Announcement

Collapse
No announcement yet.

Concerns Raised Over Bitwarden Moving Further Away From Open-Source

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by tildearrow View Post
    Bitwarden was the first TOTP manager I've tried.
    My experience only lasted 5 seconds as I quit the moment I opened the app and it demanded me to log into a service.

    Then I moved on to another tool that actually worked.
    well, considering the entire point of bitwarden is syncing, then yeah, if you don't want syncing don't use bitwarden, This is just a case of wanting something the app isn't made for​

    Originally posted by NeoMorpheus View Post
    I dont understand whats the issue, are they removing access to the software unless we pay?

    i personally pay for the premium package because I feel they deserve to get paid.

    Now i would love to see the same rage against Ngreedia and their closed source anticonsumer software, instead of the devotion that many here gives them…
    no​, Im not entirely sure what the change is needed for, but it seems like the intent of it is just for some new features or client software. The issue is we don't actually know what the changes will mean for the future.

    Comment


    • #32
      If it is in the cloud/web based.... I don't want it. KeePassXC works for me and is local. Never understood why one would trust a store in the cloud ... and then pay money for it to keep it 'active'. Sounds like lock in to me. I'd personally trust a clear text spreadsheet document on my local server over cloud based anything.

      Comment


      • #33
        Originally posted by rclark View Post
        If it is in the cloud/web based.... I don't want it. KeePassXC works for me and is local. Never understood why one would trust a store in the cloud ... and then pay money for it to keep it 'active'. Sounds like lock in to me. I'd personally trust a clear text spreadsheet document on my local server over cloud based anything.
        There are some special things:

        - you can self host (although their mechanism is HARD)
        - you can use vaultwarden ( opensource albeit limited version)
        - the client has _local_ cache (so when the server is down you can still access your passwords)
        - technically you can even "self host" in the very same machine you want to use it so there would be no cloud involved

        Comment


        • #34
          Originally posted by rmfx View Post
          That’s always the same story…
          Start with good intentions and open mind,
          then success happens precisely thanks to these, then money brings greed and fear of outside, then the things turns to shit.
          Why can’t people stick with the key of their success?
          Enshittification

          Comment


          • #35
            Originally posted by Damnshock View Post

            There are some special things:

            - you can self host (although their mechanism is HARD)
            - you can use vaultwarden ( opensource albeit limited version)
            - the client has _local_ cache (so when the server is down you can still access your passwords)
            - technically you can even "self host" in the very same machine you want to use it so there would be no cloud involved
            There are also some features like orgs that are nice. I use them to share passwords for services like Netflix with my wife.

            Comment


            • #36
              Proton Pass 🫡

              Comment


              • #37
                Originally posted by trapexit View Post
                So if some one or some company decides to stop giving out either the people that care can go do their own thing. If people really think Bitwarden's previous setup is profitable then we should expect folks lining up to fork and start a competing business. If not, maybe Bitwarden is correct. If no one is willing to do that or invest the time to fork and maintain their own project then all the "rug pull" complainers seem to be complaining about really is the fact someone is no longer doing work for them for free.
                You are contradicting yourself. If nobody wants to use that code, what so they have to lose by keeping it open? It's their mistake if their business plan didn't include anything beyond making OSS.

                Rug pulls are not bad because the company is not making their code public anymore, they are bad because they got free marketing from being open source, free labor in form of testing and a lot of time free code.

                If it was about "no longer doing the work for free", we wouldn't care for what Redis, HashiCorp etc are doing - their products are still available without payment.

                Some people have values they live by, you know.

                Comment


                • #38
                  Originally posted by klh_io View Post

                  You are contradicting yourself. If nobody wants to use that code, what so they have to lose by keeping it open? It's their mistake if their business plan didn't include anything beyond making OSS.

                  Rug pulls are not bad because the company is not making their code public anymore, they are bad because they got free marketing from being open source, free labor in form of testing and a lot of time free code.

                  If it was about "no longer doing the work for free", we wouldn't care for what Redis, HashiCorp etc are doing - their products are still available without payment.

                  Some people have values they live by, you know.
                  Making part of an app proprietary is a common technique for largely OSS projects in order to squeeze people into a commercial setup, take more control, or walk back the scope of the product's OSSness. Google did it to great affect with Android. We don't know why they are doing what they are doing but naturally they have a reason and it was purposeful. If people didn't care about that code or it was entirely optional they wouldn't be making a stink. It has nothing to do with some small amount of proprietary code. Almost every major OSS provider includes proprietary code.

                  Who cares if they got "free marketing"? They literally give you the software for free. This is exactly the kind of entitled behavior that makes modern OSS authorship and maintenance suck. You act like this is some nefarious plan and I see no evidence with any of these companies that was the case. What I see is companies, often started by original authors of the software or closely related, getting into a bind and trying to walk back things. And it's their right to do so. Even if it was part of their plan... so what? You got a bunch of free code. They owe you nothing. Read the license.

                  I have values. And those values include believing you don't get to dictate what other people do with their time and labor. Appreciating what they release to the world without requiring compensation. Not looking a gift horse in the mouth. If you don't like what they are doing then put your money where you mouth is and fork the project or support someone else who is.

                  Comment


                  • #39
                    Originally posted by Damnshock View Post

                    There are some special things:

                    - you can self host (although their mechanism is HARD)
                    - you can use vaultwarden ( opensource albeit limited version)
                    - the client has _local_ cache (so when the server is down you can still access your passwords)
                    - technically you can even "self host" in the very same machine you want to use it so there would be no cloud involved
                    How is vaultwarden limited? Doesn't vaultwarden given premium features for free?

                    Comment


                    • #40
                      Originally posted by Gabbb View Post

                      Why is it silly? We have an auditable foss client that only sends the encrypted data to the server & the decryption happens locally. How is this different -besides being way more convenient- from storing your database file on someone else's platform, such as Google Drive.
                      Because you're trusting your passwords, in someone else's security context.

                      If you're knowledgeable enough to know you want and need a central place to store your passwords, why would you trust someone else's cloud storage policies before something as-simple as backing up an encrypted local database file?

                      I don't want Google knowing my plaintext passwords. My local password DB file is encrypted and Google needs no knowledge of it existing. I like Google Drive as a backup file storage provider; so I put my encrypted file on Google Drive. I don't need to involve a completely-out-of-network 3rd-party like Bitwarden or Lastpass to manage my passwords for any kind of convenience nor like any idea of having to tie that completely-out-of-network 3rd-party provider to my local apps in the OS to use it conveniently (Firefox plugin, probably Windows app, etc).

                      KeePassXC is just so much less-nonsense when it comes to who to trust with your passwords. I trust myself with my passwords, and heard at least 3 Lastpass hack reports to know not to trust anyone else with em

                      Edit: I'm guessing Bitwarden isn't free either; so your paying someone else, with trust, to protect the credentials to your personal accounts. I get why that appeals to average-joes like LifeLock or TV ads for VPNs, but come on; why are knowledgeable people using that over a no-network FOSS cross-platform client with worst-case a few-hundred KB encrypted DB file?

                      And please; FOSS client only means something if you personally eye'd every line of code and trust it yourself, or trust the word of anyone else who presumably eye'd every line of code to put their name behind vetting it instead (aka most people just trust it cuz FOSS and surely someone else would have had qualm with it by now!). KeePassXC at least has the no-nonense of not needing a network connection
                      Last edited by Espionage724; 21 October 2024, 06:41 PM.

                      Comment

                      Working...
                      X