The Quiet Renovation at Bitwarden
The Quiet Renovation at Bitwarden
Bitwarden 的悄然改头换面
Back in March, I wrote about Bitwarden doubling their Premium price — and specifically how they did it. Buried in a feature announcement. Priced in fake monthly increments for a product that has never once offered monthly billing. Communicated to existing customers fifteen days before their renewal, not before. Bitwarden responded on Mastodon. They confirmed everything in my post while apparently thinking they were defending themselves. I noted at the time that the response was its own data point. Well. There’s more data now.
今年三月,我曾撰文指出 Bitwarden 将其高级版(Premium)价格翻了一倍,并特别分析了他们采取的手段:将其掩盖在功能更新公告中;为一个从未提供过月付选项的产品标出虚假的月付价格;在现有用户续费前仅提前十五天通知,而非更早。Bitwarden 在 Mastodon 上做出了回应,他们证实了我文章中的所有事实,却似乎认为自己是在为公司辩护。我当时就指出,这种回应本身就是一个值得关注的信号。好吧,现在有了更多证据。
The Changing of the Guard
权力更迭
In February, as Fast Company reported, longtime CEO Michael Crandell quietly transitioned to an advisory role. No announcement from the company. You’d only know it happened if you went looking on LinkedIn. Crandell had been with Bitwarden since 2019 — back when they were still the scrappy underdog that everyone flocked to when LastPass started pulling the rug.
据《Fast Company》二月报道,长期担任首席执行官的 Michael Crandell 已悄然转任顾问角色。公司对此没有任何公告,你只有在 LinkedIn 上主动搜索才能发现这一变动。Crandell 自 2019 年起就加入了 Bitwarden,那时他们还是一个充满斗志的挑战者,在 LastPass 开始“背刺”用户时,大家都纷纷投奔于此。
His replacement is Michael Sullivan, former CEO of Acquia and Insightsoftware. Sullivan’s LinkedIn page leads with his experience in “all facets of mergers and acquisitions, including direct experience with leading PE firms.” In plain English: M&A is the business of buying and selling companies. Private equity firms buy businesses, cut costs, grow revenue, and sell them at a profit. They’re not there to run a software company long-term — they’re managing an investment toward an exit. The people hired to run those companies are hired specifically because they know how that process works. That’s the new CEO of your password manager. That’s what he leads with.
接替他的是 Acquia 和 Insightsoftware 的前首席执行官 Michael Sullivan。Sullivan 的 LinkedIn 页面开篇就强调了他“在并购各个方面拥有丰富经验,包括与顶级私募股权(PE)公司合作的直接经验”。用通俗的话说:并购就是买卖公司的生意。私募股权公司收购企业,削减成本,增加收入,然后高价转手获利。他们不是为了长期经营一家软件公司而来,而是在管理一项旨在退出的投资。聘请这些人来管理公司,正是因为他们深谙此道。这就是你所使用的密码管理器的现任 CEO,这也是他履历中最核心的卖点。
For context: Sullivan oversaw a $1 billion acquisition of Acquia by Vista Equity Partners in 2019, and a $1 billion investment from Hg into Insightsoftware in 2021. That’s not a software guy who happened to raise some money. That’s someone whose stated specialty is the PE integration and exit process. CFO Stephen Morrison also departed in April, replaced by former InVision CEO Michael Shenkman. Kyle Spearrin — who started building Bitwarden as a hobby project in 2015 because he was worried about what would happen to LastPass under new ownership — remains as CTO. The irony is almost too much to type.
背景资料:Sullivan 曾主导了 2019 年 Vista Equity Partners 对 Acquia 的 10 亿美元收购案,以及 2021 年 Hg 对 Insightsoftware 的 10 亿美元投资。这可不是一个偶然筹到钱的软件开发者,而是一个明确以私募股权整合与退出流程为专长的人。首席财务官 Stephen Morrison 也于四月离职,由前 InVision 首席执行官 Michael Shenkman 接任。而 Kyle Spearrin——他在 2015 年因担心 LastPass 被收购后的前景,出于兴趣开发了 Bitwarden——目前仍担任首席技术官。这种讽刺感简直难以言表。
The Website Is Remodeling Too
网站也在改头换面
The phrase “Always free” disappeared from the personal password manager page in mid-April. It used to sit prominently under the plan selector. The free plan still exists — for now — but the commitment language is gone. And then there’s the values rewrite. Bitwarden used to define its culture with the acronym GRIT: Gratitude, Responsibility, Inclusion, and Transparency. After May 4th, that changed. GRIT now stands for Gratitude, Responsibility, Innovation, and Trust. Inclusion and Transparency are out. Innovation and Trust are in.
四月中旬,“Always free”(永久免费)这一表述从个人密码管理器页面消失了。它曾经醒目地位于套餐选择器下方。免费套餐目前依然存在,但那种承诺性的语言已经不见了。此外,公司还重写了价值观。Bitwarden 过去用 GRIT 这个缩写来定义其文化:感恩(Gratitude)、责任(Responsibility)、包容(Inclusion)和透明(Transparency)。5 月 4 日之后,这一切变了。GRIT 现在代表:感恩、责任、创新(Innovation)和信任(Trust)。“包容”和“透明”被剔除,取而代之的是“创新”和“信任”。
Did They Announce Any of This?
他们宣布过这些变动吗?
I looked hard. Their blog has nothing about the new CEO. No press release about the values change. No dedicated post about “Always free” being retired as a promise. The press room is silent on all of it. There is one thing. A 2022 blog post by Crandell — “Defining and sustaining value for Bitwarden users” — was quietly edited. The GRIT list in the body now shows the new values: Innovation and Trust. But the explanatory paragraph at the bottom of the same post still says the old ones: Inclusion and Transparency. Crandell’s name is still on it. The post now contradicts itself, and nobody wrote a new one. That’s their announcement. A half-scrubbed edit of a four-year-old post they didn’t even finish updating. Same playbook as the price hike — bury it in existing content, don’t draw attention, hope nobody reads closely enough to notice. Somebody always does.
我仔细搜寻过。他们的博客对新任 CEO 只字未提,没有关于价值观变更的新闻稿,也没有关于“永久免费”承诺被废除的专门文章。新闻中心对此保持沉默。只有一件事:Crandell 在 2022 年发布的一篇博客文章——《为 Bitwarden 用户定义并维持价值》——被悄悄修改了。正文中的 GRIT 列表现在显示的是新价值观:创新与信任。但同一篇文章底部的解释段落依然写着旧的价值观:包容与透明。Crandell 的名字依然挂在上面。这篇文章现在自相矛盾,而没人去写一篇新的。这就是他们的“公告”:对一篇四年前的文章进行了一次未完成的、半遮半掩的修改。这和涨价时的套路如出一辙——将其埋在现有内容中,不引起注意,寄希望于没人会读得那么仔细。但总有人会发现的。
And since we’re here — in a 2024 interview, Crandell told Fast Company the free tier was “a firm commitment from the company. Fully featured, free forever.” He’s in an advisory role now. “Always free” isn’t on the page.
既然说到这里——在 2024 年的一次采访中,Crandell 曾告诉《Fast Company》,免费层级是“公司的一项坚定承诺。功能齐全,永久免费。”他现在已转任顾问,“永久免费”的字样也已从页面上消失。
I’ve Already Moved On
我已经离开了
My Vaultwarden instance has been running since January. The Bitwarden cloud account is closed — I shut it down around the time that last post went live. I’m not watching this because I’m worried about my own passwords. I’m watching it because this is what I document. The pattern is always the same: build trust, establish dependency, then quietly renegotiate the terms. And it never comes in a single dramatic announcement. It comes in layers. A feature post with a price change inside it. A LinkedIn update nobody made a press release about. A values page that says something slightly different than it did last week.
我的 Vaultwarden 实例从一月起就开始运行了。Bitwarden 云账户已经关闭——我在上一篇文章发布前后就注销了它。我关注此事并非因为担心自己的密码,而是因为这是我记录的对象。模式总是相同的:建立信任,确立依赖,然后悄悄重新谈判条款。这从来不会通过一次戏剧性的公告来实现,而是分层进行的:一篇包含涨价信息的功能更新文章;一条没人发新闻稿的 LinkedIn 更新;一个与上周表述略有不同的价值观页面。
If you’re still on Bitwarden cloud and this is giving you pause — it should. I wrote about the GitHub version of this story in March — trusted open source platform, promises of independence, years of quiet erosion, then Phase 3. The parallel is close enough to make you nervous. And if you want to actually own your vault rather than wait and see: here’s how I did it.
如果你还在使用 Bitwarden 云服务,并且对此感到迟疑——这是应该的。我在三月份写过关于 GitHub 的类似故事——受信任的开源平台,独立的承诺,多年的悄然侵蚀,然后进入第三阶段。这种相似性足以让你感到不安。如果你想真正掌控自己的密码库,而不是坐以待毙:这就是我的做法。
My read on where this is going: Sullivan’s entire career is taking companies to an exit. Maximize revenue, clean up the balance sheet, make the numbers attractive, find a buyer — a big tech company, a rival like 1Password, someone who wants the user base or the enterprise contracts. That’s what you hire this profile of CEO to do. And if that happens, the hard forks won’t be a question. The price hike got grumbling. Watching your password manager get swallowed by a company you switched away from would kick them off properly.
我对未来走向的解读是:Sullivan 的整个职业生涯都在致力于将公司推向退出(被收购)。最大化收入,清理资产负债表,让财务数据变得诱人,寻找买家——一家大型科技公司,像 1Password 这样的竞争对手,或者任何想要用户群或企业合同的人。这就是聘请这种背景的 CEO 的目的。如果真的发生这种情况,硬分叉将不再是问题。涨价引发了抱怨,而眼睁睁看着你的密码管理器被你曾经弃用的公司吞并,将彻底终结用户对它的信任。
A Note for Vaultwarden Users
给 Vaultwarden 用户的一点说明
Whether self-hosting stays viable long-term is the real question worth sitting with. Right now it works because Bitwarden’s clients are open source and the server API is public. Vaultwarden implements that API, and the official apps can’t tell the difference. That depends on Bitwarden continuing to publish open source clients and not restricting which servers they’ll talk to — neither of which is guaranteed under new management. The brake on the worst case: self-hosting is a listed Enterprise feature that generates…
自托管是否能长期可行,才是真正值得深思的问题。目前它能运行是因为 Bitwarden 的客户端是开源的,且服务器 API 是公开的。Vaultwarden 实现了该 API,官方应用无法区分两者。但这取决于 Bitwarden 是否会继续发布开源客户端,以及是否会限制它们连接的服务器——在新管理层下,这两点都无法保证。防止最坏情况发生的制约因素是:自托管是一项列出的企业级功能,它能产生……