Bitwarden SDK relicensed from proprietary to GPLv3
380 comments
·October 24, 2024solarkraft
apitman
I'm cautiously optimistic, but still concerned about the long term.
* I just don't see how taking $100 million can be good for users in the long run. By far the most likely outcomes are bloat or enshittification.
* bitwarden does not appear to be very forkable, ie it's a complex system written in C#. The existence of Vaultwarden helps a lot with this, but what about the client apps? Forkability is the second most important protection against user-hostile action, behind being open source in the first place.
I hope it works out. I'm a recent adopter of bitwarden, and so far the UX has blown keepass out of the water.
_bin_
The client apps can pretty easily be forked and maintained. We probably wouldn't see much feature growth but I also don't think we need that so much. Lots of OSS projects have been messed up by fundraising and communities often just fork them and keep them around so I'm not too worried. Besides, garbage features could probably just be unsupported by Vaultwarden, which has worked extremely well for me and been nothing but stable.
EasyMark
I hope that they keep it a password manager and don’t try to turn it into a “security multitool” or something. I like it how it is. They’ve been careful about adding things and I appreciate that. If they wanted to say move from an electron app to a qt or tauri app I could appreciate that as well.
retrochameleon
The UX of Bitwarden is pretty lacking compared to 1Password. I finally made the switch after years of Bitwarden because of the vast UX improvements.
For one, it's much easier and natural to add additional pieces of information on entries in 1Password. Bitwarden's implementation of this always feels like a poorly integrated afterthought.
cryptos
The UX is exactly the reason why a stayed away from Bitwarden.
EasyMark
Eh it’s not as good as never having the OSS’ness of it challenged but it also shows they’re open to feedback and willing to reassess when customers get out the pitchforks and torches. It’s a story as old as time.
whimsicalism
the gh or had official communication. it was obviously a dep issue blown out of proportion
blendergeek
Thank you to Bitwarden for relicensing a thing to Free/Open License! Unfortunately, I no longer recommend Bitwarden for normal people because the built-in password manager in Firefox is too good. But for anyone with more advance needs (or who doesn't trust a password manager built into a web browser, I always recommend Bitwarden because KeepassXC + syncing is way too difficult for normal people.
jasode
>, I no longer recommend Bitwarden for normal people because the built-in password manager in Firefox is too good.
But a lot of "normal people" actually need a secrets manager which is larger in scope than just a "websites urls passwords manager". This means a password manager with extra metadata fields for users to add notes, associated email aliases, etc. E.g. if a website has an extra step of "Confirm your identity by answering this question : What was your childhood pet's name?", users want a place to save the answer ("BugsBunny") in the "notes" field of a password manager.) Another example would be the secret PIN unlock code for the spouse's phone. That's not a website url, it's just a "secret" that needs to be stored in an encrypted file.
Firefox password manager is too bare-bones with the only 2 fields being "Username" & "Password".
The better UI/UX for normal people is to have a unified app to store all their secrets instead of having some secrets in the Firefox password manager and other non-web-url secrets saved separately in yet another app.
cryptos
I completely agree with you! Almost everyone needs to store more than only usernames and passwords for websites. Think of PIN for credit cards and the like.
throwaway984393
[dead]
qwertyuiop_
This ^ passwords just don’t live in Firefox when you are using apps that need passwords across platforms (mac ios windows) and apps. This is where Bitwarden shines.
jvdvegt
I don't know about iOS, but Firefox syncs my passwords between my Linux machine and Android phone just fine.
berkes
AFAIK Firefox also doesn't store bank-account or creditcard details.
Here's why I recommend bitwarden to "my mom":
- It stores and fills in all your website passwords on your phone and on your laptop
- It makes it easy to generate new passwords for all these places
- It stores your PIN for your bank-accounts (in many EU country payments with PIN are the default)
- It stores your creditcard info and 3d passwords or other extra secrets it requires.
- It's the perfect place to store SSN, Tax IDs, "whats was the name of your first pet?" and so on.
I've never understood the rigid structure of e.g. Firefox or even lastpass, where they e.g. insist on having an URL or even insist on a username/password. I want secret notes with optional metadata - metadata that may follow a predefined structure (username, OTP secret, url, etc) but not always. Bitwarden does this much better IMO.
PawgerZ
Bitwarden also stores authenticator keys for MFA and passkeys. The custom fields, notes section, and attachments are invaluable to me as well.
socratics
Absolutely, everyone I recommend BW to appreciates the notes feature as well - it's handy to have a place to jot down important things that aren't log-ins!
danpalmer
> Unfortunately, I no longer recommend Bitwarden for normal people because the built-in password manager in Firefox is too good
Interesting, I've always felt that browser-based password managers provided remarkably little value for most people. Using them on mobile is tricky and platform dependent, it's easy to have local-only, non-synced data and then lose it, and being multi-device is trickier, especially in a work context.
On the other hand, people generally understand installing an app on each device they own and that app doing it for them.
simfree
Firefox password sync just works. It's one of those things I never think about.
Watching friends and family struggle with bespoke, poorly integrated password managers makes me cringe and is one of the big reasons I enjoy the seamless experience of the built-in Firefox password manager.
danpalmer
Does it require a Firefox account? Does it only store them locally if you haven't signed in to Firefox? This is the sort of failure I've seen, where people think their passwords are synced but because they didn't sign in years ago it's actually not backed up at all. At least on Chrome you get reminded of that all the time on YouTube/Google search, etc.
I know for Safari all the sync is via iCloud meaning if you're not signed in it's locally stored and vulnerable in that way. Especially as many people can't/don't sign in to their own iCloud on work computers, or don't have a Mac.
nox101
it just works for websites. it does not "just work" for apps where as the platform ones do or have a chance to work with apps.
Kind of hope regulation will force apple/google/ms to allow iterations for 3rd parties to integrate with the os but on the other hand that will open a host of issues
mikae1
But does it work for non-website passwords like the PIN for the door at your workplace or the usernames and passwords for your computers?
ClassyJacket
Can Firefox password manager work in other apps on Android?
Nathanba
that's not my experience, I've lost bookmarks due to firefox sync multiple times.
_fs
Does it have the ability to unlock with faceID on ios?
jorvi
That is such a laughable statement. 1Password has incredible UI/UX. Even has e-mail masking with Fastmail. And auto-enters TOTPs, for the less-important one’s you feel comfortable saving in your password manager.
miki123211
Firefox sync made the criminal sin of implementing end-to-end encryption, enabling it by default, and being insufficiently clear to people that their passwords are lost forever when they forget the master password.
This provides a really terrible UX to "normal" users. I woulnd't recommend that option to anybody who doesn't already know what E2E is and what tradeoffs it has.
Google's implementation is a lot better in that regard, at least they offer plenty of avenues for account recovery.
mrwm
I'm not sure how it is on iOS, but I've been using firefox as my password maanger on android. It's a trivial change in the settings and works across all apps as well.
I also recommend it to my friend group, as they can use firefox with uBlock Origin, and also have their passwords synced.
null
tetris11
Yep, since Android 12 I think you can set Firefox as your main password manager.
It's genuinely delicious
lrem
All serious browser vendors offer sync to logged in users. That’s multi-device, cross platform and pretty foolproof. I still prefer Bitwarden because of self-hosting and integrating nicely with the iOS ecosystem. But there’s not much wrong with the browser approach.
usrusr
Multi device is all nice and well, but what if you use products from more than one browser vendor?
CJefferson
I have the opposite problem. If I forget to log into bitwarden, passwords just get saved into firefox / chrome, so now I've got some passwords in bitwarden, some in chrome, some in firefox, and worst of all bitwarden doesn't seem to have an easy way to unify these databases.
trinsic2
That's a bit much to put on a 3rd party password manager.
floydnoel
> people generally understand installing an app on each device they own and that app doing it for them.
an app like Firefox or Chrome, perhaps?
danpalmer
This is obviously true for the HN crowd, but for normal people I think there's a distinction. Don't underestimate the value of centering a brand and an icon on a home screen around a single function.
JoshTriplett
> Interesting, I've always felt that browser-based password managers provided remarkably little value for most people.
They provide the value of "you should, by design, have no idea what most of your passwords are; if you know any significant number of your passwords you probably have bad passwords".
And both Firefox and Chrome sync passwords between devices.
wruza
This is the value of any password manager, not a browser-based one.
wrasee
If Mozilla released a separate passwords app so you could manage and access your passwords outside of Firefox I think the two would be more comparable. That would promote your passwords as part of your Mozilla account, not just Firefox.
Bitwarden excels here, and i think is the model to beat. However, Mozilla would have the advantage since their browser integration would essentially be built-in and first class.
Otherwise, unless you use Firefox exclusively for everything I just don't think a single browser is the right place to manage passwords. I would say that's true even for a broad audience, given the importance of passwords and security in the modern age.
Bitwarden is also nice in that you can "lock" access to your passwords while keeping the browser open. That way, for the 99% of the time you're just browsing the internet you essentially don't have access to all your passwords "open". The last time I looked at this I had to enter my master password on opening Firefox, even if I didn't need access to my passwords. That meant that "unlocking your vault" is essentially tied to opening the browser. That alone was enough for me to bail on it.
openopenopen
> If Mozilla released a separate passwords app so you could manage and access your passwords outside of Firefox I think the two would be more comparable
They used to have one called LockWise https://support.mozilla.org/en-US/kb/end-of-support-firefox-...
greensh
there used to be an android/ios app by mozilla called lockwise which did exactly that iirc. https://support.mozilla.org/en-US/kb/end-of-support-firefox-...
wrasee
Ah yes I remember that now, I had forgotten about that!
Funny, especially now that I see Apple are now going the other way with a dedicated "Passwords" app on iOS 18 and macOS 15. And for Apple to do this - against their instinct for featureless simplicity and implicit integration - to give passwords their own "shop front" as a dedicated app I think really does acknowledge the first-class importance that passwords now have, even for a broad audience.
It's a shame as I think Mozilla could really compete well in this space. They are both cross-platform, have their their own browser and have a good reputation on privacy. It's a killer combo. Bitwarden is evidence you can make it work and you don't need massive big-tech budgets to make a difference.
techwizrd
I'm glad that Bitwarden moved quickly to resolve this. At least for me, Firefox's password manager isn't really a replacement. Bitwarden is approved by my employer, self-hostable, and supports logins for the litany of apps across my browsers and mobile devices. Whether it's the mobile app, mobile website, or site in my browser, Bitwarden just works for the most part. It's also quite nice that Bitwarden can store arbitrary information like CCs, secure notes, and how I capitalized the answers to security questions and other account recovery/login information.
ValentineC
> It's also quite nice that Bitwarden can store arbitrary information like CCs, secure notes, and how I capitalized the answers to security questions and other account recovery/login information.
+1. I use my password manager (currently 1Password, but I have been looking at self-hosting Bitwarden/Vaultwarden) more for storing credit card information and security questions.
Most built-in password managers don't cut it on that front.
psd1
It's more than self-hostable!
There's at least one API-compatible alternative (vaultwarden) which works with the official client.
Yay to breaking down walls.
seabrookmx
Vaultwarden is great! I've been running it for years (since it was bitwarden-rs) on a free-tier GCP VM. I use a cronjob to back up the DB to Backblaze B2 with rclone.
trinsic2
Its Bitwarden only for personal use. Do they have a solution for Multi-use password sharing?
bloopernova
Yes, my wife and I each have our own bitwarden account, and an "organization" where shared passwords go. It's worked great for quite a few years now.
leshenka
in Vaultwarden you can have "organizations" that are like groups of people and you can have passwords there that are accessible by members
No idea how this maps into Bitwarden's own offerings though but all clients support this kind of thing
ahiknsr
> Unfortunately, I no longer recommend Bitwarden for normal people because the built-in password manager in Firefox is too good.
I use both Bitwarden and Firefox and I would strongly encourage everyone to not use the password manager in Firefox. Do you know the tab sync across devices is broken in firefox? It was broken since Aug 24 and it is still not fixed https://bugzilla.mozilla.org/show_bug.cgi?id=1913795 . If they can't sync tabs across devices, i wouldn't trust them to sync my passwords.
digital_voodoo
Interestingly, password syncing is one of the most reliable things I've seen Firefox doing during the last years. If you don't even have to think about it, that means it "just works"
gertop
Firefox's password manager stores passwords in clear text unless you use a master password (very few people do).
This means that any process on the computer can read them.
It also means that, unless you also use full disk encryption, a stolen device means you're fucked.
Chrome and Safari use the OS's keychain at least, so there is some level of security.
And a standalone password manager has its own encryption.
mikehotel
This has been the case for a long time, and has not changed even in 2024. Please use a Primary Password if you are storing passwords in Firefox.
https://support.mozilla.org/en-US/kb/where-are-my-logins-sto...
sublimefire
Browser password managers and their related files are the usual targets of the sophisticated malware creators. Not many people use good master passwords either if any.
alerighi
I think that the Firefox password manager is good, however, relying on the browser is a terrible form of vendor lock-in. You need to use another browser (for any reason), you also need to switch password manager. Also, Firefox on Android is not great, and Bitwarden has a better integration.
Finally, Bitwarden (the payed version) manager also passkeys and OTP codes, the Firefox password manager not.
klabb3
I use both, and I agree, even if I’m very happy with Firefox. There are lots of apps outside of browsers that need passwords. It’s very common these days. Besides, does it support passkeys? That’s getting increasingly common as well.
bigfatfrock
> because KeepassXC + syncing is way too difficult for normal people
I've been debating for ages if this is a hurdle that can be overcome by packaging or even hand-holding support. When I show "normal people" my pass+sync setup they beg me to implement it for them. Once it's running it's near-zero maintenance.
dcow
Password management is like exercise. Even when people say they understand the value and want to do it, they don't. Even if you implement it for them, if it's not something that slots perfectly into their existing routine, they're not going to do it. Thankfully passkeys are here.
tjoff
It's fine, even bad password management is better than passkeys.
Thankfully the incredible hype for passkeys has been dead for years now and people are starting to question it.
cryptos
I did that for quite some time, but I had severe issues with multiple editing users and with android apps. All the tricks I tried, like nested vaults didn't fully work in the end. So I ended up with 1Password.
przmk
Where did you manage to find "normal people" that begged you to install a password manager for them? I have yet to come across one person who wanted one.
archi42
There are normal people out there who have been hacked, or knew someone who was.
Also, some normal people are computer-smart enough to understand problems like credential-stuffing, if someone explains it to them.
lie07
Would love to know how you have it setup.
peterpans01
can you share how do you set this up?
freeone3000
I store the password vault in dropbox. Done.
sigzero
KeepassXC also doesn't have templates for things. It's in the works. When it comes out I might take another look at it.
itfossil
Nice to see Bitwarden make a course correction here. I wasn't looking forward to switching to another password manager, so I'm quite happy.
ryukafalz
Yeah, likewise. I'm a Bitwarden subscriber but I'd been looking into alternatives recently because of the licensing kerfuffle. But switching password managers is a pain, so I'm glad to not feel like I have to now.
spl757
KeePassXC (and I assume the other versions) can import an encrypted JSON Password Protected (NOT Account Restricted) export from Bitwarden.
I use them both. I have KeePassXC for my local machine, and Bitwarden for things I may need out and about.
With the browser plugins for both it's not that hard to manage them both, at least in my opinion.
I was hoping to see some course correction on this from Bitwarden, even if the over-stated impact was really just to the SDK. They appear to understand the look of their licensing move was going to cost them more than it probably should have. Most companies refuse to change course at all, so I at least see it as encouraging.
edit to fix a typo
EasyMark
There is little chance I’ll ever move to keepassxc as that requires me to maintain it myself and take the chance on deleting something very precious. I’ll stick with the cloud solutions for now.
SirGiggles
A caveat that bears mentioning is that an export of a Bitwarden vault does not contain attachments.
creesch
Are there other alternatives that are 1) open source 2) offer the same integration to begin with and finally 3) have been audited or are popular enough to be under constant scrutiny?
There is of course the KeePass ecosystem, but that is why I included my second point, as with KeePass you are responsible for vault syncing, having clients for all platforms, etc.
I suppose that it is good to be aware of other options. At the same time, jumping ship so easily also doesn't seem realistic or ideal behavior to me.
zie
I have no affiliation, just found them this week, but https://psono.com/ exists. So 1 and 2 are met and 3 is half-way there maybe? It's a self-audit but they have been around a while. Apache2 licensed.
Again, I literally found them the other day, and other than a cursory check to make sure the UI/UX is friendly enough to compete with BW or 1P, I haven't had a chance to look through their code at all yet. I have no idea if the promises they document are met.
KPGv2
The audited part is going to be tough to meet because it's a very niche skill people generally won't do constantly for free.
hedora
I decided that vaultwarden should not have an internet accessible port. Are there any that meet those requirements and also let you (reliably!) edit/create passwords when offline?
Also, sometimes the bitwarden client decides to blow away my local copy of the password database. I'd like it to store it pesistently on all machines so I have to lose my phone, my laptop, my vaultwarden server and its two backups before I get locked out of everything.
Currently, the phone + laptop don't count as backup copies.
g19fanatic
i use the keepass ecosystem with app.keeweb.info. Its an open source webclient that can directly pull from your google drive (and other places!). I use a google drive through keeweb for syncing, 2 clicks and its syncd. Auto pulls when past pw.
keepass works in browser (how I use it on a computer), can work offline (which is good in air-gapped instances, one of my reqs) and works directly on my android phone without issue.
Glazui
I‘ve recently learned about PassBolt, but it doesn’t meet criteria 3 I’m afraid
sirdvd
Switching is decisively a pain. But apparently this episode was what I needed to start looking seriously into VaultWarden.
horsawlarway
Huge VaultWarden fan here. It's been running absolutely unattended for about 3 years from a machine in my basement now, and it's great.
I back things up fairly often, but otherwise I would have no idea I'm not just using the enterprise grade Bitwarden license. Things just work, features are there.
Side-note - VaultWarden is incredibly reliable for a self-hosted free solution (I have 1 pod restart 27 days ago due to a power outage, but otherwise it basically does not fall over. No memory leaks, no high cpu consumption, no reliability problems)
AzzyHN
VaultWarden is great. But I don't use it, because I trust Bitwarden's infrastructure more than my own, for now at least.
slenk
I found psono and spun up a self-hosted instance. I may just try to keep them in sync for a while while this business fully settles
jdlyga
Bitwarden is still excellent, but keep an eye on them over the next few years. Remember that Bitwarden was originally a LastPass alternative without the fuckery.
prophesi
The LastPass fuckery was long and frankly egregious.
Though I don't understand why this git commit is what's linked here. I'd rather hear the discussions on it. https://github.com/bitwarden/clients/issues/11611
hnbad
After reading through the issue thread and the final reply by Bitwarden, I think the only context this provides is that the headline should rather be something like "Bitwarden SDK fixes dependency licensing issue".
The opening comment and the final reply are the only valuable contributions in that issue. Everything in between is random people jumping in to feign outrage or telling people to use Vaultwarden (which btw recently was in the news for more significant negative reasons). If anything it's a perfect example of the sad state of online discourse.
ferbivore
This wasn't an "issue", it was working as intended. The GPLv3 client intentionally depended on proprietary code. The CTO's comments on bitwarden/clients#11611, bitwarden/sdk#898 and fdroid/fdroiddata!15353 make it clear this was deliberate. They've now changed their stance because of the backlash.
It looks to me like people expressed genuine concerns about being lied to by a company, one they'd trusted with their passwords no less. Calling it "feigned outrage" is a bit rude.
SirGiggles
> (which btw recently was in the news for more significant negative reasons)
Do you by chance mean CVE-2024-{39924, 39925, 39926}?
odo1242
I mean, it still is. It’s honestly gotten better too - for evidence, it’s the one password manager that never gets recommended by sponsored YouTubers but always gets recommended by non-sponsored YouTubers.
afavour
It depresses me that Bitwarden has also taken VC funding, just like 1Password. It’s still a great product but as with any VC product I’m just waiting for the other shoe to drop when it’s revenue generation time.
KPGv2
I honestly don't think the password manager market could bear more than $3–5/mo for an individual user or family.
I used 1Password for years until they went from one-time payment to monthly sub and removed local sync so you could only use multiple devices by paying them. I think a big decision there was that they wanted $10/mo or something. I can't remember, but at the time it seemed ludicrous.
Years later, when my new laptop couldn't run the final local-sync version of 1Password, I finally decide to look into password managers again, and lo and behold $3/mo. I signed up immediately.
throwaway918299
Despite being proprietary, 1Password still hasn’t had any fuckery that I am aware of. I have been tempted to switch to an open source solution many times but I think I’ll be parking right here for a few more years yet.
null
petterroea
Thank you Bitwarden for listening. This kind of stuff gives me hope for the business model of Open Source.
chx
[flagged]
attendant3446
How would you explain that[1]?
1. https://github.com/bitwarden/sdk/issues/898#issuecomment-222...
petterroea
They still handled the situation in a serious and responsible manner, clearly communicating what had happened and why. They then followed up later when the problem was fixed. To me it seems clear that they understood the seriousness of the situation, and why people were initially pissed.
I think this is the correct way of handling a rugpull scare, bug or not.
ferbivore
Also: https://github.com/bitwarden/clients/issues/11611#issuecomme...
Previously: https://news.ycombinator.com/item?id=41893994
teach
Thank you. I had missed this story and was struggling to piece things together from the varied comments.
Scipio_Afri
Well that’s one way to handle that effectively and in what seems to be open source way without fuckery; glad to hear it cause that was going to be a bit annoying migrating away from them.
amszmidt
Not entirely there yet ... Some parts of have been re-licensed, some have been licensed under the old non-free software SDK license. E.g,
https://github.com/bitwarden/sdk-internal/commit/db648d7ea85...
ferbivore
The non-GPLv3 bits are for their separate Secrets Manager product. It doesn't look like that's advertised as open-source. Bitwarden has always been open-core and not fully GPLv3, and that seems understandable; they need something to sell after all.
weikju
Props for them to step in the right direction, it wasn’t obvious at all for a few days what they would do.
chx
Repeatedly: when people post shit like this they more or less guarantee the next company won't even try. People! this is one of the few companies which open sources their product. The time to doubt and preach is not here yet... by far.
AdmiralAsshat
Not really. It was keeping them honest. This wasn't like the Winamp thing. Bitwarden has proudly proclaimed itself as "Open Source" from day one. It's right on their front page. It's in their marketing materials. It's in their podcast advertisements.
I pay for Bitwarden based on the premise that it is open source. If it tries to pull a Meta and decide that "open source" suddenly means whatever they want it to mean in defiance of the commonly-understood meaning, I want to know about it.
I'm glad they righted the ship on this.
powersnail
It's a welcome change. It still feels like they are trying to be too smart on licensing, especially how to combine GPL and proprietary licensed code, which I think is the root cause of the whole drama. The open core model works better as a hosted service, where you are not distributing the amalgamation of GPL and proprietary. Open core in client code seems a bit too rife for potential misunderstandings and confusions.
Hope it works out for them, though. It's a good product.
threatofrain
GPLv3 is interesting because it means to use their code in a commercial setting, then you must also have the guts to open source too.
odo1242
Not necessarily. You can run a “Bitwarden hosting service” or something like that without violating GPL. You’d only have to make your changes available on request if you changed the actual Bitwarden source code or linked some other library into it and shared that modified version with someone else (just running it on a server doesn’t mean you need to open source changes, for example)
hedora
Yeah; GPLv3 seems designed to give pure *aaS companies an unfair advantage over people that want to give users the option to buy commercially supported hardware that runs the company's software.
For instance, Google can use bash in their backend infrastructure, but Apple cannot ship it on MacBooks or iOS anymore.
jcotton42
> Yeah; GPLv3 seems designed to give pure *aaS companies an unfair advantage over people that want to give users the option to buy commercially supported hardware that runs the company's software.
SaaS didn't exist when the GPL was drafted. If that's an issue for you, there's the AGPL.
npteljes
Not if offered as a service. That's why they introduced the AGPL, that one has the service restriction too. In terms of a service offering, GPL software is free for the taking, and the restrictions don't apply as the distribution clause doesn't trigger.
sublimefire
The context is inaccurate because it is actually dual licensed so thinking about GPLv3 alone is not painting the whole picture.
> The default license throughout the repository is your choice of GPL v3.0 OR BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE unless the header specifies another license. Anything contained within a directory named bitwarden_license is covered solely by the BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE.
hk1337
I don’t believe that is entirely accurate. I believe it depends on the application and what you’re doing with it whether or not you would be required to open source it. Like, if you’re distributing the application as a product, not necessarily saas application?
nine_k
Yes, GPL3 only works for directly distributed software. But an important part of BitWarden is exactly such software, in the form of a browser extension.
HeatrayEnjoyer
Yes, this is why AGPL is superior.
rochak
No good thing ever lasts, especially in the world of tech. So, I'll be sticking with Bitwarden until they somehow eventually fuck it up and something else takes its place.
crossroadsguy
What will be ideal is a FOSS competitor. At least in personal usage segment until. Until they also start looking at big money and enterprise/professional (which is fine), then another competitor will come in. As long as the chain of export-import-export doesn’t break.
I’m relieved. Maybe the company would have survived this somehow, but they sure wouldn’t have been the techies’ darling anymore and that was going to be expensive.
I hope they realized that being FOSS is their moat and it nets them a lot of goodwill (it’s the whole reason I bother with their not-quite-the-best product in the first place). The bold claim „the most trusted password manager“ was kind of justifiable while it was FOSS (if we don’t count keepass), without it not at all.
I’m still not sure how I feel about them now. I can now somewhat trust that the applications will remain free software, but trust in the company has eroded a bit. I still haven’t seen official communication about this.