Comment by jerf

I'm running Vaultwarden because while on the one hand I'd like to just pay a company to make my password problem go away, I don't know who I can actually trust to not try to take advantage of the fact they have all the keys to all my kingdoms at some point. I see some people complaining about "Private Equity", with justification, and before that it was the "Harvard MBA" mindset, where businesses are encouraged to think of their customers as a resource to be stripmined rather than relationships to cultivate.

I don't like being considered a resource to be stripmined by any company, but some are worse than others by the nature of our relationship. I do not need a company greedily looking at my bank password, my Google password, my brokerage account password, and even having them be tempted to look at my set of passwords with them and start valuating which password they can "intermediate" and charge me more for using. I don't even want them pondering the question of how they can break exports ("oops, sorry, passkeys can't be exported because $SECURITY_BLATHER, guess you won't be migrating" - to be fair, while I think Bitwarden had that for a bit I believe it's no longer true, but AFAIK it is true of other things that will hold passkeys for you) so that they can extract the value of my passwords to me.

I don't trust Private Equity or the Harvard MBA mindset to be allowed to hold on to my passwords. I don't trust any company holding passwords to not eventually be acquired by PE/HMBA types looking to stripmine my passwords. I don't trust any company that is, once you trace the entire value chain down, basically taking out real debt with my passwords as collateral. They get the money, I get the risk. Hard pass.

So I'm not happy about self-hosting my password vault in some sense... but who else can I trust?