

A “privacy product” inherently involves a lot of trust. When the creators are academics with little to no professional footprint, you need to assess things based on what information they do provide you. Whether that be code (yay open source) or customer interactions (forum posts).
I know we all yearn for the days of “Use Google. Their motto is ‘do no evil’ so you know they are our friends!”. But… that was a much stupider time.
Like, even if you suckle at the teat of Saint Capitalism, you should at least want a good product. And… this looks like enthusiast code with minimal maintainability but a heavy emphasis on marketing.


And… people are now wondering just how fast Bitwarden can speedrun late stage capitalism with recent changes. And realizing just how much data Bitwarden Corp actually has.
We go through cycles of this. Company A is bad but Company B is good… and it is almost always based on marketing. Google used to be AMAZING because “do no evil” and “they gave me a bunch of gigs of email storage!”.
Hell, some of us might be old enough to remember when Spideroak was the bee’s knees and totally secure… until people started realizing there were issues with what they were saying. They have no copies of your encryption key… but you can recover your password. And then there was the brief debacle where people realized they could download any file they had the hash for. But hey, they weren’t Dropbox!
I don’t think a company being involved inherently makes it bad. I don’t even think a company that keeps keys on their servers are inherently bad. Data… gets murky but that is more because of the logistics of what that means for hosting and operating costs.
But it IS important to actually assess a product before using it and to understand the risks. Every year or so people lose their shit at Protonmail when they find out that, contrary to widespread belief, Proton Corp isn’t going to serve a century in a black site for their customers. And every single time, people point out that Proton never said they would. They are VERY upfront about what they do and don’t provide and… the reality is that most of the privacy oriented benefits of that service are in that they don’t require any kind of authentication to create an account. Which… is akward when you realize it is better to NOT pay if privacy is your concern.
But what makes a random start-up with no meaningful (professional) footprint “a more trusted option than Google”?