this post was submitted on 20 Oct 2024
525 points (95.7% liked)

Open Source

30837 readers
310 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
525
Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)
submitted 3 days ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml
123 comments fedilink hide all child comments
 

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] KLISHDFSDF@lemmy.ml 11 points 2 days ago (1 children)

Looks like I might be moving to Proton Pass after all! I'll give them some time to see what they do about this, but will happily give my money to someone else and migrate friends/family as well.

[–] RvTV95XBeo@sh.itjust.works 2 points 2 days ago (2 children)

I know little about Proton Pass, but how confident are you they don't also used a proprietary SDK with their open source apps?

load more comments (2 replies)
[–] umbrella@lemmy.ml 10 points 2 days ago* (last edited 2 days ago) (1 children)

i was about to replace my glorified encrypted text file for a password manager. guess relying on 3rd parties in a late-stage capitalist world is not a viable alternative.

ill stay with my encrypted text file until they privatize encryption. by then ill probably be carving my passwords out on stone. or burning down the servers of these fucking pigs trying to make us identify ourselves for everything on the internet now.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 11 points 2 days ago (4 children)

KeePassXC is pretty amazing. :)

load more comments (4 replies)
[–] nichtburningturtle@feddit.org 14 points 3 days ago (2 children)

Does this affect valtwarden?

load more comments (2 replies)
[–] 31337@sh.itjust.works 2 points 2 days ago (2 children)

I just exported my data from BitWarden and imported into ProtonPass. Was pretty easy. Hate the color palette of the app and browser extension though, lol.

load more comments (2 replies)
[–] fireshell@lemmy.ml 2 points 2 days ago* (last edited 2 days ago) (10 children)

pass is enough (+ xdotool + rofi + pass-menu). Synchronization via git or Syncthing.

load more comments (10 replies)
[–] DoucheBagMcSwag@lemmy.dbzer0.com 4 points 2 days ago (1 children)

Uh oh. Android user here. Time to jump ship? If so...proton??

[–] Atemu@lemmy.ml 5 points 2 days ago

As with all of their services, the back-end is closed-source.

For the purposes of user freedom, it's not that critical as the back-end merely facilitates the storage and synchronisation of encrypted data. This is different from the bitwarden case where they're now including freedom disrespecting code into the most critical part of their software: the clients which handle the unencrypted data.
Fact of the matter remains however that Proton Pass restricts your freedom by not allowing you to self-host it.

If you are fine with not being able to self-host, I'd say it's a good option though. Doubly so if you are already a customer of their other services.
Proton has demonstrated time and time again to act for the benefit of its users in the past decade and I see no incentive for them to stop doing so. I'd estimate a low risk of enshittification for Proton which is high praise for a company of their size.

load more comments
view more: ‹ prev next ›