Adam KatzJun 6
Adam Katz

RE: https://ppb.social/@ppb1701/116582684084696616

I'm thinking about switching from @bitwarden to @protonprivacy Pass. Sadly, neither company has taken a stance against LLM-assisted coding, which is a major security concern, but I think Proton has a stable profit model and good momentum behind it while Bitwarden is about to be squeezed for financial gain.

What do I need to watch out for? (I'm not interested in other options except maybe Vaultwarden. Yes, I'm aware of Proton's legal contradictions.)

Jun 6 at 3:10amWeb
Show threadDavid ZaslavskyJun 6

@adamhotep Would this be only the password manager or are you considering using Proton's other services?

For the password manager, the one thing that comes to mind off the top of my head is that there might be a bit of a lock-in effect. I seem to remember looking into how I would export from Proton Pass and finding it difficult or at least more complicated than I would have expected. It's been a while, though, I wouldn't be surprised if the situation has improved since then.

Show threadAdam KatzJun 6

@diazona Bitwarden can import Proton Pass dbs (therefore Vaultwarden, too) and so can KeepassXC (though I'd seek out something like Chipass were I to go that route).

I'm already a Proton payer, so it would save me money to move.

Import & Export FAQs | Bitwarden

This article contains FAQs regarding importing and exporting data to and from the Bitwarden password manager.

Bitwarden
Show threadDavid ZaslavskyJun 6

@adamhotep Ah okay, if you're already paying for Proton then that probably swings things more in favor of using their password manager, although maybe not if you're already looking to move. (FWIW I just noticed some news about them sponsoring a fascist video site or something - dunno the details yet but it seems noteworthy)

Thanks for pointing out Chipass; I'll have to keep an eye on that, since KeepassXC not being ported to Qt6 has been causing some trouble for me lately.

Show threadAdam KatzJun 6

@diazona oh, I thought Chipass was a fork of KeePass from before its AI policy change, meaning it should have fewer features.

Update: the Chipass Codeberg page answers this:

KeePassXC asks us to be skeptical of them if we are skeptical of LLMs. This is a convincing argument. A password manager doesn't need 300 regular contributors armed with 14 LLMs; it just needs to do its job, be stable, and be ported to Qt 6 already.

So they're going to work on it independently, even if it makes upstream syncs more difficult.

Show threadDavid ZaslavskyJun 6
@adamhotep I don't know anything about it other than what it says on the website, but it sounded like it was forked from the latest pre-genAI version of KeepassXC so it would be pretty much on par feature-wise, at least for now 🤷
Show threadDavid ZaslavskyJun 6
@adamhotep Oh whoops I posted before seeing your update, mb