View attachments without downloading

grb · December 7, 2023, 12:46am

@Jason_Sa Welcome to the forum!

If it’s been less than 30 days since you purchased your premium subscription, you can request a refund. Contact support for assistance.

petrokas · December 18, 2023, 4:24pm

Hi,

Is Bitwarden anywhere nearer to implementing viewing the attachments without downloading them first?

This might be the last time I will pay the renewal, if so I will defo look for alternatives. A “No” is also an answer, so just let us know if you’re not planning to implement this feature without silly “maybe”. It has been nearly 6 years now since the first enquiry about this feature… This looks bad… Really bad.

Any comments from Bitwarden staff would be much appreciated.

Cheers

Gerardv514 · December 18, 2023, 4:42pm

To my knowledge, nothing has even been entertained with this yet by Bitwarden.

sj-bitwarden · December 19, 2023, 4:44pm

Hi all! For those who have posted recently, thanks for joining Bitwarden! Please keep in mind that there are many open feature requests. To see what the team has been up to, check out Release Notes | Bitwarden Help Center

Many of the top feature requests require more research to be implemented in a safe and standardized way and the team is always keeping an eye to the security landscape and changing standards, focusing first and foremost on maintaining and developing a secure product.

If you’d like to contribute towards this feature, I recommend checking out our Contributing Docs on Github for more information!

_PT · December 20, 2023, 5:48pm

Dear Bitwarden Team,

I’ve specifically created an account to voice a concern that many of us have shared since March 2018. It’s been nearly six years, and the feature to view attachments without downloading them is still notably absent. This is not just a convenience issue but a matter of security.

Many of us have subscribed to Bitwarden with the expectation that such basic and essential functionality would be a priority, given its importance in a secure digital environment. Downloading attachments to view them contradicts the very principle of security your product stands for, as it forces users to potentially expose sensitive information to less secure areas of their devices.

We understand the complexities involved in rolling out new features, especially when security is the primary concern. However, after nearly six years, this essential feature’s prolonged absence is difficult to justify. We appreciate your commitment to security, but this particular oversight seems to be a step back in practical, secure data management.

We urge you to prioritize this feature. It would not only enhance user convenience but also align with the safer practice of viewing sensitive documents without needing to download them first.

Thank you for considering this request and for your ongoing efforts to improve Bitwarden.

jsachey · January 2, 2024, 10:41pm

I would write my own treatise, but this is too perfectly well said. I have been a longtime premium user of Bitwarden, and this functionality is critical from a usablity and security standpoint. Please consider this a priority.

padlock · January 30, 2024, 12:54am

This really is important functionality for both security and convenience of use of Bitwarden. Hard to believe that this user forum thread was started six years ago and the functionality not implemented in all that time…
I’ve used 1Password Mac app for many years. in case of interest, link below to an old discussion of how attachments handled on Mac (temporarily accessible in private area of Finder while 1pw app open; then deleted when app / vault closed)

Eduardo_Perez · February 5, 2024, 11:28pm

It’s a need to view and edit the attachment, with the application associated in the device, and not only upload/download/delete. The functionality doesn’t help too much.

sumsh · February 14, 2024, 11:19pm

I’m new to Bitwarden after jumping ship on LastPass when they had a security breach. Today I discovered I can’t view my attachments within the iOS app, like I was able to with LastPass. The requirement to download to the device defeats the purpose of a secure note attachment. We simply need to view the attachment. Once we download it, we then have to view it, delete, and empty the trash. How has this not been added yet?

Gerardv514 · February 15, 2024, 12:15am

Prepare to have grandkids and great grandkids before seeing this implemented.

cgwaters · February 15, 2024, 1:22am

Sadly, this critical feature continues to be a low-priority item for the company. Doesn’t make any sense.

nikefits · March 7, 2024, 8:19am

I like many here would very, very much like to see this feature come to life. Could we start a go-fund-me or other pooling effort to hire a contract developer to contribute and get this feature created. I’d be willing to put at least a hundred or more towards this and would be hopeful others would as well.

@Bitwarden team, in the consideration of this feature over the years, has anyone done estimations on the amount of work it would take to get this in place? If yes, would you be able to share estimations to aid in identifying external costing options and feasibility?

astrohip · March 7, 2024, 9:27pm

I vaguely recall the reasoning wasn’t cost, it was the danger of having a downloaded document on your phone/laptop that someone might later see.

Perhaps a solution is to have a warning screen, so the average user at least knows what might happen if they download a document to their device. I have a feeling 90%+ of us would live with that minimal risk, in exchange for the convenience it gives us.

Gerardv514 · March 7, 2024, 9:40pm

This makes no sense considering the current and only functionality is to download the document in order to view.

We are asking a view only option so that it doesn’t have to be downloaded, thus increasing security.

grb · March 7, 2024, 9:52pm

Documents would still have to be downloaded to your local device for decryption before they could be viewed, or else you would have to break Bitwarden’s Zero-Knowledge architecture.

Gerardv514 · March 7, 2024, 11:01pm

Can some sort of sandbox’ed type of way be used in the browser to open a new window or tab so that it doesn’t get saved on the local device.

grb · March 8, 2024, 2:01am

I’m speculating, but safest approach that I could imagine would be to download the encrypted file, and then decrypt it into memory only (not saving the decrypted file on the device hard drive). However, the problem would then be how to render the file contents (now in memory) for viewing by the user. It seems this would require coding a bunch of file viewers for different file formats, in such a way that the viewer would render the decrypted data stored in Bitwarden’s process memory.

Gerardv514 · March 8, 2024, 2:31am

I think regardless of how it’s done, bitwarden will be able to find a safe and secure way to get it done.

Look back at the in line autofill menu (overlay popup). It was an item that was highly voted on that users wanted and there was non stop talk about how bad this feature can be. Finally when bitwarden decided to look into it, they were able to get it done and it didn’t take an eternity for them to do it, as difficult as it may have been; because they’re good at what they do. In actuality, imho and I’m sure others would agree, they did it better than all of the other password managers out there. They found a safe and secure way, to do it better than others. They can certainly figure out a way to do it with this too.

astrohip · March 8, 2024, 9:08pm

WAG… the ability to handle PDFs and JPGs would make up 90% of use.

grb · March 8, 2024, 9:27pm

FYI, PDFs actually can be viewed, at least out of the Web Vault. But there is some rendering bug that resizes the document to fit into a really small viewport, to my recollection.