Comment on Bitwarden Makes Change To Address Recent Open-Source Concerns
Llewellyn@lemm.ee 2 weeks agoIf it was backdoored, many people would be calling that out.
In theory. And not necessarily soon. Don’t forget the context of this thread: we compare bitwarden with keepass, which does not offer to you your password base on their server side.
kurcatovium@lemm.ee 2 weeks ago
Trusting one FOSS client good. Trusting different FOSS client bad. Logic where?
Llewellyn@lemm.ee 2 weeks ago
That different FOSS client stores your data on their company’s server. It’s an important factor, IMO.
kurcatovium@lemm.ee 2 weeks ago
Dude, how is bitwarden hosting your own, locally encrypted (in FOSS client) password database any different than using keypass and syncing it however you want?
I don’t even use Bitwarden myself, I’m using keepass too, but this attitude is … weird?
Llewellyn@lemm.ee 2 weeks ago
I find risk slightly bigger when you encrypt your private data with the product of the company and store that encrypted data on servers of the same company. Why: because if they have some backdoor now or plans to introduce it in future, they have all the time in the world to apply that backdoor to your data.