undefined | Better HN

0 pointsdoodlesdev3y ago0 comments

There is no lock-in to Bitwarden, stop spreading FUD. I'm not really sure how long this is going to be like this with the VC money, but right now:

- Everything is open source - You get to self host - You get to export your database at any time - You don't even need to pay to use it if you don't want to

Are local password managers objectively more secure and reliable? Yes. Does that mean that Bitwarden is just an awful product by a money seething corporation that wants to lock you into their product and dime you till your last cent? Not so sure about that.

0 comments

n3t3y ago

Let me quote some excerpts from their license FAQ[0]:

> With respect to the server software available under the Bitwarden License, production use requires a separate commercial agreement with Bitwarden

> The right to use the software in a production environment, or environments directly supporting production, requires a paid Bitwarden subscription

> The Bitwarden License does not qualify as an open source license under the OSI definition

[0]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ.... (permalink → https://github.com/bitwarden/server/blob/f848eb247767fbba8a4...)

doodlesdevOP3y ago

Vaultwarden [0] is under the GPL, which is probably the software you are going to run anyway since it's lighter. The server is basically only a dump pipe since encryption is done client side so there's no need to use the official one.

Also Bitwarden's software has multiple licenses, one of them being AGPL for the server and one of them being GPL for the client. The part of the code that's under the Bitwarden license which you have to pay for is SSO, SCIM and I think FIDO2 authentication as they use some Azure tools for all of these and as such they can't run on premises

Quoting from their license FAQ [1]:

> "In your GitHub repositories, how can I determine what license applies to a given software program?"

> "Each Bitwarden repository contains a LICENSE.txt file that spells out which license applies to the code in that repository."

> "In the case of the Bitwarden server repository, the files are organized into various directories. These directories are not only used for logical code organization, but also to clearly distinguish the license that a given source file falls under. All source files under the /bitwarden_license directory at the root of the server repository are subject to the Bitwarden License. If a file is not organized under the /bitwarden_license directory, the AGPL 3.0 license applies."

Vaultwarden offers those for free if you so wish, but there are no restrictions to self hosting Bitwarden.

[0]: https://github.com/dani-garcia/vaultwarden

[1]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....

cabbagesauce3y ago

...not yet. Just as Authy was a nice TOTP software. Until they introduced their vendor lock-in TOTP format.

doodlesdevOP3y ago

Authy was never open source, nor self hostable, nor did it allow you to export TOTP tokens. You also don't have to use their own TOTP format if you don't want to, in fact I've yet to see any website that actually uses it. The equivalent to Bitwarden when it comes to managing 2FA would be something like Aegis, which is open source and has feature parity with Authy.

[0]: https://getaegis.app/

remuskaos3y ago

If the parent means the 7 digit style when referring to authys own topt format: Cloudflare and humble bundle use those. Thankfully Aegis also supports these.

j / k navigate · click thread line to collapse

0 comments

n3t3y ago

Let me quote some excerpts from their license FAQ[0]:

> With respect to the server software available under the Bitwarden License, production use requires a separate commercial agreement with Bitwarden

> The right to use the software in a production environment, or environments directly supporting production, requires a paid Bitwarden subscription

> The Bitwarden License does not qualify as an open source license under the OSI definition

[0]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ.... (permalink → https://github.com/bitwarden/server/blob/f848eb247767fbba8a4...)

doodlesdevOP3y ago

Quoting from their license FAQ [1]:

> "In your GitHub repositories, how can I determine what license applies to a given software program?"

> "Each Bitwarden repository contains a LICENSE.txt file that spells out which license applies to the code in that repository."

Vaultwarden offers those for free if you so wish, but there are no restrictions to self hosting Bitwarden.

[0]: https://github.com/dani-garcia/vaultwarden

[1]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....

cabbagesauce3y ago

...not yet. Just as Authy was a nice TOTP software. Until they introduced their vendor lock-in TOTP format.

doodlesdevOP3y ago

[0]: https://getaegis.app/

remuskaos3y ago

If the parent means the 7 digit style when referring to authys own topt format: Cloudflare and humble bundle use those. Thankfully Aegis also supports these.

j / k navigate · click thread line to collapse