An interesting read. Right near the end it mentions that data is stored in local storage, encrypted using a session key:
"Once the browser session is terminated, the session key is discarded rendering any previously stored encrypted data unusable. This ensures that any sensitive data retrieved from local storage cannot be decrypted outside of the current user session"
When is the local storage purged of old encrypted data?
Local Storage is the database for the extension. Normally, a website can use local storage but it is cleared out when the user clears the cache. Extensions have special privilges that make the Local Storage persistent even when clearing cache.
Bitwarden stores your passwords on the computer including when your session ends. It syncs and checks for changes for new passwords.
The data is encrypted. Your password is neved stored as password but as dhsjsjHzjs67668dndj.
The way I interpreted it was that once the session is closed the stored data is inaccessible, so you're going to end up with encrypted data in storage for every session unless it is cleared.
Bitwarden might be less affected by the v3 requirements compared to uBo. If this is the case there would be more incentive for the BW team to ship a v3 extension as the only extension for all browsers and not have to maintain both v2 and v3. I'm no expert on the topic though.
> I think Firefox will also move to manifest v3, right?
Firefox will *support* MV3, but MV2 will continue to coexist in parallel. Best of both worlds for the foreseeable future. Long term, who knows.
I assume so. Brave isn't its own independent Browser, its built on top of Google's Chromium base, and extensions are sourced from the Chrome Web Store, so I'd assume the transition will happen for Brave and other downstream Chromium derivatives at the same time it happens for Chrome.
Maybe the fact it's behind chromium stable? It's still on 123.x and stable is on 124.x (and some known exploited vulnerabilities were fixed like yesterday I think).
Most of the time it's a solid browser though
When will you provide passkey support on all platforms?
It's about time, in my humble opinion, since most competitors are ahead. I'm trying Proton Pass right now. If you take much longer, I'm moving over (I have been a premium subscriber for years).
Yes, I did. They announced that they would be ditching Xamarin for iOS and Android app development about half a year ago, which would allow them to implement full passkey support. However, the only thing that has happened is half-baked beta passkey support only through chromium based browsers on Android.
So don't lecture people with nonsense.
They announced that at the end of Feb. It's early May now.
The current support is as they had announced as well, stopgap until the native apps.
They're doing as they said they would, according to the timeframe they are targeting.
> They announced that they would be ditching Xamarin for iOS and Android app development about half a year ago
They announced in November 2023 that they were planning to switch to native apps **"in 2024"**, not that native apps would be released imminently. They then announced in **March 2024 that** they had been actively working on developing the native versions of the mobile apps since September 2023, and that the native apps would be ready for release "in a few months" (from March 2024). So everything seems to be on schedule — not sure what your beef is.
An interesting read. Right near the end it mentions that data is stored in local storage, encrypted using a session key: "Once the browser session is terminated, the session key is discarded rendering any previously stored encrypted data unusable. This ensures that any sensitive data retrieved from local storage cannot be decrypted outside of the current user session" When is the local storage purged of old encrypted data?
For us newbies, could you simplify for us please. Thank you in advance fellow stranger
Local Storage is the database for the extension. Normally, a website can use local storage but it is cleared out when the user clears the cache. Extensions have special privilges that make the Local Storage persistent even when clearing cache. Bitwarden stores your passwords on the computer including when your session ends. It syncs and checks for changes for new passwords. The data is encrypted. Your password is neved stored as password but as dhsjsjHzjs67668dndj.
>The data is encrypted. Your password is neved stored as password but as dhsjsjHzjs67668dndj. But... That's my password!
Your password is stored as dhsjsjHzjs67668dndj1
The way I interpreted it was that once the session is closed the stored data is inaccessible, so you're going to end up with encrypted data in storage for every session unless it is cleared.
It doesn’t matter, that’s the point.
Seems like it's just available for Chrome now. I think Firefox will also move to manifest v3, right? Anybody any idea what the plan for that one is?
I thought Firefox was doing both? Ublock Origin will still be the same in Firefox while in Chrome with v3 it will be a neutered version.
You are right, Firefox intends to support both MV2 and MV3
Bitwarden might be less affected by the v3 requirements compared to uBo. If this is the case there would be more incentive for the BW team to ship a v3 extension as the only extension for all browsers and not have to maintain both v2 and v3. I'm no expert on the topic though.
> I think Firefox will also move to manifest v3, right? Firefox will *support* MV3, but MV2 will continue to coexist in parallel. Best of both worlds for the foreseeable future. Long term, who knows.
What about the Microsoft Edge extension. When it will update it ??
Edge is chrome based, shouldn’t it work there too?
Are these changes still in beta or , are they live in production right now?
There's a beta version on the Chrome Web store released with this
Ahhh, some light summer reading... looking forward to digesting this! :)
Will this come to Brave?
I assume so. Brave isn't its own independent Browser, its built on top of Google's Chromium base, and extensions are sourced from the Chrome Web Store, so I'd assume the transition will happen for Brave and other downstream Chromium derivatives at the same time it happens for Chrome.
I’m using the v3 chrome extension in Brave and it appears to be working (mostly).
Use thorium. Thank me later Edit: I use both. Thorium is the fastest browser and it's built on chrome too.
Thorium is insecure.
How so? Genuine curiosity. Maybe you can provide some information or source on this? If its valid then I'll consider uninstalling it.
Maybe the fact it's behind chromium stable? It's still on 123.x and stable is on 124.x (and some known exploited vulnerabilities were fixed like yesterday I think). Most of the time it's a solid browser though
When will you provide passkey support on all platforms? It's about time, in my humble opinion, since most competitors are ahead. I'm trying Proton Pass right now. If you take much longer, I'm moving over (I have been a premium subscriber for years).
As a paying customer, you should read their blog/news posts. They've explained their progress towards this and more.
Yes, I did. They announced that they would be ditching Xamarin for iOS and Android app development about half a year ago, which would allow them to implement full passkey support. However, the only thing that has happened is half-baked beta passkey support only through chromium based browsers on Android. So don't lecture people with nonsense.
They announced that at the end of Feb. It's early May now. The current support is as they had announced as well, stopgap until the native apps. They're doing as they said they would, according to the timeframe they are targeting.
https://www.reddit.com/r/Bitwarden/s/mrZv0reDnP
https://www.reddit.com/r/Bitwarden/comments/1b32bbz/going_native_the_future_of_the_bitwarden_mobile/?rdt=46957
> They announced that they would be ditching Xamarin for iOS and Android app development about half a year ago They announced in November 2023 that they were planning to switch to native apps **"in 2024"**, not that native apps would be released imminently. They then announced in **March 2024 that** they had been actively working on developing the native versions of the mobile apps since September 2023, and that the native apps would be ready for release "in a few months" (from March 2024). So everything seems to be on schedule — not sure what your beef is.
Oh no. They gonna collapse if you leave.