| ▲ | welder 6 hours ago |
| I don't care about raising prices, I'm worried about the new CEO having a PE mindset. That means Bitwarden will now focus on extracting value while the product stagnates and degrades in quality. Time to jump ship before their security and quality goes down the drain. |
|
| ▲ | giancarlostoro 4 hours ago | parent | next [-] |
| Not my project but Vaultwarden is an open source (in Rust) alternative backend for Bitwarden. I believe its been around a while, and is still maintained. https://github.com/dani-garcia/vaultwarden |
| |
| ▲ | duckmysick 4 hours ago | parent | next [-] | | Question for anyone self-hosting vaultwarden: how reliable is it and how do you harden it? I'm thinking about running it in a container (Podman Quadlet with systemd) behind a VPN, with daily backups with borg. Anything I'm overlooking here? | | |
| ▲ | JimBlackwood 3 hours ago | parent | next [-] | | I’ve used Vaultwarden for at lesst 7 years, I’m sure for longer but I’m not sure how long. Never had an issue with Vaultwarden itself. Restored from backups several times for a variety of reasons (migrating host, corrupt hard disk, re-installs) and that always worked first try. In regards to hardering, the wiki has a good guide: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Gu.... | | |
| ▲ | EvanAnderson 2 hours ago | parent [-] | | Pretty similar experience for me, albeit I've only been managing it for about a year. Restore from backup testing was straightforward. We haven't had any problems w/ the application itself. I used that that hardening guide for my setup. The one I manage is exposed to the Internet and I'm bringing traffic into it via a reverse proxy. |
| |
| ▲ | cobertos 2 hours ago | parent | prev | next [-] | | I've never had a reliability issue with Vaultwarden. Hosted it 5+ years now. Even with random off/on of the server and other bumps in the road in life, the Docker container I run has had no issues with hosting. The user interface is friendly but can be just a little slow. Mine is not exposed to the public internet, though some friends of mine do. I use a VPN when I need to access fresh data from the home server, otherwise both the Firefox client and Android client will generally keep a cache of the last data pull when they had connection (so it wasn't an issue the 4 or so years I didn't have a VPN yet). | |
| ▲ | xienze an hour ago | parent | prev | next [-] | | > how do you harden it? By not exposing it to the wider internet. When I use a client (iPhone, browser, etc.) while on the home network, it syncs. While off the network, the last synced data is still there. That's been good enough for me. | |
| ▲ | thesuitonym 3 hours ago | parent | prev | next [-] | | It's as reliable as you make it. | |
| ▲ | hypeatei 3 hours ago | parent | prev [-] | | > Anything I'm overlooking here? Not technical, but the person behind that project now works for Bitwarden so there's some risk of a rugpull. Of course it's OSS but you'll need to trust a fork or maintain it yourself if said rugpull happens. | | |
| ▲ | Snow_Falls 2 hours ago | parent | next [-] | | The maintainer has said that they've been given permission to maintain it in their free time. All it takes is a bad quarter and the CEO decides they don't want to be supporting a competitor and that goes away. It's possible that a community continuation could happen but I wouldn't rely on something so uncertain for something as important as credentials. | |
| ▲ | giancarlostoro 2 hours ago | parent | prev [-] | | Kind of makes a lot of sense that they wound up working there too. |
|
| |
| ▲ | pocksuppet 3 hours ago | parent | prev [-] | | Is there an alternative frontend as well, or are you still locked in? | | |
| ▲ | belthesar an hour ago | parent | next [-] | | There is not an alternative frontend that I'm aware of, but as the article mentions, the clients are Apache 2.0 licensed, so in the event of a rug pull, a fork and rebrand of the clients would be what is needed to restore service. | |
| ▲ | backscratches an hour ago | parent | prev [-] | | Their android app at least is open source and on available on their own f-droid repo |
|
|
|
| ▲ | j16sdiz 5 hours ago | parent | prev | next [-] |
| +1 I am a paid subscriber. I am kind of ok with the price increase. The "coincident" with change of CEO and remove of "always free" tag worries me though. |
| |
| ▲ | jnovek 3 hours ago | parent [-] | | I just sent them a message along these lines. I’m happy to pay for good services, but M&A means cost-cutting measures to make the company look good for acquisition and that makes me uncomfortable with letting them store secure data for me. Switching is going to be a pain. | | |
| ▲ | bglusman 2 hours ago | parent [-] | | It is really easy to self-host, and do so securely... | | |
| ▲ | jnovek 2 hours ago | parent [-] | | I’m not buying hosting from a password manager, I’m buying security. I don’t have complete confidence that I can secure a self-hosted password manager and it’s not an area where I want to take risks. | | |
| ▲ | xienze an hour ago | parent [-] | | It's very simple, just don't make it accessible outside your home network. Clients sync when the server is accessible and use last synced data otherwise. |
|
|
|
|
|
| ▲ | chatmasta 24 minutes ago | parent | prev | next [-] |
| Give it less than one financial quarter and I guarantee the website will be about “identity for AI agents.” |
|
| ▲ | chancek an hour ago | parent | prev | next [-] |
| Yep! Feels like a hard truth about the product life-cycle. It may be time to find an alternative to what was a great alternative. |
|
| ▲ | throwawayq3423 4 hours ago | parent | prev | next [-] |
| I jumped to Bitwarden because of 1P's new pricing doing exactly that. Circle of live, I guess. |
|
| ▲ | 0x262d 5 hours ago | parent | prev | next [-] |
| I'm getting really tired of the enshittification cycle. Learning about android verification and captcha changes recently has been another big frustration point. I moved to android as a more open alternative to apple just a few years ago, and to bitwarden from lastpass around the same time. I would like to just have these infrastructural services work well and quietly without thinking about them for many years. Do I really have to put up with this happening faster and faster for the rest of capitalism? (I think so) |
| |
| ▲ | zeroonetwothree 4 hours ago | parent | next [-] | | Bitwarden hasn’t “enshittified” anything. It’s all entirely speculative | | |
| ▲ | evolve2k an hour ago | parent | next [-] | | It has already enshitified. These changes are text book. - Inclusion and Transparency values made more shitty - Always free commitment removed. What? It’s right there “always”. - Shittily hacking old blog post to become nonsensical - Loss of confidence - Stalling improvement cycle, no more repairs, just things quietly breaking and going bad. | |
| ▲ | jnovek 3 hours ago | parent | prev | next [-] | | I don’t wait for companies to enshittify anymore. When they start making decisions that look like they’re heading in that direction, I start looking for alternatives. | | |
| ▲ | zzleeper an hour ago | parent [-] | | Same. Whenever I see a PE acquisition, I immediately shift my purchases (eg namecheap last year) |
| |
| ▲ | trinsic2 an hour ago | parent | prev | next [-] | | Looks pretty bad regardless of speculation. There are enough red flags to warrant actions and to consider this another enshitification. | |
| ▲ | mixologic 3 hours ago | parent | prev | next [-] | | yet. The hallmarks of enshittification are there. We've all been through the cycle of "this product is too good to be true, and provides considerably more value than it costs" "Customer Acquisition/Market Capture" phase. And we know what has to come next. They have to make the product profitable, because you cant just burn up VC money forever. | |
| ▲ | smallmancontrov 3 hours ago | parent | prev [-] | | Does a bear shit in the woods? | | |
| ▲ | wafflemaker 32 minutes ago | parent [-] | | Interesting, where are you from? Where does this proverb come from? I know this proverb as (translating from Polish):
You're asking the boar if he's shitting in the forest. |
|
| |
| ▲ | Barrin92 an hour ago | parent | prev | next [-] | | >Do I really have to put up with this happening faster and faster for the rest of capitalism? (I think so) no, if you relax the qualifier "without thinking" slightly and are okay with thinking for a few hours. There's so many off-the-shelf open source solutions now to just throw on a 5 bucks VPS, it costs you less time and money than switching or the premium plan of most of these individual services. | |
| ▲ | hobonation 4 hours ago | parent | prev [-] | | Vendors doing a rug-pull isn't just capitalism. China is adding DRM to AM radio: old receivers won't work. Heck, Soviet WWII ration cards no longer give turmips. | | |
| ▲ | throawayonthe 4 hours ago | parent | next [-] | | uh, by DRM you mean Digital Radio Mondiale[0], an open digital radio broadcasting standard? sure analog receivers won't work, but hardly a rugpull lol [0]https://en.wikipedia.org/wiki/Digital_Radio_Mondiale | | | |
| ▲ | pessimizer 4 hours ago | parent | prev [-] | | They're not doing it to increase margin. "Enshittification" or "rug-pulls" aren't when things get worse or things change, they're when the conditions that were used to attract an audience are changed in order to extract more margin after that audience is captured. The larger exampls to compare them to would be "dumping." Dump subsidized, tariff-free corn in Mexico to make it unprofitable to farm corn in Mexico, and after all of the Mexican farmers go bust, buy their land and raise the price of corn to infinity while cheaping out on the quality of seed and handling. Enshittification. Rug-pull. |
|
|
|
| ▲ | adfm 5 hours ago | parent | prev [-] |
| PE? Private Equity is the slippery slope to Public Enshitification. |
