This is really disappointing... I figured the open source nature of Bitwarden would save it from enshittification but as the author says, in the end, the company doesn't need to keep it open source.
this post was submitted on 18 May 2026
383 points (99.2% liked)
Privacy
48961 readers
466 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
As soon as VC money comes in, the founders cash out and the enshittification begins as the VC will be expecting returns on their money.
load more comments
(1 replies)
That's the difference between libre software and merely open source software.
Libre licenses make it hard or impractical to close the source at a later date.
Open source licenses are much more permissive and allow any entity to produce a closed source derivation at any time.
Libre licenses are all about strategically protecting the software commons from privatization.
Vaultwarden will survive. Since the client is open source, once they close the API and break compatibility of the clients with Vaultwarden, the old version of the app can simply be forked and rebranded. I also do hope that the KeyGuard app will continue to support vaultwarden as well since if bitwarden closes the API and makes a breaking change, as is likely to happen, it will break KeyGuard as well, but it will still work with VaultWarden for some time.
The real issue is that many people who are using Bitwarden aren't savvy enough to host Vaultwarden in a secure way. Many people are careless with things like secret keys and such and dont know how to properly secure a web facing app or a VPN into their local network. But anyone who self hosts should result learn those things anyway. This one just happens to be a particularly high risk since it contains all of your passwords for everything else.
This is why despite me self hosting some things I don't rely on vaultwarden. I'm a flawed person and my family has no idea about anything. I don't need to stretch my imagination very far to think of a handful of reasons why it would fail my situation. I'll gladly pay for a password manager to not have to deal with that.
Same! I self host a number of things, but I just didn't trust myself with something as important as this. I had been paying for bitwarden even though the free plan was sufficient, just to show support. But obviously not if they go this route. I will also gladly pay for a password manager to not have to deal with that.
load more comments
(1 replies)
Just learned about KeyGuard. But I dislike their LICENSE:
All Rights Reserved
load more comments
(1 replies)
load more comments
(8 replies)
if you were looking for an excuse to torpedo this abomination, here it is. hosting this gargantuan stack just for an encrypted csv file? at least the client (electron) gobbles up RAM like it's free while being bug-compatible with whatever chrome version was current half a year ago.
sadly, news ain't great on the other side of the fence - keepassXC dev is all-in on vibeshitting; latest non-polluted version is 2.7.9.; works fine and the stuff they're working on is pretty far from essential. some unknown folks forked it but who's to say what their expertise is.
never thought I'd disable my autoupdate timers but here we are. keep your eyes open.
Can you explain the issues with KeePass? Or is there another thread?
the dev vibecodes; I make a distinction between using the crap as a boilerplate helper and a full-blown agentic "hey computer, do this but do it super-good!". not only that, they got a super-asshole vibe as they removed claude traces from the repo and then flaunted that it's so people won't know what parts were vibeshat. "good luck finding the cutoff point", I'm paraphrasing here.
to each their own, but that's a hard pass for that fork from me.
A password manager is literally the poster child for "I would rather it lack features, but be built carefully by an expert."
This is my unverified understanding of the situation.
KeepassXC team added Copilot to their workflow to manage PRs and code some basic (according to KeepassXC) stuff.
load more comments
(1 replies)
TLDR: Self-host Vaultwarden
Time to recommend alternatives?!
Nothing has beaten KeePass for me so far. It takes a bit of setting up if you want your database to sync among all your devices, but in other aspects it's perfect for me
EDIT: In case you're curious, I use KeePassXC on PC, KeePassDX on Android, and Syncthing to sync the database.
What drove me (and my family) from KeePass to Bitwarden was the family sharing and survivor access.
Until KeePass supports these it's not really up to par with Bitwarden.
Especially digital legacy management is a must have for a well rounded password manager.
load more comments
(2 replies)
Don't know if it has changed but there was a reason I went to vaultwarden. Syncing was a pain it is probably better now but not looking to go back.
load more comments
(3 replies)
Proton Pass is a valid option.
damn I just migrated to bitwarden a few months back :(
I've been using it for years. But I have been waiting for this day to come. Because it always comes at some point without fail.
load more comments
(2 replies)
You still have some time to decide which route to go. If you're on the free version, stay there, but start looking for alternatives.
Proton Pass is an option. KeePass with Syncthing works great, but it is a dramatically different and more involved workflow.
I am using both, and deleted my Bitwarden account yesterday the moment I heard about this.
Also, I can't suggest enough that you export all your credentials to an encrypted json file every now and then, and store it on an offline storage device. This is important.
load more comments
(4 replies)
Yeah I'm done with cloud providers for this shit, I'm going all in for Keepass
load more comments
(1 replies)
God, capitalism sucks
He completely misunderstands the product. Transparency is paramount. Not trust.
load more comments
(1 replies)
Is it time block headlines with "quiet"? Its like AI decided that word gets the most clicks and its showing up everywhere.
load more comments
(1 replies)
How is psono? I've been looking to do secrets correctly in my lab for a while and its name has popped up a few times.
OOP is AI writing about AI
I have nothing but good things to say about Proton Pass. Syncs across iOS, macos, PC & Linux, stores not just usernames & passwords, but short notes, product keys, & can generate temporary email addresses that can be disabled when they start receiving spam
Nothing is stopping Proton from doing the same thing next week. And seeing how many people lock themselves in to Proton (by using all their services, Apple style), they have a strong incentive to also do some "restructuring" and spike prices.
Howdy, I work at Proton, this is incorrect: https://proton.me/blog/proton-non-profit-foundation
A nonprofit is the largest voting shareholder of Proton.
load more comments
(2 replies)
Cloud version is for businesses not people, for some reason. But selfhosted is free of course.
load more comments
(1 replies)
How will this affect vaultwarden? I've been using it for 5 years and absolutely love it. I'm worried that I'll need to switch to something else though?
The Article says:
A Note for Vaultwarden Users
Whether self-hosting stays viable long-term is the real question worth sitting with.
Right now it works because Bitwarden’s clients are open source and the server API is public. Vaultwarden implements that API, and the official apps can’t tell the difference. That depends on Bitwarden continuing to publish open source clients and not restricting which servers they’ll talk to — neither of which is guaranteed under new management.
The brake on the worst case: self-hosting is a listed Enterprise feature that generates real revenue. Killing it upsets paying business customers. That matters.
The catch: what Bitwarden sells to enterprises is their own official server stack, not Vaultwarden. Vaultwarden exists in a space they’ve tolerated but never endorsed. If the calculus shifts, the tolerance ends without any announcement. Just let the API drift until compatibility breaks on its own.
I don’t think that’s imminent. But I also thought the free tier commitment was ironclad, and “Always free” isn’t on the page anymore.The real safety net is that Bitwarden’s clients are Apache 2.0 licensed. A fork would need a rebrand to stay clear of the trademark — different name, tweaked UI, same engine — but that’s a speed bump, not a wall. The web vault works through any browser regardless of what happens to the apps, so worst case you’d lose autofill temporarily while a fork caught up. Inconvenient, not catastrophic. Vaultwarden itself is already proof the model works.
Watch the clients. If they go closed, the community will notice fast, and the fork will follow.
It shouldn't in theory. Worst case is if bitwarden closes source, just fork the latest current open version and use it.
Ideally, a group, either independent or joining with vaultwarden devs, can build/maintain the frontend for vaultwarden that is bitwarden.
Privacy oriented self-hosting survival guide, where can I find one?
Need a remind me bot rn
load more comments
(1 replies)
Hey Login seems promising Free for private users, hosted in germany and end2end
view more: next ›