While I'm not _happy_ about the messaging changes, those alone are not enough to do more than start paying closer attention. I highly, highly doubt that vault export would be the first meaningful feature change, and so I think there will be stronger signals of actual issues before then.
As I understand it, so far the only actual change is an announced increase in prices. Obviously, from the consumer perspective, cheaper is better, but this is a product where I think that a subscription plan makes sense (and the free tier, for now, still exists), and so I'm not going to get mad about price changes. Competitors exist and one doesn't think the new price is worth it, then switch to one of them (using the very-much-still-available vault export).
I don't think the warning is crazy or anything, but in my personal opinion it's a little stronger/earlier than is warranted and the current appropriate response is careful watching.
It's a shell script that stores passwords in a git repository, containing one file per entry. The files are encrypted using a GPG key. Because it's just a git repository, you can synchronise it between devices using whatever infrastructure you want. I use a FOSS client for it on iOS, and there was one for Android before I got an iPhone.
I think the caution around Bitwarden is justified; and I think it is good that the message is getting out there. I will say "while you still can" is hyperbole, and will do more to distract from the larger (correct) point about Private Equity.
I wish companies that offer such a core technology and what not were at times entered into a public trust, similar to how some public lands are managed, that would protect them from private equity takeovers; I know it defeats the purpose of the companies in the first place (making money), and it probably would backfire in myriad worse ways than the problems it might solve... But I do think there are many options for how products, services and what not can be structured that give the people who maintain them what they need to thrive; without mining the users for money.
Overly idealistic thinking, maybe... but still thinking.
Public management exists for natural monopolies where no market competition is feasible. The role of the public entities is to protect competition. In this case that would be mandating import/export interoperability.
Vaultwarden is a very lean implementation of Bitwarden but if you want to look into an alternative to the Bitwarden ecosystem, I recommend - AliasVault https://github.com/aliasvault/aliasvault - check it out!
Sometimes I think when a startup announces that they are being acquired their competitors have a meeting that morning and announce that they're going to start dialing for dollars. Since acquisitions almost always hurt customers I wonder if we can start creating "poison pills" that deter them.
WOW. Quietly editing the 4-year-old blog post is super slimy, holy crap. Also seems like since this story was published, they edited the 4-year-old blog post again. The story points out
>But the explanatory paragraph at the bottom of the same post still says the old ones: Inclusion and Transparency. Crandell’s name is still on it. The post now contradicts itself, and nobody wrote a new one.
Looking at the post right now, they've corrected it to Innovation and Trust.
I think this is a little hyperbolic. The product may drop features, increase prices, and squeeze its free tier users. Everything enshittifies. But the idea that password export might disappear or be degraded? Nah. You'll be able to jump ship any time you want.
Google Authenticator has an export-as-QR-code function that several other authenticator apps can parse. Is it the best/most convenient implementation? Obviously not, but you can absolutely export the codes.
Third-party password management as an isolated paid service (i.e. you don't get password management unless you pay specifically for the password management) is just a terribly bad idea all around.
A bad idea for you. My non-technical family members can barely use 1Password and it is the easiest of the lot. The idea you promote is just not realistic.
Bitwarden/Vaultwarden had a good run but if someone's going to self-host Vaultwarden, I would encourage people to look into AliasVault instead. It's a complete opensource ecosystem.
While I'm not _happy_ about the messaging changes, those alone are not enough to do more than start paying closer attention. I highly, highly doubt that vault export would be the first meaningful feature change, and so I think there will be stronger signals of actual issues before then.
As I understand it, so far the only actual change is an announced increase in prices. Obviously, from the consumer perspective, cheaper is better, but this is a product where I think that a subscription plan makes sense (and the free tier, for now, still exists), and so I'm not going to get mad about price changes. Competitors exist and one doesn't think the new price is worth it, then switch to one of them (using the very-much-still-available vault export).
I don't think the warning is crazy or anything, but in my personal opinion it's a little stronger/earlier than is warranted and the current appropriate response is careful watching.
I store my passwords using this: https://www.passwordstore.org/
It's a shell script that stores passwords in a git repository, containing one file per entry. The files are encrypted using a GPG key. Because it's just a git repository, you can synchronise it between devices using whatever infrastructure you want. I use a FOSS client for it on iOS, and there was one for Android before I got an iPhone.
I think the caution around Bitwarden is justified; and I think it is good that the message is getting out there. I will say "while you still can" is hyperbole, and will do more to distract from the larger (correct) point about Private Equity.
I wish companies that offer such a core technology and what not were at times entered into a public trust, similar to how some public lands are managed, that would protect them from private equity takeovers; I know it defeats the purpose of the companies in the first place (making money), and it probably would backfire in myriad worse ways than the problems it might solve... But I do think there are many options for how products, services and what not can be structured that give the people who maintain them what they need to thrive; without mining the users for money.
Overly idealistic thinking, maybe... but still thinking.
Public management exists for natural monopolies where no market competition is feasible. The role of the public entities is to protect competition. In this case that would be mandating import/export interoperability.
This is getting so tiring. What are the other options out there now?
ProtonPass
Clients are OSS, I wonder why nobody did a Vaultwarden-style fork of them yet that would watch over upstream changes.
Vaultwarden is a very lean implementation of Bitwarden but if you want to look into an alternative to the Bitwarden ecosystem, I recommend - AliasVault https://github.com/aliasvault/aliasvault - check it out!
Sometimes I think when a startup announces that they are being acquired their competitors have a meeting that morning and announce that they're going to start dialing for dollars. Since acquisitions almost always hurt customers I wonder if we can start creating "poison pills" that deter them.
WOW. Quietly editing the 4-year-old blog post is super slimy, holy crap. Also seems like since this story was published, they edited the 4-year-old blog post again. The story points out
>But the explanatory paragraph at the bottom of the same post still says the old ones: Inclusion and Transparency. Crandell’s name is still on it. The post now contradicts itself, and nobody wrote a new one.
Looking at the post right now, they've corrected it to Innovation and Trust.
I think this is a little hyperbolic. The product may drop features, increase prices, and squeeze its free tier users. Everything enshittifies. But the idea that password export might disappear or be degraded? Nah. You'll be able to jump ship any time you want.
Never underestimate the lengths companies will go to, to enshittify their product to squeeze customers for money.
Name one major password manager that blocks or paywalls export.
- Authy
- Google Authenticator
Notably not password managers.
Google Authenticator has an export-as-QR-code function that several other authenticator apps can parse. Is it the best/most convenient implementation? Obviously not, but you can absolutely export the codes.
Not password managers of course, but thanks for reminding me that I should figure out how to ditch Authy.
https://github.com/BrenoFariasdaSilva/Authy-iOS-MiTM is going to be my project for the afternoon.
Ente Auth
is a good alter. Works perfect for me.
>You'll be able to jump ship any time you want.
Famous last words...
I mean, LastPass was a train wreck after their breach, but they didn't go as far as trying to stop me from exporting my vault when I switched to BW.
The idea of BW doing a rug pull and suddenly removing the ability to export your vault I think would trigger a class-action lawsuit.
I don't know why this is framed as "jumping ship" ... of course you can stop using it any time (and use your periodic export to go elsewhere).
The real issue is potential data loss. Remember LastPass? Bought by someone and downhill it went, with multiple security incidents.
Third-party password management as an isolated paid service (i.e. you don't get password management unless you pay specifically for the password management) is just a terribly bad idea all around.
Waiting for people to get this.
A bad idea for you. My non-technical family members can barely use 1Password and it is the easiest of the lot. The idea you promote is just not realistic.
Not really. That something is convenient doesn't mean that it's a good idea. It's always a matter of convenience vs security.
I'm a huge fan of AliasVault https://github.com/aliasvault/aliasvault - the author is responsive, receptive. The whole ecosystem is opensource.
Bitwarden/Vaultwarden had a good run but if someone's going to self-host Vaultwarden, I would encourage people to look into AliasVault instead. It's a complete opensource ecosystem.
A tale as old as time, enshitification.