> I don't give second chances to services that are trust based.
You might run out of services then at some point.
Human beings are fallible, full stop. Also, a company isn't an individual -- management teams change, corporate priorities change, security practices improve. Judging a whole company by what a few employees did or didn't do a decade ago isn't always going to yield an optimal approach.
Refusing to give any company a second chance ever is pretty extreme. Each individual case needs to be handled on its merits -- what happened, why did it happen, do you think the company learned and implemented new policies, how many other undiscovered vulnerabilities do you think are still there? But also, how many other undiscovered vulnerabilities do you think are still there for competitors as well? Just because a competitor hasn't had a breach doesn't necessarily means it's better, it might just be lucky so far.
2001-2007, I had multiple bad experiences with Compaq, Lexmark and HP. These were so bad in terms of cost and frustration I vowed I would never buy their products or services again. It's been... 15+ years. The tech world of today is not quite the tech world of 2003. Should I ever bother with a Compaq or HP again? I probably won't, but the 'avoid at all costs' just isn't there with me any more. Perhaps I've mellowed slightly in the past 15-20 years.
I am still firmly in never-again-Hewlett-Packard camp after almost 20 years.
The final straw for me was purchasing an HP laser printer (probably the 6th or 7th one I ever bought) and it shockingly had the same extreme-low-quality level that I had experienced with HP laptops, CD ROM drives and other peripherals.
It is probably not fair but I blame Carly Fiorina for this degradation of once reliable hardware manufacturer.
Compaq hasn't existed in any meaningful sense in 10-15 years. HP formally retired the brand in the early 2010's, although it had all but faded away several years prior to that.
> Judging a whole company by what a few employees did or didn't do a decade ago isn't always going to yield an optimal approach.
Not the OP but i have a similar stance. However a mistake from individual employee doesn't mean that i instantly loose trust. Its the handling of the mistake what matters to me. Sweeping it under the carpet, dening their mistakes or outright lieing about mistakes is what results in me loosing trust.
> You might run out of services then at some point
I prefer using services for my password management (I'm a bitwarden user who's currently happy as well), but I would jump back to some sort of self-hosted or even offline/manual sync solution if I thought that was the only way to keep my passwords safe. I like the convenience of a service, but I would sacrifice it over my security if it got to the point where I had to choose between the two.
I actually used to use KeePassXC and have my (encrypted) password file sync'd through Dropbox, but their Android client changed to no support a way to have the file stored offline but also automatically sync changes, so I ended up swapping to Bitwarden. In the past I had used Nextcloud instead of Dropbox, so that would probably be one of my first ideas if I did end up deciding to stop using bitwarden.
Any reason not to use Password Safe[1]? It seems to do it all and doesn't require you to trust some Move Fast And Break Things startup's online service.
BitWarden is based almost entirely on open source so it's possible to branch the project. Given some of the language on their website and their more recent attitude towards OS licenses, my prediction is that they will use the new funding to build as many closed source modules as possible to increase user switching costs, similar to what Google is trying to do with Chrome on top of Chromium. But that is a slow process that takes years, and a lot can happen between now and then.
I don't think Dell or HP make their own computers anymore - consumer stuff is all outsourced to Taiwanese/Chinese OEM's (Quanta,Wistron etc ...) - they probably still only make servers in house.
Here we go again: Some company (in this case, Bitwarden) "betrayed" its customers by doing what every other firm does. And Hn goes brrr over it.
I wonder, aren't the majority of HNers working at a for-profit company funded by VCs?
You might run out of services then at some point.
Human beings are fallible, full stop. Also, a company isn't an individual -- management teams change, corporate priorities change, security practices improve. Judging a whole company by what a few employees did or didn't do a decade ago isn't always going to yield an optimal approach.
Refusing to give any company a second chance ever is pretty extreme. Each individual case needs to be handled on its merits -- what happened, why did it happen, do you think the company learned and implemented new policies, how many other undiscovered vulnerabilities do you think are still there? But also, how many other undiscovered vulnerabilities do you think are still there for competitors as well? Just because a competitor hasn't had a breach doesn't necessarily means it's better, it might just be lucky so far.