Open Source

30899 readers

430 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

526

Bitwarden Desktop version 2024.10.0 is no longer free software (github.com)

submitted 1 week ago by [email protected] to c/[email protected]

125 comments fedilink hide all child comments

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 11 points 1 week ago

Dumb it.

Move to something else.

This is how fuckery starts.

[–] [email protected] 11 points 1 week ago (1 children)

Looks like I might be moving to Proton Pass after all! I'll give them some time to see what they do about this, but will happily give my money to someone else and migrate friends/family as well.

[–] RvTV95XBeo 3 points 1 week ago* (last edited 2 days ago) (2 children)

I know little about Proton Pass, but how confident are you they don't also use a proprietary SDK with their open source apps?

[–] [email protected] 2 points 1 week ago (1 children)

Their Android client is licensed under GPLv3

[–] RvTV95XBeo 2 points 1 week ago

Cool, so is Bitwarden, hence my concern

load more comments (1 replies)

[–] [email protected] 4 points 1 week ago

Okay, we'll I've been using vaultwarden. When should I switch to something new, and what's a good alternative?

[–] [email protected] 4 points 1 week ago (1 children)

Uh oh. Android user here. Time to jump ship? If so...proton??

[–] [email protected] 5 points 1 week ago

As with all of their services, the back-end is closed-source.

For the purposes of user freedom, it's not that critical as the back-end merely facilitates the storage and synchronisation of encrypted data. This is different from the bitwarden case where they're now including freedom disrespecting code into the most critical part of their software: the clients which handle the unencrypted data.
Fact of the matter remains however that Proton Pass restricts your freedom by not allowing you to self-host it.

If you are fine with not being able to self-host, I'd say it's a good option though. Doubly so if you are already a customer of their other services.
Proton has demonstrated time and time again to act for the benefit of its users in the past decade and I see no incentive for them to stop doing so. I'd estimate a low risk of enshittification for Proton which is high praise for a company of their size.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago) (10 children)

pass is enough (+ xdotool + rofi + pass-menu). Synchronization via git or Syncthing.

load more comments (10 replies)

load more comments