this post was submitted on 15 May 2026

1092 points (99.5% liked)

Technology

85637 readers

3434 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

1092

Bitwarden New CEO has extensive M&A, Private equity experience, Removes Transparency from its Motto (www.fastcompany.com)

submitted 1 month ago by iter_facio@lemmy.today to c/technology@lemmy.world

295 comments fedilink hide all child comments

I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.

Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.

you are viewing a single comment's thread
view the rest of the comments

[–] one_old_coder@piefed.social 299 points 1 month ago (4 children)

Is it that time when I say "oh shit!" and starts to look at alternatives? I've seen this scenario a hundred times already and I'm tired.

[–] Godort@lemmy.ca 122 points 1 month ago (2 children)

I don't have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.

This is absolutely a red flag though.

[–] Quacksalber@sh.itjust.works 73 points 1 month ago (1 children)

Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC

[–] alakey@piefed.social 22 points 1 month ago

All the attachments, though... man this is going to be such a pain :/

[–] akilou@sh.itjust.works 1 points 1 month ago

It takes a full 3 minutes to try an alternative. Export, install new one, import. Install extensions where you need them and sync.

[–] YurkshireLad@lemmy.ca 63 points 1 month ago (7 children)

Same question here. What are the best alternatives?

[–] zikzak025@lemmy.world 97 points 1 month ago (5 children)

KeePassXC is the best FOSS option, but you'll need to figure out self hosting if you want to sync the database between devices.

[–] M1k3y@discuss.tchncs.de 41 points 1 month ago (3 children)

As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.

[–] meathappening@lemmy.ml 28 points 1 month ago (2 children)

Syncthing is probably a simple fix.

[–] mnemonicmonkeys@sh.itjust.works 32 points 1 month ago (3 children)

Assuming you have a degoogle'd phone. The syncthing-fork devs announced that they aren't going to certify for Google Play when that's made a requirement in a few months

[–] meathappening@lemmy.ml 18 points 1 month ago (2 children)

Ugh, I forgot about this. Aren't you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.

[–] punkibas@lemmy.zip 6 points 1 month ago

Yes, that's the plan

[–] scutiger@lemmy.world 3 points 1 month ago (1 children)

I think other apps will require ADB to install

[–] napkin2020@sh.itjust.works 6 points 1 month ago (1 children)

After initial wait period of 24 hours, which is intolerably dumb, you don't need ADB.

[–] brbposting@sh.itjust.works 1 points 1 month ago

They should interview me when I make a purchase and determine the likelihood of me falling for a scam where a family member will save me if I just had an extra day

[–] napkin2020@sh.itjust.works 4 points 1 month ago

https://f-droid.org/packages/com.chiller3.basicsync/

[–] conartistpanda@lemmy.world 2 points 1 month ago

fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck

[–] conartistpanda@lemmy.world 1 points 1 month ago

I use both KeePassXC and Syncthing for passwords. Works fine.

[–] Quetzalcutlass@lemmy.world 8 points 1 month ago

And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.

[–] eager_eagle@lemmy.world 5 points 1 month ago (1 children)

make sure to use post-quantum encryption algs

[–] victorz@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

Which algs would that be? ed25519 okay? Is that even an encryption alg? I'm not too hot with encryption.

[–] Wildmimic@anarchist.nexus 7 points 1 month ago (1 children)

or use syncthing, no hosting experience required

[–] stephen01king@lemmy.zip 2 points 1 month ago (1 children)

Syncthing on the phone seems to use up a lot of battery, though.

[–] michaelalf@lemmy.world 3 points 1 month ago

If you don't need real time sync you can disable background use of the app. That's what I've done, and I just open the app when I need to update. Probably a smarter way to do it, but it works for me.

[–] tremble5218@programming.dev 2 points 1 month ago* (last edited 1 month ago)

I found the easiest way to sync is to use rclone. This way you can use any cloud provider like Google Drive or OneDrive or DropBox. First create the rclone remote for your cloud provider using rclone config. Second step is to create a second remote using the encryption option (menu item 16), choosing an appropriate path <first remote>:<path to directory>. Upload your KeepassXC database to this encrypted remote using rclone copy.

On Android you can use the RoundSync app from F-droid to configure the the same remotes, then create a task to copy or sync from that encrypted remote and a trigger to run that task on a schedule. Overall, this one-time setup works really well for me. This is my backup in addition to using Bitwarden for several years. Bitwarden is not going to get my money any more.

[–] Cethin@lemmy.zip 2 points 1 month ago

It doesn't need to be complicated. I use syncthing to synch them. It's pretty trivial. You just tell it what folders to synch, between which devices, and it'll synch whenever it's running.

[–] Programman4233@lemmy.dbzer0.com 1 points 1 month ago

post-quantum encryption algs

I use the built in ftp sync option with any file explorer that makes an ftp server on my phone.

[–] IcedRaktajino@startrek.website 34 points 1 month ago* (last edited 1 month ago) (2 children)

I use Vaultwarden

[–] refract@lemmy.zip 23 points 1 month ago* (last edited 1 month ago) (1 children)

But you still use the official BW client apps, correct?

Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.

Are there any alternative FOSS clients/apps that work with Vaultwarden?

Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I'm sticking with Vaultwarden + Official client app approach for now.

[–] IcedRaktajino@startrek.website 4 points 1 month ago (1 children)

I just use the webapp UI and don't bother with the clients/extensions. Easy enough to just log in, copy/paste from there.

But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.

[–] napkin2020@sh.itjust.works 4 points 1 month ago

What about passkeys?

[–] ripcord@lemmy.world 1 points 1 month ago

For now

[–] meathappening@lemmy.ml 25 points 1 month ago (1 children)

Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.

[–] ITGuyLevi@programming.dev 11 points 1 month ago

I've been hosting it for a couple years now and question why it took me so long.

[–] h54@programming.dev 22 points 1 month ago (1 children)

Proton Pass.

[–] Joelk111@lemmy.world 17 points 1 month ago (1 children)

I'm pretty sure that isn't self hostable.

[–] h54@programming.dev 2 points 1 month ago

That's true.

[–] jtrek@startrek.website 16 points 1 month ago

I use keepassxc. It does the job.

[–] xnx@piefed.social 5 points 1 month ago

Alias vault seems the most feature complete and self hostable https://www.aliasvault.net/

[–] Resonosity@lemmy.dbzer0.com 3 points 1 month ago

KeePassXC + Syncthing to sync passwords across devices

[–] ColeSloth@discuss.tchncs.de 7 points 1 month ago (1 children)

Sigh. This will be a huge pita. I have probably over 100 things saved into bitwarden. Where's a good foss alternative.

GabeN, please don't die before me.

[–] Appoxo@lemmy.dbzer0.com 5 points 1 month ago

Cute. A hundred items :p /j

[+] const_void@lemmy.ml -6 points 1 month ago (1 children)

I’ve been pretty happy with Apple passwords

[–] Appoxo@lemmy.dbzer0.com 3 points 1 month ago (2 children)

Oh great. Let's go from an open client to a vendor closed-source lock-in.
Sometimes I am baffled by the polarity of Lemmy.
From Tryhard-only-libre-software type of users over A-bit-of-each users (but tending to sway towards (F)OSS application) over to this opinion/suggestion.

Wild.

[–] blitzen@lemmy.ca 4 points 1 month ago* (last edited 1 month ago) (1 children)

Vendor lock in is an issue, true, but it's a different issue than the enshittification we're starting to see from Bitwarden. Also, apple passwords isn't "locked in" per se, as passwords aren't difficult to export.

Lately, I'm starting to feel like finding good software (often FOSS but not exclusively) is increasingly a hook for later increased monetization. The 'agreement' I had with Bitwarden was they provide a solid service, and (while not required) I pay the $10/year honor system fee. That's been upped to $20 now, and now they're appearing to move away from their core principles. I won't be paying for another year.

With Apple, the unspoken agreement is I "overpay" for my hardware, and they don't have incentive to monetize me otherwise. I'll admit, there are cracks forming in that agreement, but that's my read on it currently anyway, and I think probably the person to which you are replying to as well.

[–] Appoxo@lemmy.dbzer0.com 2 points 1 month ago (1 children)

Your decision are sound.

Not a fan of the usability of Apple devices (I have an iPad, so I am not talking ou of my butt) but I can't deny they reduced user hostility is attractive.

[–] blitzen@lemmy.ca 2 points 1 month ago

iPad usability is in a really weird place. It's definitely the least "usable" of Apple's platforms, and to be honest I probably wouldn't be an Apple user at all if all they had was iPadOS and iOS. macOS is still attractive to me (the Liquid Glass theme notwithstanding). For the record, I split my password manager use between Apple Passwords and [now] self-hosted Vaultwarden. Each has advantages, and while I'd like to just use one, having two is working okay for me for now.

[–] const_void@lemmy.ml 2 points 1 month ago (1 children)

What? Is it frowned upon here to just use what works?

[–] floofloof@lemmy.ca 1 points 1 month ago

A lot of people chose Bitwarden because it was open-source, so they don't see the very closed Apple Passwords as a suitable alternative.