{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreicp66needz2k36jpqeutdj4sewnmjlhw2otrxvwosdumte4ojcw3u",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mogbkxivns22"
},
"path": "/t/popular-password-managers-fall-short-of-zero-knowledge-claims/35546?page=2#post_37",
"publishedAt": "2026-06-16T15:51:33.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Why Zero-Knowledge Encryption Is Not Enough: What the ETH Zurich Study Means for Your Passwords | Cloudless Software"
],
"textContent": "Statement from the proton pass page comparing to bitwarden is below noting they do not support self hosting. The describe self hosting and then note that they do not support it because of it’s “complex architecture”. This suggests there plenty of attack surface.\n\nAlso just cause you self host does not mean you have no attack surface for the ETH Zurich or other similar attacks. It just means you become the attack target. A poorly secured host is more vulnerable.\n\nI suggest you read Why Zero-Knowledge Encryption Is Not Enough: What the ETH Zurich Study Means for Your Passwords | Cloudless Software\n\n### Self-hosting\n\nSelf-hosting lets you to run your password manager on your own infrastructure, giving you direct control over your data and security. While it can be a good fit for organizations with the right resources and expertise, it requires advanced technical knowledge and may not be suitable for most individuals or small businesses.\n\nBitwarden allows you to self-host so that your data never leaves your environment. Proton Pass, like other Proton services, isn’t designed to be self hosted due to its complex architecture.",
"title": "Popular password managers fall short of “zero-knowledge” claims"
}