Back to News
Advertisement
MMegagramEnjoyer about 4 hours ago 2 commentsRead Article on github.com

FR version is available. Content is displayed in original English for accuracy.

I'm currently working on Bramble, an open source password manager with P2P cross-device sync. Initially I released the Chrome extension, but recently I also published the Android app and iOS is pending Apple's approval. Besides that, the latest version also includes passkey storage for all platforms!

About Bramble:

It aims to be as feature-rich as all popular and a replacement for cloud-based providers. I don't think we need to store our data in the cloud and be at the whims of companies raising their prices every year. There's always a breach and then we find out that some fields aren't encrypted, metadata is visible, and so on. I'm frustrated with this and the increasing lack of transparency during these breaches.

The P2P sync in Bramble uses a Nostr relay (which can be self-hosted) to keep your devices in sync. The relay just introduces the devices to each other; the data then flows directly over WebRTC, so there's no vault server and no cloud copy of your passwords anywhere. What leaves your device is end-to-end encrypted and your devices authenticate each other directly, so a snooping or MITM relay gets practically nothing.

Crypto is all done in Rust so I can control exactly how key material lives and dies in memory (secrets get zeroed out, no GB leaving copies lying around). In Chromium it's a wasm module, on mobile it's native builds bridged over via uniffi.

Android app:

I'm still deciding whether to publish the app on Play store or simply provide the signed APK which users can sideload. Reason for that is Google's plan to lock down Android and take away ownership from its users. Read more about it here: https://keepandroidopen.com/

The app uses no Play APIs whatsoever and runs perfectly on GrapheneOS, where I actually did all my testing.

Questions, feedback, feature requests - all welcome!

TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.

Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 198 words in the discussion.

Trending Topics

#source#business#security#password#manager#free#open#model#etc#software

Discussion (2 Comments)Read Original on HackerNews

hoistbypetardabout 2 hours ago
> TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.

I do too! And I appreciate your transparency about the vibe coding. But nowhere in the repository that I've found so far do you say who is writing this. For something like a password manager, I kind of need to know who's responsible for it, and who's reviewing the LLM source code, what they've done before, what their business model is, etc.

Can you share?

MegagramEnjoyerabout 1 hour ago
Fair enough. I like staying pseudonymous on the internet, but I also understand where you're coming from.

My name is Doug, based in Toronto, Canada. I've been a software engineer for over 10 years, working in various startups that handle very sensitive data (fintech, health tech, legal tech.) I've had the opportunity to build security-heavy software and directly handled sensitive info like SIN, bank details, patient histories etc.

Business model: This is essentially a passion project for me that I intend to keep working on - for usage within my family and the OSS community. This version of the app is always going to be free and open source. In the future if this were to ever take off and I now want to earn from it, I would probably do a business version with cloud storage (with self-host option)

The goal is offering an alternative that doesn't enshittify over time, secure, fully sovereign and convenient.