Actually, the part of the article that made me prick my ears up was this paragraph:
In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.
In combination with downplaying the free plan and removing any hint of now politically unfashionable DEI-like language, what this screams to me is: Bitwarden is being prepped for a sale.
The price doesn't seem bad, though this case smells of some sort of greater internal shift that's, at least for me, indicative the Bitwarden is being turned into a profit-machine-at-any-cost rather than providing a good service for money.
This new CEO is a massive red flag. Literally nothing about anything relevant to the product or industry, though he's apparently good at private equity and selling orgs.
Probably worth jumping ship now before it mutates into another shitty corporate org, except this one is keeping your passwords.
I've paid for Bitwarden for years, but I can come to no other conclusion from all this (CEO all about private equity, severe price hike, scrubbing of core values, hiding the free tier) that it will be sold soon. Time to jump ship!
I stopped endorsing closed-source software to friends and family years ago, because you can't trust the companies behind them not to quietly change directions.
Years ago I used a free workout app that I really liked. After a few months of using it I recommended it to friends. I only much later found out that I was on a grandfathered version of the free plan without ads or restrictions. The company had made changes to the free plan since I joined, and all new accounts (like my friends) were subject to ads and restrictions.
It was embarrassing to have unknowingly recommending something like that.
Bitwarden is open-source though? This is about the hosted version of it, which has a free tier. But you can run the same software on your server at home if you want, for free.
(That said, I am also concerned about the direction Bitwarden is taking. I just think this shows that even OSS projects can have direction/rugpull issues.)
You're right, though the friends and family that I would feel the need to recommend a password manager to aren't the type that would self-host their own servers.
How long after a public sale will Bitwarden clients keep compatible with Vaultwarden? The new owners could put a check in all clients on the first day of ownership if they wanted, and Vaultwarden would immediately be obselete and useless.
I wonder if Bitwarden shit on everyone, how long it would take for Vaultwarden specific clients to appear. A browser extension would be pretty simple, app store apps are a bit more complicated because of the pay-to-play aspects.
Vaultwarden relies on the goodwill of Bitwarden to allow it to use its clients for compatibility. I would wager a new owner looking for money would block that pretty soon after buying the company.
Early adopters are exactly the people that like to test and recommend things to the majority. Without being aware of it, I was recommending a different product than the one I was using.
People stake their own personal reputations behind their recommendations. I don't think quietly changing the product without warning is doing right by their early adopters.
Thank you so much for posting this. I have been paying the annual 10$ (which went up by 2$ this year), but now it looks like I have to pay a whopping 30$ a year (a 3x increase, with no increase in features or value at all).
The cherry on the shit cake is that they did not give me any heads up at all. Quite sad. Bitwarden has been consistently one of the best pieces of softwares I have ever used. Simple, just does what it does and gets out of the way.
There are 2 versions out there, the one from Bitwarden itself, and an open-source rewrite called Vaultwarden.
But, the main developer of works at Bitwarden.
Thankfully you can easily export your passwords and move to another system (unlike say Authy where we had to inject Javascript to extract the TOTP seeds).
The writing on the wall seems to have been when they suddenly doubled the price of a yearly subscription without notifying anyone. That struck me as skeezy as **...looks like it may just be the beginning.
I hope people are actively mirroring their GH repos, because I expect at some point they might suddenly decide to change the license to Proprietary and move to scrub the repos from the web. At which point, the community will then fork the last-free version and start to maintain a fork.
Which I really don't want to see happen, because having to move all my shit for myself and my family again after the LastPass debacle is going to be an extraordinary headache.
what's a good open source and secure alternative? even if payed? I've been using bitwarden for years but this change plus their new CEO gives me pause.
Would you really be okay with HN charging monthly to use the site? HN probably stores more data anyways, passwords are pretty small in comparison to comments, and I produce more of them aswell.
You don't need to be a system backup expert to take backups, and with that attitude you will never become a system backup novice either. There is no gaurentee paid services will keep your data available either. One company lost my data and I was very glad to have backups.
Now I started to worry about their clients openness to work with valultwarden. They also said in the past they will not change the behavior to not accept third party servers. But who knows now.
As much as I hate the changes Bitwarden is making, I’m kinda with them on not adding official vaultwarden support. Having to support multiple backends (some of which you don’t control!) with your frontend makes everything massively more complicated.
Last time I looked into this, you really couldn't in a reasonably simple way. It was possible between two users, but more than two just caused issues with syncing.
Oh yeah, I love having to manage sync conflicts in my password database because I was dumb enough to edit it on two separate computers that weren't both online at the same time.
Yeah, my main reason to stay away from Keepass, everything is in a single versioned binary file. I like 'passwordstore.org', where every secret is it's own gpg-encrypted textfile in a git repo. Every change is a commit, easy to see history, easy to revert or know which version is newest. And easy to selfhost, you just need a place to git push/pull from.
Actually, the part of the article that made me prick my ears up was this paragraph:
In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.
In combination with downplaying the free plan and removing any hint of now politically unfashionable DEI-like language, what this screams to me is: Bitwarden is being prepped for a sale.
urgh of course it has to be private equity. Really liked the product and did not mind paying for it...but not ready for the PE enshittification.
The price doesn't seem bad, though this case smells of some sort of greater internal shift that's, at least for me, indicative the Bitwarden is being turned into a profit-machine-at-any-cost rather than providing a good service for money.
This new CEO is a massive red flag. Literally nothing about anything relevant to the product or industry, though he's apparently good at private equity and selling orgs.
Probably worth jumping ship now before it mutates into another shitty corporate org, except this one is keeping your passwords.
I've paid for Bitwarden for years, but I can come to no other conclusion from all this (CEO all about private equity, severe price hike, scrubbing of core values, hiding the free tier) that it will be sold soon. Time to jump ship!
I'm already paying for the Protonmail suite so reading this was my cue to finally switch over to Proton Pass. Thanks for the heads up.
I stopped endorsing closed-source software to friends and family years ago, because you can't trust the companies behind them not to quietly change directions.
Years ago I used a free workout app that I really liked. After a few months of using it I recommended it to friends. I only much later found out that I was on a grandfathered version of the free plan without ads or restrictions. The company had made changes to the free plan since I joined, and all new accounts (like my friends) were subject to ads and restrictions.
It was embarrassing to have unknowingly recommending something like that.
Bitwarden is open-source though? This is about the hosted version of it, which has a free tier. But you can run the same software on your server at home if you want, for free.
(That said, I am also concerned about the direction Bitwarden is taking. I just think this shows that even OSS projects can have direction/rugpull issues.)
You're right, though the friends and family that I would feel the need to recommend a password manager to aren't the type that would self-host their own servers.
So what would you recommend to your friends and family that need a password manager? Genuinely curious.
I pay for a service for my family because I need reliable and easy for my wife and daughter to use it.
> But you can run the same software on your server at home if you want, for free.
Whats to say this will still be true if the company gets sold?
The fact that Vaultwarden exists?
How long after a public sale will Bitwarden clients keep compatible with Vaultwarden? The new owners could put a check in all clients on the first day of ownership if they wanted, and Vaultwarden would immediately be obselete and useless.
I wonder if Bitwarden shit on everyone, how long it would take for Vaultwarden specific clients to appear. A browser extension would be pretty simple, app store apps are a bit more complicated because of the pay-to-play aspects.
Except that we do have Vaultwarden, so those who haven't already switched still have an option.
Vaultwarden relies on the goodwill of Bitwarden to allow it to use its clients for compatibility. I would wager a new owner looking for money would block that pretty soon after buying the company.
The clients are open source. If Bitwarden removes the ability to select the server, people will just fork the clients.
I hear you, but the flip side is that it sounds like they did right by their early adopters in grandfathering you in.
Early adopters are exactly the people that like to test and recommend things to the majority. Without being aware of it, I was recommending a different product than the one I was using.
People stake their own personal reputations behind their recommendations. I don't think quietly changing the product without warning is doing right by their early adopters.
Thank you so much for posting this. I have been paying the annual 10$ (which went up by 2$ this year), but now it looks like I have to pay a whopping 30$ a year (a 3x increase, with no increase in features or value at all).
The cherry on the shit cake is that they did not give me any heads up at all. Quite sad. Bitwarden has been consistently one of the best pieces of softwares I have ever used. Simple, just does what it does and gets out of the way.
Sad really ...
Have been a customer for years, but if the core values are going away, so am I. It's not even about the money.
Great heads up! I will work on self-hosting this month.
There are 2 versions out there, the one from Bitwarden itself, and an open-source rewrite called Vaultwarden.
But, the main developer of works at Bitwarden.
Thankfully you can easily export your passwords and move to another system (unlike say Authy where we had to inject Javascript to extract the TOTP seeds).
sigh
The writing on the wall seems to have been when they suddenly doubled the price of a yearly subscription without notifying anyone. That struck me as skeezy as **...looks like it may just be the beginning.
I hope people are actively mirroring their GH repos, because I expect at some point they might suddenly decide to change the license to Proprietary and move to scrub the repos from the web. At which point, the community will then fork the last-free version and start to maintain a fork.
Which I really don't want to see happen, because having to move all my shit for myself and my family again after the LastPass debacle is going to be an extraordinary headache.
what's a good open source and secure alternative? even if payed? I've been using bitwarden for years but this change plus their new CEO gives me pause.
I've been self-hosting Vaultwarden for some time, I'm pretty happy with it.
can you access it in your phone?
Yes.
If you are using Bitwarden self hosted, you can switch it out for Vaultwarden.
Private equity ruins housing.
They also ruin software.
Why do people expect free stuff?
It’s a company and has operational costs.
maybe because the company promised "always free"?
if the company can't keep the promises, then maybe they shouldn't make them in the first place?
Would you really be okay with HN charging monthly to use the site? HN probably stores more data anyways, passwords are pretty small in comparison to comments, and I produce more of them aswell.
i mostly moved out of all SaaS, today i've Go app with sqlite backing for everything!
whenever i need any new feature, i just add it.
Just use vaultwarden https://github.com/dani-garcia/vaultwarden
Do you have to self host it?
I'm moderately decent at self hosting. I'm fairly confident in my backups and security.
But also, I am not a system backup nor security expert, and I don't want to become either.
The one last thing that I really want to leave to the experts is my secrets management.
You don't need to be a system backup expert to take backups, and with that attitude you will never become a system backup novice either. There is no gaurentee paid services will keep your data available either. One company lost my data and I was very glad to have backups.
This uses the Bitwarden client and extensions, which is it's main attraction (I use it too).
My worry however is about the future - what if a core functionality goes behind a paywall.
Now I started to worry about their clients openness to work with valultwarden. They also said in the past they will not change the behavior to not accept third party servers. But who knows now.
As much as I hate the changes Bitwarden is making, I’m kinda with them on not adding official vaultwarden support. Having to support multiple backends (some of which you don’t control!) with your frontend makes everything massively more complicated.
Its not about them having to support multiple 3rd party backends, its about them not making any hostile changes which actively block them.
Ah, good old rugpull.
Just use KeePass.
How do you sync between devices?
Last time I looked into this, you really couldn't in a reasonably simple way. It was possible between two users, but more than two just caused issues with syncing.
https://syncthing.net/
"Always free" was never sustainable for a password manager that took VC money and now needs growth at all costs [0].
Obviously predictable. Bitwarden is now in the extraction phase and it is now time to pay an expensive...
...$1.65 a month.
[0] https://news.ycombinator.com/item?id=34427981
Compared with KeePassXC and Syncthing, it is infinitely more expensive!
Oh yeah, I love having to manage sync conflicts in my password database because I was dumb enough to edit it on two separate computers that weren't both online at the same time.
Yeah, my main reason to stay away from Keepass, everything is in a single versioned binary file. I like 'passwordstore.org', where every secret is it's own gpg-encrypted textfile in a git repo. Every change is a commit, easy to see history, easy to revert or know which version is newest. And easy to selfhost, you just need a place to git push/pull from.
Works best if you have an always on client. Easy if you have a VPS or a home lab, even a small one, a nuisance if you don't.
I have that and still have regular sync conflicts. :(
Look at the CEOs other "ventures" he is a private equity squeeze guy.