| Is this a market failure? I'm trying to work out why it feels bad to trust a private company with this kind of information, whereas "we" are happy to trust AWS with our servers, Hashicorp with our Vaults, etc. But these businesses seem to rely on some amount of scale for their trustworthiness. Password managers seem like a cottage industry in comparison, especially as lots of their users will just be "normies" and even ones on a free tier, because ~nobody thinks they should pay for a password manager? > I don't trust Private Equity or the Harvard MBA mindset to be allowed to hold on to my passwords. I agree, but you have credible exit. As annoying as it is, it seems quite feasible to continuously migrate to the next provider who is currently in their "don't be evil" phase. Someone on lobste.rs suggested there should be a worker-owned co-op for password managers. This fits my personal bias, but I wonder if it would be any more resistant to this failure mode? Co-ops can be bought out also, and depend on strong leadership to prevent this. Maybe a customer-owned co-op instead of a worker-owned one could make it more impractical to buy out. Or a foundation model like Signal, Wikipedia etc. EDIT: I'm reminded of https://fleetdm.com/ business model, which is heavily open source yet paid. That seems like essentially what Bitwarden was? And presumably Fleet is not protected from the same outcome, no matter how inspiring their example is right now. |