LastPass also said all their data was end to end encrypted but it now transpires (after a serious breach) that it wasn’t. A bunch of hackers now know which accounts I have and the url’s thanks to LP.
I don’t blame LP (much) for the breach as it is just a matter of time before any password manager gets breached but I don’t forgive them for lying about encrypting all the data.
BW is open source so someone will know if BW really are encrypting everything (using only my master password) on the client.
You don’t have to rely on others to look into this for you. You can literally open the encrypted vault and look for yourself (see here for an example). The vault data file is called data.json, and its location is provided in the Bitwarden documentation.
Unsure if it’s been talked about before, but I’d like having attachment metadata - url, size, sizeName, profile fields - name, email, and settings fields encrypted in that data.json file.
I see this as extra defense in case of service breach and encrypted vault exfiltration.