Privacy

48713 readers

819 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

377

"The Quiet Renovation at Bitwarden" (it isn't good) (blog.ppb1701.com)

submitted 3 days ago by RotatingParts@lemmy.ml to c/privacy@lemmy.ml

132 comments fedilink hide all child comments

If you are interested in privacy you are probably interested in password storage ... plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.

you are viewing a single comment's thread
view the rest of the comments

[–] AHemlocksLie@lemmy.zip 1 points 2 days ago (1 children)

I just typed out a response to most of this, and rather than repeat all that, I'll copy a link here https://lemmy.zip/comment/26557132

A lot of it can be summed up in that compromising Vaultwarden means everything is screwed while compromising NextCloud is mainly a minor inconvenience. It provides neither information about the database's password nor any avenue to attempt to intercept the password.

[–] potustheplant@feddit.nl 2 points 2 days ago* (last edited 2 days ago) (2 children)

EDIT: Forgot to mention the worst part about KeePassXC. It's vibecoded crap.

I replied to that comment. You're assuming that compromising vaultwarden is somehow easier than compromising nextcloud. No idea why. Intercept the password where? I'm using a local client and only syncing the vault. You seem to be pretty unfamiliar with how vaultwarden works.

[–] boonhet@sopuli.xyz 1 points 2 days ago

EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

Is RiiR still all the rage? Perhaps it's time to oxidize KeePass. There are a few libraries for kdbx files and at least one ready-made CLI.

[–] AHemlocksLie@lemmy.zip -1 points 2 days ago

No, I'm assuming that compromising NextCloud is less devastating than compromising Vaultwarden, so I'm taking a calculated risk that my database's password is secure enough to offset the slightly increased risk of access to the encrypted database because I don't always get to choose all the software I get to use in every environment I work with, so I might have to use the web client if I can't get the local client.

As for you only using the local client, congrats, we don't always get to choose what we use outside the home.