FYI - Your two primary alternatives are LastPass and 1Password. The former of which is melting down due to security flaws, and the latter has raised roughly $1B in VC money:
At a certain point, you just have to live your life. To accept that products you use might change in the future, and you might need to migrate to something else down the road.
The alternative is just keep something like KeePass around on a thumb drive, and forgo all the cloud sync, and browser and native app autocomplete integration. But those things are really the main point to all these products. Without that, I would argue that you're better off with a pad of paper in your desk drawer.
If you look at the total financial means Proton has spent to develop and grow, >98% came from the community, making VC funding less than 2%. In fact, the total amount of VC money is actually even less than the money we have given away in various donations (you can learn more about those here: https://proton.me/blog/2022-lifetime-fundraiser-results).
Holy crap! Never been so excited at a corporate account reply! Love your products. Love your philosophy. Great to know about limited VC funding! Thanks for the info. Now I can add Non Vc Funded TM to my list of endorsements for your services.
The new CEO concerns me. I didn't know who the founder was but I always had the impression it was a lone hacker. They passed the baton. Now it's some old Web 1.0 guy who was the CEO of eFax in the 90's.
That's not the type of service I thought I was using.
I looked up their headquarters in Santa Barbara and it's a co-working space. That doesn't sound very secure. Though that could be their corp address and they're hiding where they work.
Bitwarden has had VC investors for years, long before the mentioned 2022 funding. I think our track record to date shows how we operate in this relationship. We specifically choose partners that align with our vision, not just anyone that comes off the street wanting to throw money at us (though there are many). Our health as a company afford us this luxury.
Bitwarden is and has been monetized since the beginning. There are no plans to change how we monetize our products. It's working well for us.
No company will eever say that thereyare plans for aggresive monetezation. They will always say everything stays the same - open-source mindset etc.
Until 2 years later there is a license and pricing change. One that will make it 10 times more expensive - or the free/open-source version will be crippled.
The clients are fully FOSS, and there is a FOSS server reference application, too. What could go wrong? (Famous last words Inc.)
FWIW: I've been using this application for the past years. I pay 12 USD or so a year, though I self-host. I just pay as a thank you since I still use the FOSS client, and the price is very reasonable.
1Password is hardly even a competitor as it is a completely different price range, and different product. It isn't FOSS at all, there's a vendor lock-in (in contrast to Bitwarden), and it is 3x as expensive at the very least. They're miles apart.
And 1Password does not propose self-hosting anymore, which is why I am stuck to version 7 for my personal vault. At work, we use Bitwarden self-hosted solution. I could even use an encrypted text file to store my passwords if there were no self-hosting solution anywhere. It gives you an idea at how much I do not want my infos to be on the Internet somewhere.
I'm just a normal tech-lover guy who works in the marketing field. I have made my family & 2 agencies switch to Bitwarden and they all love it.
I have stored more than 400 passwords and more than 30 debit + credit cards in it. Though I don't need a paid plan but I'm paying $10 per year just to support the developers.
Just want to echo other comments, thanks so much for bitwarden I've been using it for years and it has changed my family's life. Even managed to get my aging parents to use it instead of their paper notebook
> The new CEO concerns me. I didn't know who the founder was but I always had the impression it was a lone hacker. They passed the baton. Now it's some old Web 1.0 guy who was the CEO of eFax in the 90's.
This sounds like ageism to me. I don't know if this guy is any good or not, but calling out someone as a 'concern' just because they were successful in the past isn't a good look. Is there anything more substantive behind your concern?
I've never heard "web 1.0 guy" as a pejorative, on top of what you said. For the curious, Michael Crandell is the CEO and he founded Right Scale in 2007 which exited in 2018 with 250 employees. He was EVP at eFax in the early aughts, which would have been somewhere in his twenties. He's a Stanford and Harvard graduate as well as a self-taught programmer in assembly. Here's an interview with him: https://medium.com/authority-magazine/michael-crandell-of-bi...
Kyle Spearrin is still at BitWarden and is listed as the Founder & CTO: https://bitwarden.com/about/ It looks like he lives in Jacksonville, FL and has a lot of hobbies.
Maybe this is some internalization, but thinking about another engineer referring to me, pejoratively, as a "web 1.0 engineer" would probably leave me confused. Am I supposed to be ashamed I played in the early days of the web?
I’m with you on all that. Web 1.0… so he has a fundamental understanding of how the Internet works? And was successful before blockchain nonsense came around? Sounds like good qualifications to me.
> he founded Right Scale in 2007 which exited in 2018 with 250 employees.
A strong negative signal as far as I am concerned.
For a consumer-oriented software startup, an “exit” is most of the time a polite euphemism for selling the userbase to a juicing machine of some sort; the second place is taken by selling the product to an enterprise-oriented business which doesn’t want the userbase and eventually will, with more or less grace, show them the door.
Therefore, when I see a consumer-oriented, VC-funded startup, I don’t see why I should consider trusting them for even a second. Dine on the free lunch while it lasts, yes; squirrel away every bit of software they’re willing to release, yes; trust, depend on, or invest even a tiniest bit of my time, no.
Based on the interview I linked BitWarden is going down a venture of trying to offer vault-like enterprise secrets management on top of BitWardens tech, which could mean they're trying to monetize the more enterprise side of their business.
Web 2.0 replaced Web 1.0, right? Is that because Web 1.0 was better or just as good? Or was that because Web 2.0 was an improvement? And we're a good decade or so beyond Web 2.0 now. Surely you're familiar with the term dinosaur in this context. Web 1.0 are the dinosaurs.
If you still think web 1.0 doesn't have any negative connotations there is nothing I can say to change your mind. But I strongly disagree.
You do realize that Web 1.0 and Web 2.0 aren't that far apart in time, right?
Tim Berners-Lee invented the web 1.0 when he was in his thirties in 1989.
Tim O'Reilly and Dale Doughterty, both in their 40s, coined the concept of Web 2.0 in 2004.
Tim Berners-Lee, then in his 50s, coined the semantic or executable web aka Web 3.0 in 2006.
Web 4.0 has no known origin, but the chase for artificial intelligence and machine learning was led by many of the same people from Web 1.0 from engineers to thought leaders. Many of the people who were building back then are only now beginning to peak in their careers. Not to mention, the guy you're talking about would be "Web 3.0" because the company he founded was in 2007 - pretty much the year cloud computing started.
I think, sadly, you're incredibly far down the rabbit hole of ageism.
> I think, sadly, you're incredibly far down the rabbit hole of ageism.
That doesn't make me wrong.
Is it ageism to say I'd rather have a 23 year old baseball player than a 60 year old one? What about a 23 year old model instead of a 60 year old model? Ageism? Ok. Then I'm an ageist. I'll take the 23 year olds.
'But being a model or a baseball player and working at a tech company are not the same thing'
Ya, I know. But the point stands. Crying ageism doesn't make you right or the person appealing to age wrong.
Yeah, it does. Just like racism and sexism, being ageist is wrong. You should really re-asses how you look at the world, because your current view stinks.
> Is it ageism to say I'd rather have a 23 year old baseball player than a 60 year old one? What about a 23 year old model instead of a 60 year old model? Ageism? Ok. Then I'm an ageist. I'll take the 23 year olds.
There are 60 year old models, what is wrong with that? Only somebody who is ageist thinks somebody can't be model at 60. As for the baseball player, they are not discriminated by age, but by physical condition. If a 60 year old player could have the same physical impact as a 23 year old, then why not?
When it comes to the industry we're in, physical condition is not a discriminator. We are knowledge workers. Older workers tend to (not always) have much more knowledge and experience. Which is why they are paid more and end up in leadership positions (as in this case).
Your comments assume that the guy stopped learning in 1989. How do you know that he's not keeping up with the times? How do you know that he can't understand the modern world, as you imply? And do you even know what it means to be an executive? It doesn't mean knowing all the latest features of the React. It means setting a strategy (with fellow executives) for successful growth of the business. These things are as old as time (well, as old as capitalism). Having a talented CTO paired with a shrewd/experienced CEO is a good setup. It doesn't guarantee success, but it's more likely to succeed than with inexperienced executives.
Here's another way of looking at it. Replace "old" in your original sentence with "black", "woman", or "gay":
- Now it's some black Web 1.0 guy who was the CEO of eFax in the 90's.
- Now it's some Web 1.0 woman who was the CEO of eFax in the 90's.
- Now it's some gay Web 1.0 guy who was the CEO of eFax in the 90's.
How do those sentences make you feel?
Your comments are ageist and you should realise that discrimination is unacceptable. It would be wise to stop digging.
Hacker News is essentially a marketing and legitimization arm of a VC firm. The community around it is the value. They know what happens if they try to change it.
Fairly sure that was meant tongue in cheek, as HN is literally run by a VC firm for all intents and purposes. Moderators seems to do a pretty well done making it impartial, but worth keeping in mind that Y Combinator ultimately run this website.
What could a password managing service possibly need this amount of money for - or worse - what could they possibly plan to be doing with it to convince the VC that they will get even more money back from this deal?
As someone who much prefers bootstrapping businesses, this seems like a just insane amount of money to raise.
If you had a growing popular product like this, why on earth would you raise that amount of money? This isn't a rhetorical question btw! I would honestly like to know the rationale here?!
It depends. If the point of the VC money is to go after enterprise customers and to expand into other enterprisey software security products, then $100M seems reasonable to me, especially for the time when the investment happened. The VC market seems to have cooled quite a bit from when Bitwarden took that investment, so times change and maybe they were just striking while the iron was hot?
The $10/year individual plan wouldn't warrant $100M investment. But going after big companies who are going to commit to $X/year/employee or similar kinds of pricing packages might, especially if Bitwarden integrates with existing corporate directory systems and such for delegating and managing accounts.
Maybe. Vaultwarden is just a compatible server. All the clients (web, browser extension, desktop, cli and mobile apps) are still maintained by Bitwarden.
Please note that bitwarden server is floss too - vaultwarden is just a simpler backend to self-host (and without a dependency on Microsoft SQL server):
The potential enshitification from this worries me. What crazy stroke will they feel they have to pull on users to satisfy the VCs need for a quick cash out.
I can understand your position, but there's more than a few of us that have watched some of our favorite products pursue new verticals for the sake of making more money, losing focus on what made them great in the first place, and ultimately dying, forcing us to pivot to some replacement that is better not because its made some revolutionary improvement to the problem space, but because it's less distracted.
All that to say, every time you hear someone talking about this, it's not because they want to talk crap about Bitwarden, it's because they are afraid of getting too sucked into yet another product that works well, only to have to leave when the company's leadership loses focus. Largely because they received pressure from investors trying to 10x their investment in the short term when they could have received sustainable dividends over time.
That's a slippery slope argument though. I am happy for the people you describe that they found a support group in HN comments for the impending demise of bitwarden but it's still just noise and doesn't nurture interesting conversations. Like the recurring "this webapp requires javascript", "signal is centralized", etc. It's becoming memes.
For now. It would be great if the client part would have a fork with an OS maintainer as well, who merges upstream changes but would also add features the corporate entity wouldn't want to do do. Vaultwarden is much much easier to selfhost for example.
The typical trajectory of VC-backed companies is one of the things that led us to develop Backbone[1]. We've opted to forego VC funding and the short-term benefits in entails to build the long-term foundational infrastructure for end-to-end encryption.
Another concerning realization is how sparingly encryption is used in (many) modern password managers. Sure, it makes search easier but it also leaks secrets stored in metadata fields without any disclosure to the user. And this is in the single-user setting! There are vastly more security considerations as soon as a common "workspace" is involved.
Welll.. Crap. And I just moved off LastPass within the past year :|
I even pay for Bitwarden and it's been great with its back-to-basics UI that just works, and not crushing page load performance with the Chrome plugin.. But 100M is a huge sum and we saw how this turns out.
Wow, I wasn't aware of this. With such amount of money raised, I would expect a more polished app/frontend. Their core open-source product as a password manager is solid, but the UX/UI could definitely use some improvement.
At some point, the pressure to aggressively monetize will unfortunately happen.
https://techcrunch.com/2022/09/06/open-source-password-manag...