The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes
Back in March, I wrote about Bitwarden doubling their Premium price — and specifically how they did it. Buried in a feature announcement. Priced in fake monthly increments for a product that has never once offered monthly billing. Communicated to existing customers fifteen days before their renewal, not before.
今年三月,我写过 Bitwarden 将 Premium 价格翻倍,以及他们具体是如何处理这次涨价的:把涨价藏在功能公告里,用虚构的月费口径标价,虽然这个产品从来没有提供过月付;并且只在现有客户续费前十五天通知。
Bitwarden responded on Mastodon. They confirmed everything in my post while apparently thinking they were defending themselves. I noted at the time that the response was its own data point.
Bitwarden 在 Mastodon 上做出了回应。他们确认了我帖子中的所有内容,同时显然认为自己是在为自己辩护。我当时就指出,这个回应本身就是一个数据点。
Well. There’s more data now.
好了。现在有更多数据了。
The Changing of the Guard 守门人更替
In February, as Fast Company reported, longtime CEO Michael Crandell quietly transitioned to an advisory role. No announcement from the company. You’d only know it happened if you went looking on LinkedIn. Crandell had been with Bitwarden since 2019 — back when they were still the scrappy underdog that everyone flocked to when LastPass started pulling the rug.
据《快公司》2 月报道,长期 CEO Michael Crandell 悄然转为顾问角色。公司没有发布公告。你只有去 LinkedIn 上查找才会知道这件事发生了。Crandell 自 2019 年以来一直在 Bitwarden 任职——那时 Bitwarden 还是一个灵活的挑战者,LastPass 在新所有权下开始让用户失望后,大量用户转向了它。
His replacement is Michael Sullivan, former CEO of Acquia and Insightsoftware. Sullivan’s LinkedIn page leads with his experience in “all facets of mergers and acquisitions, including direct experience with leading PE firms.”
他的继任者是 Michael Sullivan,前 Acquia 和 Insightsoftware CEO。Sullivan 的 LinkedIn 主页突出显示了他“在并购的各个方面拥有经验,包括与私募股权公司直接合作的经历”。
In plain English: M&A is the business of buying and selling companies. Private equity firms buy businesses, cut costs, grow revenue, and sell them at a profit. They’re not there to run a software company long-term — they’re managing an investment toward an exit. The people hired to run those companies are hired specifically because they know how that process works.
直白地说:并购就是买卖公司的生意。私募股权公司购买企业,削减成本,增加收入,然后以盈利价格出售。他们管理的是一项走向退出的投资。被雇来运营这些公司的管理者,价值就在于熟悉这套流程。
That’s the new CEO of your password manager. That’s what he leads with.
这就是你密码管理器的新 CEO。这也是他最突出展示的履历。
For context: Sullivan oversaw a $1 billion acquisition of Acquia by Vista Equity Partners in 2019, and a $1 billion investment from Hg into Insightsoftware in 2021. That’s not a software guy who happened to raise some money. That’s someone whose stated specialty is the PE integration and exit process.
作为背景:Sullivan 在 2019 年推动了 Vista Equity Partners 对 Acquia 的 10 亿美元收购,也在 2021 年推动了 Hg 对 Insightsoftware 的 10 亿美元投资。这是一位明确把私募股权整合和退出流程作为专业能力展示的管理者。
CFO Stephen Morrison also departed in April, replaced by former InVision CEO Michael Shenkman. Kyle Spearrin — who started building Bitwarden as a hobby project in 2015 because he was worried about what would happen to LastPass under new ownership — remains as CTO.
CFO Stephen Morrison 也在 4 月份离职,由前 InVision CEO Michael Shenkman 接替。Kyle Spearrin——因为担心新所有者会怎样对待 LastPass,于 2015 年开始将 Bitwarden 作为一个业余项目——仍然担任 CTO。
The irony is almost too much to type.
讽刺得几乎难以用文字表达。
The Website Is Remodeling Too 网站也在翻新
The phrase “Always free” disappeared from the personal password manager page in mid-April. It used to sit prominently under the plan selector. The free plan still exists — for now — but the commitment language is gone.
“永远免费”这个短语在四月中旬从个人密码管理页面消失了。它曾经显眼地位于计划选择器下方。免费计划仍然存在——至少目前是这样——但承诺语言不见了。
And then there’s the values rewrite.
然后还有价值观的重写。
Bitwarden used to define its culture with the acronym GRIT: Gratitude, Responsibility, Inclusion, and Transparency. After May 4th, that changed. GRIT now stands for Gratitude, Responsibility, Innovation, and Trust.
Bitwarden 以前用 GRIT 这个缩写来定义其文化:感恩、责任、包容和透明。5 月 4 日之后,这个定义变了。GRIT 现在代表感恩、责任、创新和信任。
Inclusion and Transparency are out. Innovation and Trust are in.
包容和透明被淘汰了。创新和信任取而代之。
Did They Announce Any of This? 他们宣布过这些变化吗?
I looked hard.
我仔细查过。
Their blog has nothing about the new CEO. No press release about the values change. No dedicated post about “Always free” being retired as a promise. The press room is silent on all of it.
他们的博客没有关于新 CEO 的内容。价值观变化没有新闻稿。“永远免费”作为承诺被撤下,也没有专门文章说明。新闻发布室对此一片沉寂。
There is one thing. A 2022 blog post by Crandell — “ Defining and sustaining value for Bitwarden users ” — was quietly edited. The GRIT list in the body now shows the new values: Innovation and Trust. But the explanatory paragraph at the bottom of the same post still says the old ones: Inclusion and Transparency. Crandell’s name is still on it. The post now contradicts itself, and nobody wrote a new one.
有一件事。Crandell 2022 年的一篇博客文章——《为 Bitwarden 用户定义和维持价值》——被悄悄编辑了。正文中的 GRIT 列表现在显示了新价值观:创新和信任。但同一篇文章底部的说明段落仍然写着旧的价值观:包容和透明。Crandell 的名字仍然在上面。这篇文章现在自相矛盾了,而且没有人写一篇新的。
That’s their announcement. A half-scrubbed edit of a four-year-old post they didn’t even finish updating. Same playbook as the price hike — bury it in existing content, don’t draw attention, hope nobody reads closely enough to notice.
这就是他们的公告:一篇四年前旧帖的半成品清理,连更新都没有做完整。和涨价用的是同一套手法——埋进现有内容,降低注意力,寄希望于读者粗略扫过。
Somebody always does.
总有人会发现。
And since we’re here — in a 2024 interview, Crandell told Fast Company the free tier was “a firm commitment from the company. Fully featured, free forever.”
既然说到这里——Crandell 在 2024 年接受 Fast Company 采访时表示,免费层是“公司的坚定承诺。功能齐全,永远免费。”
He’s in an advisory role now. “Always free” isn’t on the page.
他现在担任顾问角色。“永远免费”不在页面上。
I’ve Already Moved On 我已经迁移
My Vaultwarden instance has been running since January. The Bitwarden cloud account is closed — I shut it down around the time that last post went live. I’m not watching this because I’m worried about my own passwords. I’m watching it because this is what I document.
我的 Vaultwarden 实例从一月就开始运行。Bitwarden 云账户也已经关闭——我大约在上一篇文章发布时关闭了它。我关注这件事,是因为这正是我长期记录的模式。
The pattern is always the same: build trust, establish dependency, then quietly renegotiate the terms. And it never comes in a single dramatic announcement. It comes in layers. A feature post with a price change inside it. A LinkedIn update nobody made a press release about. A values page that says something slightly different than it did last week.
模式总是相同:建立信任,建立依赖,然后悄悄重新协商条款。它通常分层发生:一篇夹带价格变化的功能文章,一条没有新闻稿配套的 LinkedIn 更新,一个和上周说法略有不同的价值观页面。
If you’re still on Bitwarden cloud and this is giving you pause — it should. I wrote about the GitHub version of this story in March — trusted open source platform, promises of independence, years of quiet erosion, then Phase 3. The parallel is close enough to make you nervous. And if you want to actually own your vault rather than wait and see: here’s how I did it.
如果你仍在使用 Bitwarden 云服务,并且这让你开始犹豫——这种犹豫有依据。我在三月写过这个故事的 GitHub 版本:一个受信任的开源平台,独立性承诺,数年静默侵蚀,然后进入第三阶段。这种相似性已经足以让人警惕。想真正拥有自己的保险库,可以参考我的迁移做法。
My read on where this is going: Sullivan’s entire career is taking companies to an exit. Maximize revenue, clean up the balance sheet, make the numbers attractive, find a buyer — a big tech company, a rival like 1Password, someone who wants the user base or the enterprise contracts. That’s what you hire this profile of CEO to do. And if that happens, the hard forks won’t be a question. The price hike got grumbling. Watching your password manager get swallowed by a company you switched away from would kick them off properly.
我对走向的判断:Sullivan 的整个职业生涯都围绕把公司带向退出。最大化收入,清理资产负债表,让数字更有吸引力,找到买家——一家大型科技公司、1Password 这样的竞争对手,或任何想要用户群和企业合同的公司。这正是这类 CEO 背景的用途。如果发生收购,硬分叉会成为现实选项。价格上涨带来了抱怨;看到自己已经迁出的密码管理器被另一家公司吞并,会把社区反应推到更高强度。
A Note for Vaultwarden Users 给 Vaultwarden 用户的一则说明
Whether self-hosting stays viable long-term is the real question worth sitting with.
长期自托管是否可行才是真正值得深思的问题。
Right now it works because Bitwarden’s clients are open source and the server API is public. Vaultwarden implements that API, and the official apps can’t tell the difference. That depends on Bitwarden continuing to publish open source clients and not restricting which servers they’ll talk to — neither of which is guaranteed under new management.
目前它能工作,是因为 Bitwarden 的客户端是开源的,服务器 API 也是公开的。Vaultwarden 实现了这个 API,官方应用也能正常连接。这个模式依赖 Bitwarden 持续发布开源客户端,并继续允许客户端连接第三方服务器;新管理层下,这两点都属于需要持续观察的前提。
The brake on the worst case: self-hosting is a listed Enterprise feature that generates real revenue. Killing it upsets paying business customers. That matters.
最坏情况的制动因素:自托管是一项列明的企业功能,能够产生真实收入。取消它会激怒付费商业客户。这个约束有现实重量。
The catch: what Bitwarden sells to enterprises is their own official server stack, not Vaultwarden. Vaultwarden exists in a space they’ve tolerated but never endorsed. If the calculus shifts, the tolerance ends without any announcement. Just let the API drift until compatibility breaks on its own.
难点在于:Bitwarden 向企业销售的是自己的官方服务器栈,Vaultwarden 处在一个被容忍、尚未被正式认可的空间。如果商业计算发生变化,这种容忍可能在没有公告的情况下结束。只要让 API 逐渐漂移,兼容性就会自行破裂。
I don’t think that’s imminent. But I also thought the free tier commitment was ironclad, and “Always free” isn’t on the page anymore.
我认为这件事短期内发生的概率低。但我之前也认为免费层承诺坚如磐石,而“永远免费”已经从页面上消失。
The real safety net is that Bitwarden’s clients are Apache 2.0 licensed. A fork would need a rebrand to stay clear of the trademark — different name, tweaked UI, same engine — but that’s a speed bump, not a wall. The web vault works through any browser regardless of what happens to the apps, so worst case you’d lose autofill temporarily while a fork caught up. Inconvenient, not catastrophic. Vaultwarden itself is already proof the model works.
真正的安全网是 Bitwarden 客户端使用 Apache 2.0 许可证。分叉需要重新品牌化以避开商标问题——不同名称、调整界面、保留同一套引擎——这更像减速带。Web vault 可以通过任何浏览器工作,所以极端情况下,自动填充会在分叉追上前短暂受影响。Vaultwarden 本身已经证明了这个模型的可行性。
Watch the clients. If they go closed, the community will notice fast, and the fork will follow.
关注客户端。一旦客户端转向闭源,社区会很快注意到,分叉也会随之出现。
Update(s): 更新:
Within days of this post going viral, “Always free” quietly reappeared in the pricing table. Make of that what you will.
这篇帖子传播开后的几天内,“永远免费”悄然重新出现在价格表中。自行判断吧。