533

Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)

submitted 1 week ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml

125 comments fedilink hide all child comments

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

(page 2) 50 comments

sorted by: hot top controversial new old

[-] DoucheBagMcSwag@lemmy.dbzer0.com 4 points 6 days ago

Uh oh. Android user here. Time to jump ship? If so...proton??

[-] Atemu@lemmy.ml 5 points 6 days ago

As with all of their services, the back-end is closed-source.

For the purposes of user freedom, it's not that critical as the back-end merely facilitates the storage and synchronisation of encrypted data. This is different from the bitwarden case where they're now including freedom disrespecting code into the most critical part of their software: the clients which handle the unencrypted data.
Fact of the matter remains however that Proton Pass restricts your freedom by not allowing you to self-host it.

If you are fine with not being able to self-host, I'd say it's a good option though. Doubly so if you are already a customer of their other services.
Proton has demonstrated time and time again to act for the benefit of its users in the past decade and I see no incentive for them to stop doing so. I'd estimate a low risk of enshittification for Proton which is high praise for a company of their size.

[-] nadiaraven@lemmy.world 4 points 6 days ago

Okay, we'll I've been using vaultwarden. When should I switch to something new, and what's a good alternative?

[-] Danitos@reddthat.com 3 points 6 days ago

@bitwarden bitwarden locked and limited conversation to collaborators

They also locked the thread 16 hours ago (as of writing this comment), with no explanation.

load more comments (6 replies)

[-] 31337@sh.itjust.works 2 points 6 days ago

I just exported my data from BitWarden and imported into ProtonPass. Was pretty easy. Hate the color palette of the app and browser extension though, lol.

load more comments (2 replies)

[-] preasket@lemy.lol 1 points 5 days ago

We need a fully community run password manager with row-level server synchronisation between devices and shared vaults. Maybe a new client for the Bitwarden protocol with Vaultwarden or something new. E.g. 1password's secret key as a second factor is, imho, their best feature. It pretty much eliminates the possibility of the vault being decrypted due to a weak master password.