Both 1Password and Bitwarden are running on massive amounts of VC funding, one is proprietary, and the other is going in that direction.
Meanwhile, Proton has zero VC money, has a sustainable business model, and turned itself into a non-profit to keep users trust, which Bitwarden just threw away by doing this rugpull.
I will let you choose which company has your best interests in mind.
Tresoritās public key authentication relies on server-controlled certificates, which attackers can replace to access shared files. Metadata is also vulnerable to tampering, allowing attackers to alter file creation details and mislead users.
From [BleepingComputer] (Severe flaws in E2EE cloud storage platforms used by millions )?
E2EE doesnāt really suffice if youāre sharing passwords. Then, youāre relying also on the serverās security.
The original goal of journalists was to report on things that were happening publicly. Digging into documents was a great way to get thrown in jail/die back when people ruled by divine right.
Proton had 2 rounds of VC money. What I have not heard about and did not find in searching is either how did they remove the VC investment, or how did they get them to go along with the non-profit idea?
Depends on oneās priorities. As someone who wants to use software that is public and available on request, it checks that box. Canāt do that with Proton Pass.
However, I am under no false pretense they are providing source code because of the community and they love FOSS. Rather itās a selling point to security critical software. I will never expect a company to maintain FOSS standards, as they will utilize it insofar it gives them profits. FOSS and capitalism pretty much grind gears. Given this, Bitwarden has at least sectioned off their poisoned code from proper GPL / AGPL code, instead of doing an entire bait/switch via SSPL like ElasticSearch or Redis. If that happens, Iāll probably consider switching then and sending them many colorful emails (Iāve already send them an email on this situation). Currently, theyāve done a partial rug pull, where we have less, but not nothing.
My options are stick with Bitwarden, or jump to a proprietary Proton Pass. I have no intention on using a local only password manager either. This news has not changed my initial position.
From my point of view, I agree that it doesnāt alter the features offered, but it opens a door that was previously closed. This precedent creates uncertainty, suggesting that at any given point, things can take a turn for the worse and become unbearable. Right now, itās a warning, but the question remains: are you willing to take that risk?
Bitwarden did respond to this on X/Twitter as well.
It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users
disregarding others and only caring about your own needs is the literal definition of selfish lol.
Perfect timing, I just expressed opinions on this. If confirmed that they are not changing their license model we should in the future be more cautions about assuming positions. Iām not sure if they stepback after getting caught. Not sure why they didnāt responded in Github.
Not really, read what I write and dont
interpret, so again:
It means I take responsibility for my, and only my, actions (and no actions).
So in this case, if you (and others) dont want to use BW because of this, go ahead.
So far I dont see a problem, so Iāll keep using it. Clearer now?
You have completley changed what you you were saying. I canāt divine that you would decide to change your answer.
My point still stands, you only care about yourself as you have now stated two different times. Thats inherently selfish, it makes sense that you and @Quantum agree.
Seems like your still not understanding my point of view, or what Iām saying (or both ), but lets just agree to disagree, and just get on with using, or not using BW
Redisās backend is licensed under Redis Source Available License 2.0 (RSALv2) Agreement. Bitwarden backend is dual licensed under AGPL and Bitwarden License v1.0 whereas the latter is located under /bitwarden_license folder in source code.
Redis front-end libraries are licensed under MIT, while front-end on Bitwarden is dual licensed under GPLv3 and Bitwarden License v1.0 whereas the latter is located under /bitwarden_license folder in source code.
This is not the same. If it was the same, then it would be the same licenses with the same clauses. I find it disingenuous to lump together licenses solely based on being able to view the source code.
Licenses aside, the goal of enshittification is likely the same, but Iām thinking this will be a slow poison rather than a quick one.
This is my take. Iām cautious, but Iām sticking with it for the time being. If the copy-left aspect of the client or server side code are removed, then Iām off to Proton Pass without hesitation.
Regardless, anyone who is a paying customer should contact the support and let them know you are considering switching because of this. Vote with your wallet, and let them know paying customers are unhappy with this slow movement away from FOSS. I doubt this will be a huge dent. Corpos listen to money, not philosophy.
Another FOSS project, proving that itās not viable to earn enough money to sustain itself. Most users using FOSS software never donate/pays for the Project, Nor do they want ads in those softwares or might use adblockers to block ads on those softwares and when the software finally either shuts down or go proprietary, makes shocked pickachoo face. Some then even have audacity to harass developers online. If the product is really essential, they may still use any tool in their disposal to block the software from making money. I think itās a high time where people in FOSS community should understand that money is required for regular development and maintainance of a software and support their favourite projects with monetary support . Yes, some people may start FOSS projects as hobby projects, unless those projects really have some pretty cool way of earning money, the project is not something to be relied on as it can be EOL anytime as most open source software comes with no warranty nor the developer owes anything to anyone when they have an open source software.
i understand this point but bitwarden already got vc funding 2 years back i guess and this case is not exactly like skiff , where they are selling of the foss products and closing the service. Also the CEO afaik is still the same.
I think the founder and CEO plays major role in how the company is run.
Agreed that there maybe new investors who may
have significant influence in what path bitwarden takes forward. (which it already has been following since 2 years) So all may not be lost.
1password a closed source app was already recommended by PG , so i donāt think open source is a mandatory criteria to fulfill as far as they are maintain the security standard and donāt track users.
I contacted support with my concerns and got this reply:
It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users.
), but lets just agree to disagree, and just get on with using, or not using BW 