Say whatever you like but “a privacy-preserving telemetry” sounds to me like an oxymoron.
Im using bitwarden for mobile devices filled with crucial credentials and my main vault is a full offline database in keepassxc
main vault is a full offline database in keepassxc
I’m curious what your config looks like for this. How do you keep your db offline but accessible? Is it a restricted docker container? How do you access it when you’re not at home or on multiple machines (like a laptop)?
Not OP but I have my KeePass file on a locally hosted Nextcloud instance. Synced to multiple computers and phone but the Nextcloud server is only accessible at home LAN.
Passwords are the kind of data that don’t belong in the cloud, in my opinion. Those companies are too juicy targets.
I host vaultwarden, but it’s behind a tailscale network. Best of both worlds.
Offline as its not being synchronized into the cloud anywhere; if I need it elsewhere I just copy it manually from main OS. I could use some solution but its not worth efforts to my needs. What I keep in bitwarden is enough for my mobile needs
Dumb question but is there something you don’t like about the mobile keepass database editors? I practise similar vault seperation but I always just create a new temp keepass database for certain situations (work, school, etc) and just backup my main one
Why don’t you use a sync tool to automatically sync your KeePass database when you’re home and just get rid of Bitwarden?
Edit: Or just use Syncthing to always keep your database on all devices in sync. You wouldn’t even need to open ports.
I have gone back and forth on KeePassXC and Bitwarden. I usually do a yearly reset of all my passwords and that is when i do the switch. I’m fine with Bitwarden but permissions to make it easy on Android phone seems excessive. You guys are prompting me to reexamine.
Anyone try self-hosting VaultWarden?
Yes, I have a self hosted instance of Vaultwarden and I’m very happy with it.
Keep calm folks, they’re just not profitable right now. Unlike some of the smaller players with a viable business model, they just need to remain profit-driven until those profits arrive.
Small nuance:
“Later this summer, you’ll see the option to participate in our telemetry system and help improve 1Password. You don’t need to take any action right now, and we won’t collect any usage data without your awareness and consent first. Participation will be optional for Individual and Family plan customers. And at this time, our telemetry system won’t be rolled out to any team or business using 1Password.”Aka, it’s an opt-in that you can simply not opt-in to and if you don’t nothing changes and then it won’t be used on you.
For now. This is step one of enshittification. Step 2 is enabling it for new accounts by default. Step 3 is removing the ability for new accounts to turn it off. Step 4 is defaulting it on for legacy users, and step 5 makes it mandatory for everyone that isn’t paying for something.
Says them, I guess. Feels kinda weird to me.
And at this time, our telemetry system won’t be rolled out to any team or business using 1Password.
Uhh, what? If it’s opt-in why does it matter if team or business doesn’t have this? Different standards? To go through such lengths to explain this telemetry stuff to convince people, “Oh, no worries, yo! It’s OPT-IN! Trust us!” feels very dirty to me.
Because if I’m a CEO I can’t confirm that my other employees won’t opt in. Is the opt-in at an admin only level? Then you haven’t gained consent of the individual. So it’s a bit more complicated to roll out functionality to these classes of customers.
