I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.

Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.

  • VirtuePacket@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Gr8. Yet another critical service soon to be gobbled up by PE. I guess I’m moving to Proton Pass.

    • LedgeDrop@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Narrator: …but it did.

      I’m amazed that vaultwarden has maintained such fantastic compatibility with bitwarden. …but all it takes is one api with an obfuscated “signed request” to bring it all down.

      • in_my_honest_opinion@piefed.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Vaultwarden has a backend encrypted db and web server, with it’s own API. The bitwarden clients are currently opensource so there could be a fork for the browser extension, and desktop client. Unlike 1Password, there is a good opensource base.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        No?

        I get that clients might break, but the web portal running inside vaultwarden isn’t gonna suddenly stop working.

        Vauktwarden itself is self-contained. And API change won’t do anything to it.

        • ITGuyLevi@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Then it creates the opportunity (need) for an open sourced client, if that ever happens, I’m confident the community will come together and make one using the currently known API calls.

            • LedgeDrop@lemmy.zip
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              I wasn’t certain what the bitwarden clients were licensed under.

              …but if they’re all GPL, then yeah - it’ll just get forked. Just like terraform vs opentufu. Just like MySQL vs MariaDB - it’s a tale as old as time (unfortunately).

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Vaultwarden benefits from the development ideas in Bitwarden server, and especially the client app ecosystem that I am sure costs a small fortune to maintain. To go alone, vaultwarden will have a lot of work ahead of them and need to maintain a development community capable of maintaining the whole thing.

    • BugKilla@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      It will as there is not an VW official OS client nor browser plugin. It is undoubtedly a fucked state of affairs.

  • one_old_coder@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Is it that time when I say “oh shit!” and starts to look at alternatives? I’ve seen this scenario a hundred times already and I’m tired.

    • ColeSloth@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Sigh. This will be a huge pita. I have probably over 100 things saved into bitwarden. Where’s a good foss alternative.

      GabeN, please don’t die before me.

      • Appoxo@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Oh great. Let’s go from an open client to a vendor closed-source lock-in.
        Sometimes I am baffled by the polarity of Lemmy.
        From Tryhard-only-libre-software type of users over A-bit-of-each users (but tending to sway towards (F)OSS application) over to this opinion/suggestion.

        Wild.

        • blitzen@lemmy.ca
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Vendor lock in is an issue, true, but it’s a different issue than the enshittification we’re starting to see from Bitwarden. Also, apple passwords isn’t “locked in” per se, as passwords aren’t difficult to export.

          Lately, I’m starting to feel like finding good software (often FOSS but not exclusively) is increasingly a hook for later increased monetization. The ‘agreement’ I had with Bitwarden was they provide a solid service, and (while not required) I pay the $10/year honor system fee. That’s been upped to $20 now, and now they’re appearing to move away from their core principles. I won’t be paying for another year.

          With Apple, the unspoken agreement is I “overpay” for my hardware, and they don’t have incentive to monetize me otherwise. I’ll admit, there are cracks forming in that agreement, but that’s my read on it currently anyway, and I think probably the person to which you are replying to as well.

          • Appoxo@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Your decision are sound.

            Not a fan of the usability of Apple devices (I have an iPad, so I am not talking ou of my butt) but I can’t deny they reduced user hostility is attractive.

            • blitzen@lemmy.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              iPad usability is in a really weird place. It’s definitely the least “usable” of Apple’s platforms, and to be honest I probably wouldn’t be an Apple user at all if all they had was iPadOS and iOS. macOS is still attractive to me (the Liquid Glass theme notwithstanding). For the record, I split my password manager use between Apple Passwords and [now] self-hosted Vaultwarden. Each has advantages, and while I’d like to just use one, having two is working okay for me for now.

    • Godort@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I don’t have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.

      This is absolutely a red flag though.

        • refract@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          2 months ago

          But you still use the official BW client apps, correct?

          Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.

          Are there any alternative FOSS clients/apps that work with Vaultwarden?

          Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.

          • Iced Raktajino@startrek.website
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            I just use the webapp UI and don’t bother with the clients/extensions. Easy enough to just log in, copy/paste from there.

            But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.

      • zikzak025@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.

        • Cethin@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          It doesn’t need to be complicated. I use syncthing to synch them. It’s pretty trivial. You just tell it what folders to synch, between which devices, and it’ll synch whenever it’s running.

        • tremble5218@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          I found the easiest way to sync is to use rclone. This way you can use any cloud provider like Google Drive or OneDrive or DropBox. First create the rclone remote for your cloud provider using rclone config. Second step is to create a second remote using the encryption option (menu item 16), choosing an appropriate path <first remote>:<path to directory>. Upload your KeepassXC database to this encrypted remote using rclone copy.

          On Android you can use the RoundSync app from F-droid to configure the the same remotes, then create a task to copy or sync from that encrypted remote and a trigger to run that task on a schedule. Overall, this one-time setup works really well for me. This is my backup in addition to using Bitwarden for several years. Bitwarden is not going to get my money any more.

        • M1k3y@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.

            • michaelalf@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              If you don’t need real time sync you can disable background use of the app. That’s what I’ve done, and I just open the app when I need to update. Probably a smarter way to do it, but it works for me.

      • meathappening@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.

  • BackgrndNoize@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Great I bought a paid subscription for it all this time for it to end up like this, I’m done with anything that is not self hosted now on, I’ll just convert my old laptop into a home server

  • Fmstrat@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Luckily BW is open source, and VaultWarden exists. If they enshitify, all it takes is a fork of the browser extensions and apps with a rebrand.

    • ilinamorato@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Yeah, this here is exactly the reason why anytime I have to migrate from any piece of software I’m migrating to something open source and standards compliant.

    • zqps@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Short-term, yes. Maintaining the client integrations is a ton of work. If BW ever breaks selfhosted integrations, it’s gonna be a shitshow.

    • eronth@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      How would network hosting work, though? Like… do I need to pull my passwords down now?

      • Fmstrat@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        You can export from any of the BW clients. Then import into sepf-hosted BW or VW.

    • Phoenixz@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      This right here is the only answer

      Companies can try to steal the app but they can only steal the name

      • this@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Exactly, IMO Vaultwarden should just fork the clients and extensions and officially take the lead. Bitwarden can just go the way of OpenOffice for all I care.

          • this@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            OpenOffice was maintained by sun Microsystems and they were bought by oricale. At the time it was seen so negatively that a fork called libreoffice was created and almost immediately became the default office suite for most people who were using OpenOffice.