If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.
If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.
There’s also this dated technology called a wired connection that some other dated technologies require. Since I don’t get to choose every device I interact with or depend on, that’s not always available.
I would disagree. A Bitwarden instance identifies itself as such to every visitor that comes by. It advertises itself as a particularly high value target. By contrast, a lot of what a NextCloud instance hosts is often personal and more valuable to the user than a hacker, so it does not become clear if there’s anything of value inside.
It also decreases the attack surface of my password manager itself because there are fewer features in it that may have a potential exploit. Even if an attacker compromises the NextCloud instance, that may grant access to the file itself, but they still have to contend with the entire security of the password manager. No device will ever make any contact with the server for password purposes other than to sync the database file, and there’s no web interface to inject a password stealing JavaScript file.
Hotspot does not imply that it needs to be wifi. You can share your internet connection via usb tethering too. (also a wild new technology, I know)
This ignores how modern internet attacks work. Hackers don’t sit around manually browsing websites. Automated botnets scan the entire IPv4 address space 24/7 looking for specific software signatures or known unpatched vulnerabilities. If a Nextcloud exploit drops today, a bot will breach the server before the hacker even knows what is stored inside.
Also, advertises itself to whom? I’m not exposing it to the internet. How many reports can you find of people getting their Vaultwarden instance hacked? This is a lot of assumptions that don’t track with reality.
You’re putting your database file in nextcloud. That increases the attack surface of your solution, a lot.
That’s *exactly *what a client for vaultwarden does…
Vaultwarden has a web interface, true. It’s also true that I’ve literally never used it for anythin other than creating the users. I haven’t opened it in years.
You’re choosing a very petty and small hill to die on, dude. Just admit that you prefer doing it your way even if there are better alternatives.