The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes
blog.ppb1701.com
Back in March, I wrote about Bitwarden doubling their Premium price — and specifically how they did it. Buried in a feature announcement. Priced in fake...

If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.

  • WhyJiffie@sh.itjust.worksEnglish
    1·
    4 hours ago

    This is likely to have every one of your logins, not just a single login that may or may not be used on other sites, but the specific username and password and which site it’s associated with. On addition to access to those accounts, this links all of your accounts to a single identity which companies spend billions to do with advertising IDs, cookies, embedded scripts, and lots of other, usually shady, practices. This is a gold mine, though usually only for one or a few users, so generally not a major target unless you’re being targeted personally for some reason. So, even if they don’t get the passwords, they’ve now linked every account you have on every site to your identity.

    afaik everything is encrypted. not like a big blob, but the properties of items are encrypted separately, if the encrypted export format has anything to do with the database structure

    • Jul (they/she)@piefed.blahaj.zoneEnglish
      1·
      2 hours ago

      That’s positive at least. I hadn’t looked at that part. Still having the whole dump of data and attacking it locally vs having to query a web server repeatedly for each attempt is a major advantage. This is why I significantly prefer Vaultwarden over a synchronized database, especially if it’s publicly synchronized in a publicly accessible git server or something making it relatively trivial to copy.