Thankfully it only lasted 2 years. But during that time it sounds like it was a plan to suppress the presidential competition that backfired. It’s good to know that humanity has always sucked.

Have you considered using Bitwarden Premium? It has TOTP support and is $10/year currently.

Also, regardless of how your hosting your data, it’s probably good to keep a secured backup of your vault or two just in case something unexpected happens.

Fair points. I’d say it depends on what we’re focusing on.

Maybe a good compromise would be to have the account that sent the message generate the preview. At least that way you’d maintain E2EE and save the webserver some unnecessary demand.

I can also see how this could be less reliable (because we’re now relying on a client with all sorts of variables) and less safe (malicious sender could mask malicious links with benign previews) than the server method but it all depends on which you prefer more.

After thinking about it in this situation, previews are just a nightmare to deal with privately and I’d probably just want to turn them off.

I agree. That’s a terrible choice to me.

Why would they not just offload this as a feature for the client to handle? At least then the security and privacy ultimately would be up to the user’s decision.

This isn’t exactly a platform specific problem because having local network access while using a VPN is actually a feature called “split-tunnelling”. The tunnelcrack issue goes beyond this but can be mitigated by using full tunnel VPN that resolves the server by IP address instead of DNS.