If that data were encrypted it would at least reduce the number of people that has access to it.

It’s also only possible because the information they used (BFI) is unencrypted.

It’s because people don’t like to be publicly proven wrong or humilliated or whatever you want to call it. Unless they come to that conclusion themselves or you can express your point in more polite and less preachy manner, you’ll always get significant pushback.

You should also not be ysing a corporate laptop for your private stuff. If you do need to use it, you can do use the password manager the old way, just read from your phone and manually type it in.

Lastly, since you’re proposing a corporate scenario, you wouldn’t be able to install a random program on your laptop. IT would either block the installation or you’d have to explain why you’re installing random programs on your work computer.

This is getting pathetic dude, just move on.

Some environments restrict USB access for security reasons.

Where are you even trying to use your password manager??? You’re absolutely batshit dude. I’m not reading this wall of text.

What do you mean by “gargantuan” stack? I have a single docker container for vaultwarden that was very easy to set up and it uses less than 100mb of ram.

Not sure about the client claims though. I haven’t really looked into it that much. Are you saying all versions of the client and extensions of BitWarden have issues?

EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

I replied to that comment. You’re assuming that compromising vaultwarden is somehow easier than compromising nextcloud. No idea why. Intercept the password where? I’m using a local client and only syncing the vault. You seem to be pretty unfamiliar with how vaultwarden works.

EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

There’s also this dated technology called a wired connection that some other dated technologies require.

Hotspot does not imply that it needs to be wifi. You can share your internet connection via usb tethering too. (also a wild new technology, I know)

A Bitwarden instance identifies itself as such to every visitor that comes by. It advertises itself as a particularly high value target. By contrast, a lot of what a NextCloud instance hosts is often personal and more valuable to the user than a hacker, so it does not become clear if there’s anything of value inside.

This ignores how modern internet attacks work. Hackers don’t sit around manually browsing websites. Automated botnets scan the entire IPv4 address space 24/7 looking for specific software signatures or known unpatched vulnerabilities. If a Nextcloud exploit drops today, a bot will breach the server before the hacker even knows what is stored inside.

Also, advertises itself to whom? I’m not exposing it to the internet. How many reports can you find of people getting their Vaultwarden instance hacked? This is a lot of assumptions that don’t track with reality.

It also decreases the attack surface of my password manager itself

You’re putting your database file in nextcloud. That increases the attack surface of your solution, a lot.

No device will ever make any contact with the server for password purposes other than to sync the database file

That’s *exactly *what a client for vaultwarden does…

there’s no web interface to inject a password stealing JavaScript file

Vaultwarden has a web interface, true. It’s also true that I’ve literally never used it for anythin other than creating the users. I haven’t opened it in years.

You’re choosing a very petty and small hill to die on, dude. Just admit that you prefer doing it your way even if there are better alternatives.

There’s this wild technology called a hotspot. You can use your already authenticated device to give another device access to your services indirectly.

Even if they break into my NextCloud, they’d have to crack an unreasonable password to break the password database open.

That level of security is exactly the same as exposing your password manager to the “fucking” internet. Not sure why you criticized it before when you (incorrectly) assumed that I was doing that.

You need two apps though and I personally have more faith in vaultwarden being stable than nextcloud.

Glad your “fucking” password manager isn’t exposed to the internet. Mine isn’t exposed either since I use tailscale to access it. Your comment leads me to believe that your NextCloud instance IS exposed to the internet. Wouldn’t that mean that if a hacker gets access to your account they could also get your keepass file as well?

Yup, it is. On one hand, I would have wireguard configured regardless beacause I don’t like publicly exposing my server. On the other, if you had to do it just for this and don’t want to configure wireguard manually, just use zerotier, tailscale or netbird. They can be set up in like 15 minutes and after you get it working you don’t need to touch it again.

Doesn’t keepass only work on a single device? Meaning that you have to handle syncing the database file yourself. I prefer selfhosting vaultwarden. Maybe these changes will make me migrate to something else but for now I’m very satisfied with vaultwarden and the bitwarden client.

No hay nada por lo que pedir perdon! Fue una correccion menor, se entiende lo que quisiste decir de todas formas :)

*a mi tambien

And I’d rather not deal with extra, unnecessary security concerns.

Or just use ZeroTier/Tailscale/NetBird/Wireguard and you can access your server from anywhere without exposing it to the imternet directly.

You’re so far off the mark that I’m not even going to keep spending my time to explain why.

“They” don’t have to do that. They can just install the jellyfin server .exe in their computer and point it to their libraries, that’s it. As time goes on they couls slowly start adding plugins or learning how more advanced features work. But hey, if you want to pay a thirs party to access your own media, go ahead. We all make mistakes in life xD

If you tell me you don’t have time, sure. Been there, done that. However, “too complicated”? Nah. I’m also not trying to convert people to Jellyfin users. Use what you want to. Doesn’t mean that I can’t think you’re making the wrong choice. I’m as free to think and say what I want as you are.

Google makes most of it’s money from advertising - which works by tracking everything you do and building detailed profiles of you.

So the answer’s “no”? Gotcha. I do try to avoid using google products and I do use extensions to try to prevent tracking. So maybe they’re making less money off of me than others? Who knows.

This might not be intentional, but it sounds to me like whataboutism combined with “there is no perfect option, so we shouldn’t do anything”.

Not even close my friend. However, you can’t fight every single battle. I try to pollute as little as possible, selfhost everything I can, don’t buy things I don’t really need, etc. Regarding youtube though? I just wanted to watch videos without ads on my tv and it cost me next to nothing to be able to do that.

Pro tip :P you can use "> " to quote text. It’s easier to read.