I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
Is it that time when I say “oh shit!” and starts to look at alternatives? I’ve seen this scenario a hundred times already and I’m tired.
I don’t have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.
This is absolutely a red flag though.
It takes a full 3 minutes to try an alternative. Export, install new one, import. Install extensions where you need them and sync.
Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC
Same question here. What are the best alternatives?
KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.
It doesn’t need to be complicated. I use syncthing to synch them. It’s pretty trivial. You just tell it what folders to synch, between which devices, and it’ll synch whenever it’s running.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.
Syncthing is probably a simple fix.
Assuming you have a degoogle’d phone. The syncthing-fork devs announced that they aren’t going to certify for Google Play when that’s made a requirement in a few months
Ugh, I forgot about this. Aren’t you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.
I think other apps will require ADB to install
After initial wait period of 24 hours, which is intolerably dumb, you don’t need ADB.
I found the easiest way to sync is to use rclone. This way you can use any cloud provider like Google Drive or OneDrive or DropBox. First create the rclone remote for your cloud provider using
rclone config. Second step is to create a second remote using the encryption option (menu item 16), choosing an appropriate path<first remote>:<path to directory>. Upload your KeepassXC database to this encrypted remote usingrclone copy.On Android you can use the RoundSync app from F-droid to configure the the same remotes, then create a task to copy or sync from that encrypted remote and a trigger to run that task on a schedule. Overall, this one-time setup works really well for me. This is my backup in addition to using Bitwarden for several years. Bitwarden is not going to get my money any more.
or use syncthing, no hosting experience required
Syncthing on the phone seems to use up a lot of battery, though.
If you don’t need real time sync you can disable background use of the app. That’s what I’ve done, and I just open the app when I need to update. Probably a smarter way to do it, but it works for me.
I use Vaultwarden
But you still use the official BW client apps, correct?
Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.
Are there any alternative FOSS clients/apps that work with Vaultwarden?
Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.
Alias vault seems the most feature complete and self hostable https://www.aliasvault.net/
I’ve been pretty happy with Apple passwords
Oh great. Let’s go from an open client to a vendor closed-source lock-in.
Sometimes I am baffled by the polarity of Lemmy.
From Tryhard-only-libre-software type of users over A-bit-of-each users (but tending to sway towards (F)OSS application) over to this opinion/suggestion.
Wild.