You can’t know with certainty on Signal that the client and the server are actually keeping your messages encrypted at rest, you have to trust them.

With Matrix, if you self host, you are the one in control.

It’s harder to create new content than to correct existing content.

Just remember that Cloudflare decrypts and re-encrypts all your data, so they can read absolutely everything that passes through those tunnels.

money corrupts

This is exactly the reason that Proton became a non-profit:

https://proton.me/blog/proton-non-profit-foundation

Swiss foundations and their board of trustees are legally obligated to act in accordance with the purpose for which they were established, which, in this case, is to defend Proton’s original mission. As the largest voting shareholder of Proton, no change of control can occur without the consent of the foundation, allowing it to block hostile takeovers of Proton, thereby ensuring permanent adherence to the mission.

They’re not really comparable since Bitwarden has the source available for auditing and Proton Pass (server) does not.

I’m not aware of any other enterprise password management where the server source is available and auditable. Proton certainly is not.

What features will depend on the close-source part, and which do not?

There are definitely some terminology issues here.

The SDK is not closed source, you can find the source here: https://github.com/bitwarden/sdk

It might not be GPL open-source, but it is not closed either.

Other than that, I agree with your points. I don’t agree with the kneejerk hysteria from many of the comments - it’s one of the worst things about FOSS is how quick people are to anger (I am not referring to you here).

But all of that still doesn’t explain what their goal of introducing the proprietary SDK is.

Let’s wait and see before we get out the pitchforks.

Sorry that’s my mistake - I should have said “source available”, rather than “open source”. IMO, being source available is the critical component of a password manager like Bitwarden, and is what I meant when I referred to their main competitive advantage.

They might also choose to be open source and fix this specific issue and return to GPL-compatibility, but remaining source available would seem to be the more critical factor.

Well, then it would be nice to hear from them an explanation on why they decided to violate the GPLv3

Lucky for you, they provided that explanation:

1. This is a bug/mistake.
2. Our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.
3. We will fix this.

That may or may not be the case, but the comment I replied to said they locked the thread with “no explanation”.

What part changed the code to closed source?

Nothing in the article or in the Bitwarden repo suggests that it’s moving away from open source

Gitlab has demonstrated its commitment to keep the core of their product, though limited in features, free and open source. As of now, BW’s clients cannot even be compiled without the proprietary SDK anymore.

None of that makes Bitwarden not open source. Not only that, they specifically state this is a bug which will be addressed.

I would go as far as to say that Bitwarden’s main competitive advantage and differentiation is that it’s open source. They would be insane to stop that.

That would be an issue if they were not open source. Them making their own SDK proprietary is not a pitchfork issue.

Open source !== Non-proprietary

I would go as far as to say that Bitwarden’s main competitive advantage and differentiation is that it’s open source. They would be insane to change that.

The explanation is the second-to-last comment before it got locked. 🤦

This hysteria is really stupid.

4-J-yo

edit: I think I’ve misunderstood the point of the article. In a non-obvious (to me at least) way, he is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better.

edit: I think I’ve misunderstood the point of the article. He is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better (since most people don’t use password managers). It’s not so much a problem with passkeys, but the lack of password managers.

Even in the best case scenario, where you’re using an iPhone and a Mac that are synced with Keychain Access via iCloud

Surely the better-case scenario would be using a password manager?

The article doesn’t address the recommended use-case of passkeys + password manager, which makes it kind of irrelevant.

Here is clockwise. One arrow is going to the right and one to the left.

Here it is:

https://www.classicpress.net/