greedy for all of future society, gaming whatever our system is to hoard resources? No, I don’t.
Whether under capitalism or socialism, either system would need frequent attention and intervention by thoughtful, socially responsible people to watch for abusers of the system.
Right, but Capitalism incentivises this behaviour, thus making the checks and balances required both more robust and needing to be applied for regularly - while the powerful are capable of preventing this.
On the other hand, Socialism has incentives that are completely different - managing the abusers would be a much simpler task.
That might qualify as an argument but the enshittification of everything hasn’t gained anyone power, only money. Cuba was curing cancer before we started more war crimes in order to prove socialism doesn’t work, while we’re financing fast food.
It’s not a timeline. It’s just the world we keep making. The only one.
VC ruins everything
This is literally a product where a hobbyist tried to fix a niche, and now the VCs arrive.
Luckily BW is open source, and VaultWarden exists. If they enshitify, all it takes is a fork of the browser extensions and apps with a rebrand.
This right here is the only answer
Companies can try to steal the app but they can only steal the name
Exactly, IMO Vaultwarden should just fork the clients and extensions and officially take the lead. Bitwarden can just go the way of OpenOffice for all I care.
I’m out of the loop, what happened to OpenOffice?
OpenOffice was maintained by sun Microsystems and they were bought by oricale. At the time it was seen so negatively that a fork called libreoffice was created and almost immediately became the default office suite for most people who were using OpenOffice.
Yeah, this here is exactly the reason why anytime I have to migrate from any piece of software I’m migrating to something open source and standards compliant.
How would network hosting work, though? Like… do I need to pull my passwords down now?
You can export from any of the BW clients. Then import into sepf-hosted BW or VW.
Short-term, yes. Maintaining the client integrations is a ton of work. If BW ever breaks selfhosted integrations, it’s gonna be a shitshow.
why even have “Motto” if you are just going to renege on it.
In this case, not having a motto would have made them able to get further down the enshittification path before anyone noticed. They just warned us.
though this also points out why such things as companies having “values” is laughable and should be ridiculed if they arent clearly enforced. All they do is scam people into thinking they might not be explitative shits which shouldnt be allowed or looked kindly upon.
So many people have to switch services now and even more will just become victims of the company after it becomes more shitty. All those people could have used some other service that is less likely to go shitty, which in turn would have given it more resources to improve.
Great. Now I have to move all of my password to another services because of a stupid decision made by a company.
reading this as someone who migrated the rest of the household to Bitwarden literally yesterday: 😒
It took me years after the lastpass breach to get my wife and 1/3 of my kids to switch to Bitwarden. I am not looking to having to migrate again.
but exporting is easy with bitwarden. this is annoying. after the age check laws, i have been moving off big companies because it will be bad snd i know my migration will take a bit. i finalized bitwarden a couple weeks ago and was just about to assist my family.
i would not be as upset if ram and harddtives didnt cost a mortgage right now.
It does not matter how easy exporting is, the difficulty is going someone who really does not understand why they should be using a password locker to use one, much less change to a different one.
You won’t have to. Bitwarden is FOSS. The server is able to be self hosted so “migration” will just be you moving their account to the self hosted one if things go south
Does this mean other companies are hosting compatible servers to switch to?
I mean some may be offering that but it means you can just rent a cheap. VPS and host your own
What do you use it for?
passwords and secure notes of recovery codes and the like
Update: After publication, an employee on the Bitwarden subreddit said that “Always free” had been restored on its pricing page, calling it an “oversight” by the marketing team. The product page for Bitwarden’s personal password manager remains unchanged.
Oversight
They got community checked and backtracked hard… I have always endorsed bitwarden but that is becoming worrisome. :(
Yeah, you know those marketing team people. They totally went out of their way to make more work for themselves to change it with I’m sure zero instructions from higher up to do so.
Getting hard to endorse anyone you don’t personally know at this point.
We’re sorry we got caught
