In the latest episode of “they will always sell you out” - they sold you out! Who would’ve thought.

Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can’t exist without “leeching” off of Bitwarden.

    • Taasz/Woof@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      KeePassXC + KeePassDX is probably the best option, with the downside of no way to sync easily (syncthing is probably the best option there)

      I might switch back at some point, been getting frustrated with the bitwarden extension performance always being so poor.

      • German The Jackal@pawb.socialOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Merge conflicts are a concern for KeePass, especially for those that don’t want to resolve them. Sync is difficult. AFAIK this is a very common issue with Syncthing setups.

        Also, the portability from Bitwarden to KP leaves a bit to be desired, though that’s probably 90% on BW.

        • eli@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          I’ve been using KeePass with Syncthing for 5+ years now and I think I’ve only had a sync issue once in all this time.

          Granted I do make sure I only use the database on one device at a time (so not making edits on desktop and my phone at the same time) and I’m using XC and DX clients not the OG KeePass program.

          I’m curious what is causing sync issues to make it “common”, I use my db every day.

        • Lka1988@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Merge conflicts are a concern for KeePass

          It’s really not that much of an issue. I sync my database between several devices, some of which are only used occasionally. Rarely do I ever have a merge conflict.

          If you’re editing the database on multiple devices before they have a chance to sync with each other, maybe stop doing that. That’s what causes merge issues.

      • Lka1988@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        XC is really nice, but the devs are kinda dicks about not integrating some sort of syncing option, instead telling everyone who asks to “just point it to a local folder and use <insert sync tool of your choice> to keep that folder updated.” Which isn’t terrible advice, but some of us don’t have that option on managed devices.

        • Taasz/Woof@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          I ended up using Keepass2Android and just pointing it at my webdav server, it seems to work pretty well!

          On desktop it’s already taken care of since I put the DB in my folders that already sync via Syncthing.

          • Lka1988@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            I love K2A, been using it for well over a decade now. I really should toss the dev some cash… They’ve kept the UI consistent for years.

    • slate@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      KeePass isn’t going anywhere. They’re also dragging their feet on passkey support, so you might go with KeepassXC.

      • eightys3v3n@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        They also don’t effectively allow collaboration though, which is my cheif reason for using a cloud hosted password manager.

          • eightys3v3n@lemmy.ca
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Valid. But it’s also valid that it now doesn’t work for me or anyone who also helps manage other people’s lives or works on a team ¯_(ツ)_/¯

            • Lka1988@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Gotta use the right tool for the job. Sorry KeePass doesn’t work for you. It really is a fantastic piece of software.

        • frongt@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Sure they do. Multiple people can have a file open at the same time. I use it for exactly this every day at work.

          With KeePassXC, that is. I don’t know if other flavors have different support. I use XC primarily for the browser extension.

          • eightys3v3n@lemmy.ca
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            And you can both modify the same things without causing horrible conflict issues? And you can share only parts of your vault with someone rather than having entirely different vaults you have to switch between? I’m assuming you mean putting the file somewhere like Google Drive, and you can access it offline even if you can’t edit it offline? For feature parity with Bitwarden, obviously ideally one could edit any time and it would resolve problems when it came back online if there were any but Bitwarden doesn’t allow this.

            • frongt@lemmy.zip
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Yes, no conflicts. I don’t know if you can only share part of vault; I just created a separate one for a separate team.

              I wouldn’t put it in Google Drive or anything like that. The separate sync logic will definitely cause conflicts.

              I’m not worried about having access if I’m offline, because if I’m offline I’m not going to be able to log into anything anyway.

              • eightys3v3n@lemmy.ca
                link
                fedilink
                English
                arrow-up
                0
                ·
                2 months ago

                I guess a laptop, server, IoT device, or WiFi connection when your main device doesn’t have internet is out of scope for you?
                Like fixing my laptop and not wanting to type the new password into my phone instead of copy/paste, sync when online?
                And how are you sharing a file, to multiple people anywhere in the world realtime ish, without a cloud service you or someone else hosts? Doesn’t that necessitate some syncronization logic?

                • frongt@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  2 months ago

                  It’s hosted on a local network share, so we don’t need Internet access.

                  If can’t copy paste, I just type it out.

                  We use a VPN to the office.

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    I think the original title was more helpful because it shows that this is a recent development. Maybe you can add “new CEO”?

    Bitwarden scrubs ‘Always free’ and ‘Inclusion’ values from its website as longtime execs step down

    In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.

    CFO Stephen Morrison also left Bitwarden in April, replaced by former InVision CEO Michael Shenkman. Both Crandell and Morrison joined the company in 2019. Kyle Spearrin, who started Bitwarden as a fun hobby project in 2015, remains the company’s CTO.

  • godsammitdam@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    Has Vaultwarden said anything yet? I imagine that, if necessary, given that bitwarden’s client is still open, at the point they choose to try and close it, we, the users, can fork it and establish it for vaultwarden, correct? Or, maybe even the vaultwarden team will think about forking it themselves and making a light client as well to pair with the current server.

    But Vaultwarden can exist without “leeching” they just haven’t needed to yet. That’s more symbiotic than parasitic. The parasite class just took over Bitwarden after all.

    • German The Jackal@pawb.socialOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      Not to my knowledge. As far as forks go, that’s true. However, Vaultwarden would need to become an independent team, and even if they don’t take over maintaining the client, someone else would need to become independent. While it can work, it can also lead to very nasty, longstanding bugs or security issues due to scale, budget, and effort. I see this a lot with Apple apps for example - smaller developers understandably don’t want to deal with Apple’s crap and costs, and everyone suffers in the end.

      If you look at the current state of the cybersecurity world, it’s not kind to open-source developers. AI-generated BS is dredging up vulnerabilities on all sides. So security is also a big concern. Someone like Bitwarden has a lot of budget to swing.

      Vaultwarden itself is incredibly good, but not perfect:

      ~~https://nvd.nist.gov/vuln/detail/CVE-2026-26012.~~

      Edit: Bad example, point is security is a concern with a smaller team.

      • godsammitdam@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        You’re right. And that’s why more of us need to contribute and spread the word of projects to support them.

        Honestly, FOSS is our last bastion against this consumerist hellscape. I’m working on learning to build my own discord-like front end on matrix specifically for gaming. But I’m just one guy. We’ve all gotta pick where we place our effort and support those around us similarly.

        Vaultwarden taking over bitwarden, should they shut doen as open source, I think would be entirely worthy. But it might need more people to either help vaultwarden or maintain it on their own, you’re right.

        To me, seeing and learning about all of these projects gives me hope. All of these people and communities working to build things out of passion and dedication, because they care and want to provide value to others. No profit motive necessary. We just need to be there to support them as we’ve tied capital to our survival currently.

  • DFX4509B@lemmy.wtf
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Move to KeePassXC or its recent LLM-free fork while you still can, because at some point Bitwarden is going to try to go closed-source again.

        • Lka1988@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Yeah, I’m no fan of slopcoding either, but this policy addresses those who contribute AI-generated code; it is most certainly not “our devs are shipping AI slopcode”.

          Seems a lot here missed this part:

          All code submissions go through a rigorous review process regardless of the development workflow or submitter.

          Linus Torvalds does the same thing with the Linux kernel. He gets AI-generated slopcode submissions all the time. They’re reviewed by real people, and like most submissions Linus gets, sloppy work is rejected, AI and human alike.

      • Lka1988@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 months ago

        When someone says “use KeePass”, we generally mean ”use an app based on KeePass".

        Personally, I use the OG KeePass (work laptop), KeePass XC (all personal machines), Keepass2Android (personal Pixel), and Keepassium (work iPhone).

        Whichever one you use is entirely subjective. Also, XC wouldn’t exist without the OG KeePass, so maybe don’t be a tribal weird-ass over it.

        • youmaynotknow@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          I’ve been wanting to move to KeePass from my current vaultwarden. What’s the most seamless way to synchronize the DB across GrapheneOS and Arch?

          I trust Syncthing for syncing files, but it kind of feels insufficient for an actual encrypted database.

          What works for you for syncing?

          • Lka1988@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            The encrypted database is a file. Syncthing handles it perfectly fine. KeePass’ protocol has versioning and merge support built right in, so all of the KeePass variants work great with each other without issues over Syncthing.

            Just make sure you’re not editing the database on multiple machines at the same time - that’ll cause merge conflicts.

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    2 months ago

    This is why corporate promises can never be trusted, because a new CEO can change those promises on a whim.

    It’s part of why despite being interested in Beeper, I never signed up for it because I had questions about if those privacy promises they made would be kept if they sold to a bigger company… which they eventually did.

    On the plus side Bitwarden already made an official open source self-hosted version, which can be forked and/or return to the community developed Vaultwarden roots.

    Meanwhile KeepassXC keeps on chugging along.

    • northernlights@lemmy.today
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      FYI beeper is really just matrix with bridges. Once I realized that I set up my own and now I have the same functionalities as beeper, self hosted, with a choice of clients.

  • wickedrando@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    i was just thinking this week with the passphrase addition how good bitwarden is and when will the other shoe drop. There it is.

    • Lka1988@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Keepass (all variants and forks) has a passphrase generator, been built-in for years.

      The writing is on the wall for BW, and has been for quite some time now.

    • Lka1988@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      BW news dropped, so you’re going to move to something that still requires the BW app?

      Circular logic, friend. Ditch everything related to BW. Move to a truly open password manager like KeePass (including its various forks).

    • blarth@thelemmy.club
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      A change that would require intent to make is not a mistake or oversight.

      This sucks. I committed to Bitwarden years ago and now am going to have to switch before they lock me in the garden.

      • German The Jackal@pawb.socialOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 months ago

        They also haven’t addressed the removal of inclusion and transparency from their goals.

        EDIT: They did. They said it’s “less of a priority”. The article I shared has been updated. I smell corporate bullshit though. “Oversight” this, “priority shift” that, they’d have to work hard to gain any trust back.

  • Stupendous@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Keepassxc and whatever I’m using off f droid for Android. Then is sync with proton drive. Works well for me. I do the same for my one time password backups. You don’t even need to pay for a subscription to proton. These are small files. Free version is good enough

      • Cargon@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Has the sketchiness around the Syncthing fork hand-off get sorted?

        • Lka1988@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Yes, the previous maintainer of Syncthing-Fork gave it the green light. Honestly, from the explanation they gave, it sounds like they just have major social anxiety. But it’s all settled. Even the maintainer for the Google Play version is good with it.