Keepassium used to be listed (I think), should I now prefer alternatives?

Privacy Questions
16

I must say that I dislike that the first message of a project joining up on our forum has to carry such a negative tone.

That’s unfortunate, but my sentiment only reflects the official PG comment above, which implied KeePassium to be not trustworthy — without any reason or fault on our side.

A few users asked me why KeePassium is not listed on PG, so I took some time to track the history:

  • Sep 2022: Strongbox is selected by PG on the basis of “more features” and “is enough”. (By the way, “features” are not among PG’s evaluation criteria.)
  • [Time unclear]: Apparently, KeePassium gets delisted as redundant. (Bitwarden and 1Password remain side-by-side on the same page.)
  • Apr 2023: This thread starts
    • Jonah confirms that “Strongbox is enough” was the entire extent of how deeply PG looked into KeePassium.
    • Jonah: We could look into KeePassium if you show what’s wrong with Strongbox. (Try reading this as: “We’ll could look into Proton if you show what’s wrong with Tuta.”)
    • Jonah weakly implies KeePassium is not trustworthy, unless proven otherwise. (Guilty unless proven innocent, anyone?) But PG won’t spend the time to review it.
  • Jul 2023: Someone defends KeePassium in the original evaluation post. At the time, GitHub discussions are being phased out, so Jonah redirects the user to the new forum and they never follow up.
  • Jul 2024: Strongbox is caught lying about being open source.
    • PG removes the “open source” label.
    • Jonah approves the change.
    • I ask Jonah if this qualifies for “what’s wrong with Strongbox”. No response.
    • Strongbox remains recommended.
  • Aug 2024: The vote to remove Strongbox fizzles out after 3 weeks, without any comments or actions from PG team.
  • Nov 2024: PG still declares it prefers open-source projects. Still recommends the proprietary one.

PrivacyGuides is a big project with many things that need to be maintained by many people, sometimes stuff can slip between the cracks and take longer then we would want.

A two-year history of accidentally falling through the cracks, time after time, against all the odds. Let’s hope this is just an isolated case and no other projects have to explain PrivacyGuides’ oddly-shaped cracks.

As I said, by now this tells more about PG than about KeePassium.

7 Likes