this post was submitted on 14 Sep 2024
486 points (97.5% liked)
Privacy
31934 readers
712 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There's often the 'security vs. convenience' tradeoff, but for most people you have both sides with Bitwarden over KeePass.
Bitwarden is undoubtedly more convenient. If you can create an account, you can use it. I have a family account, and have both of my parents using it. The love it now, but given the friction to get them there in the first place, it would impossible to get them on KeePass. Especially because they wanted their passwords on all devices.
Regardless of using Vaultwarden or KeePass, you need to have quite a bit of expertise to self host. And you are trusting your own ability to secure your attack surface. I'm sure many if not most in this thread can, but it would take me quite a while to convince myself I have. I would much rather trust security professionals.
Somewhat, although, potentially related. Have you seen Bitwarden's git repos? It is immaculately organized.
Consistent, clear naming convention. There is literally one called 'self-host'. If you put that much effort into keeping your code that useable/available/auditable etc. Oh yea. I'm going to trust you to handle security for me
This is one of the rare cases where I believe security through obscurity applies.
What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don't know is passwords or porn.
Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.
Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).
And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.
Point is, I'd rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe's Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.