So these four things happened: 1. #Bitwarden, who always...

scy

So these four things happened:

1. #Bitwarden, who always advertised being open source, introduced a non-free dependency into their client.

2. People start speculating whether this means that Bitwarden will become proprietary. https://github.com/bitwarden/clients/issues/11611

3. After three days of speculation, founder and CTO Kyle Spearrin posts a comment saying that this is just a measure to isolate a part of the code from the GPL.

4. He then closes & locks the issue.

Looks totally not suspicious, yeah. 😬

Like 20 October at 13:59 | Open on chaos.social

25 comments

scy

via @n0toose https://chaos.social/@n0toose/113340052961123604

20 October at 14:00 | Open on chaos.social

n0toose

@scy FYI, I am not totally sure whether I trust my own initial take on this. I find it super suspicious, but framing it as "going proprietary" is too definitive for me to stand by what I originally said in the form of a joke.

20 October at 16:02 | Open on chaos.social

scy

@n0toose Well, I'm neither saying "Bitwarden is going proprietary", nor "n0toose is saying that Bitwarden is going proprietary", just "people in the issue are speculating that Bitwarden might go proprietary", and from what I've seen, that's correct.

My personal opinion is: this smells. It especially smells that they need to protect stuff from the GPL, and that they're locking the issue. If there has simply been miscommunication, you'd expect them to start a conversation, not end one.

20 October at 16:52 | Open on chaos.social

Christoph Petrausch

@scy @n0toose on the other hand, once the wrong communities see an issue, a civilian conversation is nearly impossible.

20 October at 18:22 | Open on norden.social

scy

"We're open source!"
"Yay, that's cool!"
"We just need to take some measures to protect our product from the implications of a copyleft license."
"Uhhh …"

20 October at 14:03 | Open on chaos.social

Christof Schöch

@scy – Very disappointing! Will need to look for an alternative...

20 October at 15:34 | Open on fedihum.org

Stephan Hochdörfer

@christof can recommend @passbolt as alternative /cc @scy

20 October at 18:57 | Open on phpc.social

tuxflo

@shochdoerfer @christof @passbolt @scy is there a Linux desktop app available for that? Looks pretty interesting

20 October at 21:13 | Open on chaos.social

Clayton

@christof @scy vaultwarden

20 October at 20:15 | Open on freeradical.zone

Dark Photon Studio

@scy In the end, capitalism destroys everything.

20 October at 14:13 | Open on metalhead.club

Oliver™

@scy

I am not going to pay for Bitwarden anymore (I am still a "premium" member, but will cancel that). The main reason for using Bitwarden was, that was free software (and a linux client).

As soon as I have decided what to use instead, @bitwarden will be forgotten.

F*cking proprietary software! F*cking capitalism!

20 October at 14:42 | Open on mastodon.online

Rue Mohr

@scy so, don't use it.

20 October at 16:53 | Open on infosec.exchange

ZanaGB

@scy i am surprised that more people aren't using keepassxc as their manager.

20 October at 17:28 | Open on mastodon.social

Kevin Norman

@scy definitely gonna have to keep an eye on this. Happy paid Bitwarden customer currently.

20 October at 17:44 | Open on fosstodon.org

Ben Esquivel

Sensitive content

@scy screenshot for the ages. This might be about to change.

Screenshot from Bitwarden’s page describing their open source practice. “Bitwarden is an open source password manager. The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase. We believe that being open source is one of the most important features of Bitwarden. Source code transparency is an absolute requirement for security solutions like Bitwarden.”

20 October at 17:45 | Open on mastodon.cloud

Stu

@scy Good to know, thanks. I'm not going to change (that's significant work) until they make this change, although I won't be renewing my annual contribution.

20 October at 18:08 | Open on hachyderm.io

Crispy Branzino

@scy latest pull request is just a 640x480 gif of mr krabs...

20 October at 19:47 | Open on comp.lain.la

Andy Mouse

@scy I saw this coming over a year ago, and started switching to KeePassDX. I think I smelled the capitalist rot starting to take hold.

20 October at 20:13 | Open on todon.eu

64 mastodonz logistics co-op

@scy if you can prove that the two halves of the code are in fact one program, the gpl would apply

is it possible for someone else to build an open source front end?

20 October at 20:32 | Open on mastodon.nz

WerySkok :verified_think:

@scy I'm happy that I use KeePassXC with Nextcloud sync

20 October at 21:56 | Open on mastodon.ml

Cybso

@WerySkok my problem with Keypass is that it's like a Spiderman franchise. Keypass, KeypassX, KeypassXC ("a KeypassX reboot") and multiple different Android implementations, with different UI and different Features... That's just super confusing for me 😔

@scy

21 October at 5:29 | Open on osna.social

WerySkok :verified_think:

@cybso @scy KeePassDX seems to work pretty fine for me :blobcatgooglyshrug:

21 October at 8:46 | Open on mastodon.ml

Rihards Olups

@WerySkok @cybso @scy Which, somewhat ironically, seems to be yet another product/project :)

21 October at 12:45 | Open on mastodon.social

WerySkok :verified_think:

@richlv @cybso @scy it doesn't have to be the same brand if it implements known standard

21 October at 12:46 | Open on mastodon.ml

Cybso

@WerySkok It's the same reason why non-techie users prefer Blusky over Mastodon. They just want to use "Keepass", they don't want to compare and choose between different implementation.

To make things worse, the many different implementations also favor malware versions. How is the average user supposed to distinguish these from legitimate apps?

@richlv @scy

21 October at 13:05 | Open on osna.social