Proton Pass is open source and the company that runs it recently reincorporated as a Swiss non-profit to ensure their privacy mission can’t be bought out by venture capitalists etc.
No, technically they already are SaaS company. That’s mostly how they make their money.
Also it should be noted “no longer open source” doesn’t mean they’ve done a “our code is now closed and all your passwords are ours” rug pull like some other corporations. This is a technical concern with the license and it no longer meets proper FOSS standards (in other words, it has a restriction on it now that you wouldn’t see in, for example, the GPL).
So by and large the change is very minimal, the code is still available, it’s still the best option. However, this does matter. It may be a sign of the company changing directions. It’s something they should get pushback about.
The SDK was never FOSS, and was never under the GPL. Hence why they can add the text mentioned in the article. You don’t get to change the text of a FOSS license to begin with. It isn’t unheard of for text like this to be part of proprietary software that integrates with and uses FOSS that are under different licenses.
That said, this is concerning, but whether it changes BW’s FOSS state is a matter of legal bickering that has been going on for decades.
You can’t retroactively change FOSS licensing, but oft times you can alter the licensing moving forward. Not always the case, of course. But in no way are all FOSS licenses set in stone.
+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox… or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.
Based on this news, I think I made the right choice back then when I decided to go with KeePass.
As someone who used to use KeePass, went to LastPass, and then Bitwarden (Vaultwarden), I finally got my non-tech literate wife to use Bitwarden. I’m concerned that KeePass might end up being more difficult if it comes down to it. I believe that KeePass had some sort of browser integration but it really has been a long time since I used it so who knows the current state. Curious how browser integration is today.
so what’s the best pw manager?
Proton Pass is open source and the company that runs it recently reincorporated as a Swiss non-profit to ensure their privacy mission can’t be bought out by venture capitalists etc.
https://www.reddit.com/r/ProtonPass/comments/153t85q/proton_pass_is_open_source_and_has_now_passed_an/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
https://proton.me/blog/proton-non-profit-foundation
Honestly, it’s Bitwarden right now. This move signals their intent to change that, though.
so the “no longer open source” means they’ll be moving to a saas model or something? i’m not super cybersecurity savvy but bitwarden is what i use
No, technically they already are SaaS company. That’s mostly how they make their money.
Also it should be noted “no longer open source” doesn’t mean they’ve done a “our code is now closed and all your passwords are ours” rug pull like some other corporations. This is a technical concern with the license and it no longer meets proper FOSS standards (in other words, it has a restriction on it now that you wouldn’t see in, for example, the GPL).
So by and large the change is very minimal, the code is still available, it’s still the best option. However, this does matter. It may be a sign of the company changing directions. It’s something they should get pushback about.
The SDK was never FOSS, and was never under the GPL. Hence why they can add the text mentioned in the article. You don’t get to change the text of a FOSS license to begin with. It isn’t unheard of for text like this to be part of proprietary software that integrates with and uses FOSS that are under different licenses.
That said, this is concerning, but whether it changes BW’s FOSS state is a matter of legal bickering that has been going on for decades.
You can’t retroactively change FOSS licensing, but oft times you can alter the licensing moving forward. Not always the case, of course. But in no way are all FOSS licenses set in stone.
It means we have less insight on what they are doing with our passwords.
It doesn’t mean that in this case, except perhaps very indirectly.
great…
Vaultwarden is a nice self hosted bitwarden alternative
https://github.com/dani-garcia/vaultwarden
Some prefer using KeepassXC and sync the database between devices
https://www.ctrl.blog/entry/keepass-vs-bitwarden-server.html
+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox… or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.
Based on this news, I think I made the right choice back then when I decided to go with KeePass.
As someone who used to use KeePass, went to LastPass, and then Bitwarden (Vaultwarden), I finally got my non-tech literate wife to use Bitwarden. I’m concerned that KeePass might end up being more difficult if it comes down to it. I believe that KeePass had some sort of browser integration but it really has been a long time since I used it so who knows the current state. Curious how browser integration is today.
Vaultwarden is Bitwarden–at least for now, this change may push them apart.
Keepass? No cross device support, you need to manage that yourself through something like Google Drive…
What do you mean “no cross device support”? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available…
As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that’s a feature, not a limitation :)
lol that’s what i used before i switched to bitwarden-- didn’t have any complaints, but the database key file thing was kind of a pain
Agh, gross.