Pros of Proton Pass over bitwarden

• Much better UI/UX (in terms of looks and ease to navigate)
• The app is feels much faster than Bitwarden's, maybe its not objectively, but it feels lightyears ahead in terms of >speed
• Possibility for separate email and username fields
• more seamless integration with simplelogin aliases than what Bitwarden has
• TOTP is available in the free version

1. Bitwarden is currently working on redesigning their apps, which will also include new native mobile apps that will fix the current speed issues. You can already test them if you are interested.

2. Even if Bitwarden doesn't have as straightforward implementation regarding the separate email and username fields, you can easily use custom fields to solve this issue. As you also noted, Bitwarden will also autofill these.

3. Even though Proton’s SimpleLogin implementation is more simple and likely easier to use compared to Bitwarden, it also poses a serious lock-in issue with Proton Pass. If you ever decide to downgrade to a free plan, Proton will disable all your aliases that go beyond the max limit (10) in the free plan. This is a big contrast to even SimpleLogin that will keep all of your aliases operational even if you downgrade to the free plan. I would also take Bitwarden’s alias implementation over Proton Pass because they support multiple different aliasing providers compared to just SimpleLogin. In the past I have had issues registering a SimpleLogin alias for some sites, so all I needed to do was to change to DuckDuckGo that Bitwarden also supports and the site accepted that one. This is also a feature I doubt Proton would never implement because they own SimpleLogin.

4. Proton’s free version only supports three TOTP logins, so not very usable, and Bitwarden’s Premium plan is only $10 per year, so not a big deal to upgrade to that if you need this feature.

There seems to be a specific problem with registering passkeys, but logging in should work fine if you have already registered a passkey for a site. Not sure if this is the case with all password managers, or just Bitwarden.

It’s their only product to have an iPad app as well.

The only app that hasn't yet been optimized for iPad is the Calendar app. Otherwise, Proton has proper iPad apps for everything else.

Since the vault is end-to-end encrypted, it shouldn’t matter where it is hosted, even if it is in the cloud. Here is what a security researcher and a password cracker Jeremy M. Gosney has said about this after the LastPass incident.

”Is the cloud the problem? No. The vast majority of issues LastPass has had have nothing to do with the fact that it is a cloud-based solution. Further, consider the fact that the threat model for a cloud-based password management solution should *start* with the vault being compromised. In fact, if password management is done correctly, I should be able to host my vault anywhere, even openly downloadable (open S3 bucket, unauthenticated HTTPS, etc.) without concern. I wouldn't do that, of course, but the point is the vault should be just that -- a vault, not a lockbox.”

If something is weak, it is Proton's knowledge of password strength. For example, they call a 16-character password without special characters "weak," which has around 95 bits of entropy, so this doesn't make sense. They also overemphasize the role of special characters in passwords, as just increasing the password length by a single character would add more entropy than enabling special characters. Furthermore, many of Proton's articles regarding password strength contain a lot of misinformation. This one talking about password entropy might be their worst yet. You cannot seriously claim that a single word, "Bankruptcies," has 68.4 bits of entropy, which also isn't the only inaccurate claim that the article makes.

A bad idea.

PrivacyGuides has also just recently started to recommend Redlib.

You are right that Proton is currently self-funded by its paying customers, but to be accurate, they have actually taken VC money before.

I don't see an option for a 24-month plan.

Interestingly, the article mentions twice how Proton doesn't do flashy marketing campaigns when that is precisely the aspect people have criticized Proton for years, usually around Black Friday when they portray the discount as much better than what it is.

This is also not their only controversy. When someone proposed in their forums that Kagi should add a widget that would help people get help if they are searching for suicide material, Kagi refused because that isn't the result that the person was searching for.

Read the article. Google already requires a warrant before handing out this data.

Tidal brought FLAC this year, so this MQA critique doesn't really apply anymore.

The Firefox hardening project Arkenfox only recommends uBlock Origin. Everything else is redundant.

I think this article by Mullvad explains this well.

I would also remove DuckDuckGo Privacy Essentials. It is redundant if you are using uBlock Origin.

This has already been recently discussed here.

I don't think that it captures everything, but according to the Arkenfox project, any additional benefit ClearURLs could have compared to this setup is minimal, and thus, it probably isn't worth to install another extension.

ClearURLs is not really needed anymore since you can enable AdGuard URL Tracking Protection and import Actually Legitimate URL Shortener Tool to uBlock Origin.

Skip Redirect is still fine if you want to continue using it but Smart Referer could be replaced by changing network.http.referer.XOriginPolicy in about:config to 2 like the Arkenfox project recommends. However, note that there could be some issues regarding this setting, so keep that in mind.

They need to make money somehow, and regardless, all the crypto stuff is actually turned off by default, so criticizing Brave for this makes little sense to me.