Hi everyone! For… I guess over a year now? I’ve been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I’ve been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you!

I’m also looking for feedback. I haven’t tried all the software on that list, and I’m sure there’s software I’ve never heard of that needs added. I’m looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements.

Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees.

The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help!

My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback!

Thank you all for reading and taking the time to look through my list!

  • ocassionallyaduck@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.

    For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.

    However KeePassXC’s sync feature does sync the vault.

    Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

    If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.

    Syncthing is a direct device to device transfer. No server in the middle unless you want it.

    https://docs.syncthing.net/users/relaying.html

    • sudneo@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Agree on the versioning issue. In fact I mentioned that the issue is convenience here. It is also data corruption, but you probably are aware of that if you setup something like this. Manually merging changes is extremely annoying and eventually you end up forgetting it to do it, and you will discover it when you need to login sometime in the future (I used keepass for years in the past, this was constantly an issue for me). With any natively sync’d application this is not a problem at all. Hence +1 for convenience to bitwarden.

      However KeePassXC’s sync feature does sync the vault.

      How does it work though? From this I see you need to store the database in a cloud storage basically.

      For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate.

      I use this method for my notes (logseq). Never had synchronization problem, but a lot of battery drain if I let syncthing running in the background.

      Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

      I guess this can be very common or even always the case for people using some ISPs. In general though, you are right. There is of course still the overall risk of compromise/CVEs etc. that can lead to your (encrypted) data being sent elsewhere, but if all your devices can establish direct connections between each other, your (encrypted) data is less exposed than using a fixed server.

      If you are paranoid, the software is open source and you can host your own relays privately,

      This would also defeat basically all the advantages of using keepass (and family) vs bitwarden. You would still have your data in an external server, you still need to manage a service (comparable to vaultwarden), and you don’t get all the extra benefits on bitwarden (like multi-user support etc.).

      To be honest I don’t personally think that the disclosure of a password manager encrypted data is a big deal. As long as a proper password is used, and modern ciphers are used, even offline decryption is not going to be feasible, especially for the kind of people going after my passwords. Besides, for most people the risk of their client device(s) being compromised and their vault being accessible (encrypted) is in my opinion way higher than -say- Bitwarden cloud being compromised (the managed one). This means that for me there are no serious reasons to use something like keepass (anymore) and lose all the convenience that bitwarden gives. However, risk perception is personal ultimately.