Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

  • Atemu
    link
    fedilink
    arrow-up
    5
    ·
    2 months ago

    As with all of their services, the back-end is closed-source.

    For the purposes of user freedom, it’s not that critical as the back-end merely facilitates the storage and synchronisation of encrypted data. This is different from the bitwarden case where they’re now including freedom disrespecting code into the most critical part of their software: the clients which handle the unencrypted data.
    Fact of the matter remains however that Proton Pass restricts your freedom by not allowing you to self-host it.

    If you are fine with not being able to self-host, I’d say it’s a good option though. Doubly so if you are already a customer of their other services.
    Proton has demonstrated time and time again to act for the benefit of its users in the past decade and I see no incentive for them to stop doing so. I’d estimate a low risk of enshittification for Proton which is high praise for a company of their size.