Hacker News new | past | comments | ask | show | jobs | submit login

The people at Bitwarden and their supporters are familiar with countless examples of this playbook. Those tricks are not as easy to pull anymore. I have seen Bitwarden be very ethical in their business so far. I recommend it to my friends and family and to my company to pay for the service. It is a similar model to Nextcloud who successfully funds their business from governments and companies and provides it free to individuals. This model can and does work well.



The people at Bitwarden and their supporters need to answer 1 simple question.

How do they increase their valuation 10+x without pulling those tricks.

Because that's what the VC funding demands. No VC is giving out $100mm for a 20% or even 100% return, which could possibly be achieved by simple growth. They're giving that money because they're expecting exponential return.

Maybe there is an enterprise play somewhere here which justifies this, while maintaining the core product in its current form. I guess we will see, but I'm not holding my breath.


> Maybe there is an enterprise play somewhere

The post mentions the plan to implement advanced business features, and also "Business users deserve consumer ease-of-use along with advanced integration and deployment features."


That just makes it worse. I'm a paying customer right now. VC + focus on business means the consumer stuff dies or gets neglected to the point that it should die. All resources get moved to the high-growth parts of the business once VC enters a company. Bitwarden will not be the first to get VC to change its operating principles.


Yeah I think it means "we're going enterprise, at-home users enjoy your coming time with bitwarden as it may end abruptly" . That's a bit superlative, but I suspect people should be looking for alternatives. Anything has to be better than my old way of adding my own password layer on top of an excel spreadsheet that I came up with while in college a long time ago. Bitwarden syncing was pretty nice and it not trying to turn into some kind of swiss army knife app.


Here we go again: Some company (in this case, Bitwarden) "betrayed" its customers by doing what every other firm does. And Hn goes brrr over it. Then another alternative (KeePass) appears on HN's frontpage. It's like companies are right: You can't target the niche market of programmers because their expectations are through the roof.

I wonder, aren't the majority of HNers working at a for-profit company funded by VCs?

The hypocrisy is just intolerable at this point.


I usually just ignore comments like this, but I'm honestly curious. What part of my comment are you replying to?


> VC + focus on business means the consumer stuff dies or gets neglected to the point that it should die. All resources get moved to the high-growth parts of the business once VC enters a company.

At the end of the day, engineers/programmers are the ones who implement these changes. I find it unacceptable that lots of HNers get so high minded about these issues but then go on to contribute to the problem by working at for-profit companies. Nothing wrong with either one, just choose one.


One benefit of providing a great free service to individuals is that they become champions and help sell the product. Case in point, I work in IT at a large company that currently does not have an official password manager, and I am recommending it here.


"advanced business features" can also translate as "we don't know how we're going to monetize this but we'll hopefully figure out how to make companies pay for the service"


I think that's a pretty disingenuous translation. The post describes some ideas and I'd imagine that the VCs who invested were provided with a more detailed planned.


This is the only way it works out, and even those are susceptible to falling years later (Google's "free domain email for life" as an example).

The way it works is if the free/small customer cost to maintain is just absolutely minuscule compared to the total costs/revenue.


I mean in theory it doesn't have to. Someone can run a business privately and run it the way they want and enjoy it. Make great profits, but probably not become a billionaire. VC vultures however will not allow that and they have their own pump and dump agenda.


Any company that promises a service for life is just lying- cost/benefit five years on will always fail, and new managers won't feel bound by the promise


Doubling money isn't good enough? Is the business plan that risky?


The server and client-side apps/extensions for Bitwarden are open source unlike Lastpass too.

At worst, we'll have to fork a current release if BW does stupid things in the future.


until they aren't open source anymore and once the FOSS forks are many features behind the product, then they adjust pricing


I switched to Bitwarden after using Lastpass for years and it's pretty feature-complete for me -- it has feature parity with LP and there's a bunch of features that I don't even use.

Even the unofficial Rust-based server looks to have more features than I need:

https://github.com/dani-garcia/vaultwarden/wiki


Yup, I switched to Bitwarden and self host my own instance of it using that container. It works great. I was previously using Keepass (and later keepassxc), but it became a hassle to keep the database file in sync between all of my devices (I lost passwords at times as a result). Also the browser extension didn't work that well, nor did it have as nice of Android integration as Bitwarden.

Self hosted was a nice middle ground. No one else has a copy of my password database, and it's always in sync between devices. Stick nginx as a proxy in front of it for https and easy let's encrypt certificate management. The downside is that Keepass by default allowed me to have copies in multiple locations. Bitwarden is only on the server, but since the database is encrypted it's easy enough to have regularly scheduled backups of it. It just is an added step to find another docker host for it if my home server goes down, during which time I may not have access to my passwords.


> Also the browser extension didn't work that well, nor did it have as nice of Android integration as Bitwarden.

What were your issues? For the browser, I have some extremely minor complaints (not always detecting the correct subdomain for my selfhosted servers mainly), none for Android with Keepass2Android.

Also, no sync issues at all, but that might be related to having only 2 devices ;)


I self-host the vaultwarden server on my homelab for my family. I love being able to use collections to share passwords with my spouse and the same for each of my kids.

I got tired of Lastpass's janky clients, UI, and data breaches. Now I control the security of my passwords.


The nice thing is that it's so easy to set up a company these days that it can just take the last FOSS copy, fork it and go. It'd be a particularly good deal for BW devs, who would've got paid to R&D their own product.


> Those tricks are not as easy to pull anymore.

Arguably, they did with Bitwarden already, no? Ie even if they don't do anything bad - they still executed steps of free users and large VC checks.

Which is to say, does it not seem like they've already executed the "trick"? Users are already there, they have cash in hand. Their motivations don't matter much here, we as users can only see their actions.

But i don't follow bitwarden at all. I avoid free products for this "trick" reason. If i'm not paying or self hosting, i'm not interested heh. Am i reading Bitwarden wrong?


The company is providing a service of vault hosting around the free software they maintain. Hosting and maintenance has many costs that need to be covered somehow, and we want them to improve the service. The hosting costs of individual users with a free though generous account is supplemented by paying companies and governments. Users are not locked in, as they can easily download their vaults and move to another solution or self host it themselves. Some free password managers such as KeypassXC require users to properly manage backups or host their vault somehow. This is too complex for most users and where Bitwarden fits well. Of course the company could go astray, but so far so good.


> The hosting costs of individual users with a free though generous account is supplemented by paying companies and governments.

I can think of a way to lower costs... :-/


Password vaults are trivially small to host. The marginal costs for these individual users is small. The bigger concern is if they try to monetize these users in some way that harms them. If they ever pulled something like that, many of us would quickly switch from being proponents to vociferous enemies of the company.


... this just happened to 1password less than a year ago... what 'anymore' are you talking about?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: