this post was submitted on 23 Feb 2026
102 points (98.1% liked)
ADHDmemes
1517 readers
222 users here now
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I use self hosted vaultwarden. it’s great. I was using the main Bitwarden site, but recently I heard that bw is potentially vulnerable. so I started self hosting it. but yeah, I can fully attest to password managers
If it was the same thing I was reading, it was that people assume end to end encyrpted password managers are fully safe because even if they get hacked the hackers can't get your passwords because of the encryption.
In reality, the passwords are decrypted within their ecosystem. Even if it's on your device, a vulnerability in the client could leak your password because you type your password into their client.
This is the same reason most (all?) E2E encryption is not a replacement for trusting the company. If Facebook wants the contents of your E2E encrypted chat, your app or browser is already decrypting them on your device. They can just change their app to capture the decrypted chat messages and send them to the NSA.
notice how they always talk about end-to-end-encryption and never say anything about encryption-at-rest
I don't know which at rest point you're meaning, but TLS in an HTTPS connection is not normally considered end to end. For a chat client, end to end encrypted means you hit send, the message is encrypted, and cannot be decrypted until it arrives at the recipient.
An HTTPS connection is decrypted by the server in the middle, then re-encrypted for transit to the next person. I would think E2E could be considered encrypted at rest while on (e.g.) Facebook's servers. The danger area for E2E is at either end, where the decryption client is controlled by the middle man.
I would hope that Facebook would not store the decrypted messages on your device, but I guess they must store something as you aren't prompted each time for your decryption code.