Remix.run Logo
AussieWog93 2 hours ago

So many comments here about missing end to end encryption, but seriously - why would anyone want this?

Lets say burglars break in and steal your homelab. Because you don't have e2ee, they can see all the photos you saved of your dead grandmother! Oh no!

Or, in the more likely scenario that something happens to your phone, the lack of e2ee means that even if you lost your keys you didn't lose the only memories that remain of your grandma - you just copy across the .jpgs to a new device.

eddythompson80 6 minutes ago | parent | next [-]

It would make hosting a "Family and/or friends" instance possible.

I do go back and forth on the accessibility tradeoffs of E2EE for average people though. In this scenario, lose or forget your key/password and you lose ALL of your photos which are very important to some people. Losing them is pretty catastrophic. Google Photos or iPhotos really gives people a sense of security about their photos.

ps: It would also make it easier to host cloud instances for Immich without encrypting the file system of a remote server/VPS. Especially when renting servers from small-time sellers, I'm always weary about how much I can really trust their employees access control. I know some level of trust is unavoidable with physical access, but how do they handle those disks during maintenance would also be relevant.

drdaeman 10 minutes ago | parent | prev | next [-]

I have an use case.

I have a multi-region homelab cluster and I share some photos with my friends in the US and my parents in Russia. I’m auto-uploading full library (basically replacing iCloud/Google Photos) and I can share links to selected photos or albums (a reachable node will be determined by a split-view DNS). All without risks of exposing my full photo archive in case either node gets seized or otherwise compromised.

(Now, this is what I’m trying to do. I set things up, but it’s not really functional at the moment, because Ente is buggy af, and I haven’t yet learned how to rebuild and debug their iOS app.)

gchamonlive 29 minutes ago | parent | prev | next [-]

If they steal your homelab, e2ee doesn't help, it's encryption at rest. E2ee is for rogue devices sniffing the network, which is more or less of a concern depending on your setup. I'd not have unencrypted traffic in my network if I had for instance those shady TV boxes.

drdaeman 8 minutes ago | parent | next [-]

That’s incorrect. E2EE means encrypted data leaves the device, stored encrypted, and server(s) have no keys to decrypt it, only your (or other) client software does.

gchamonlive 2 minutes ago | parent [-]

[delayed]

hokumguru 19 minutes ago | parent | prev [-]

TLS?

Grombobulous 2 hours ago | parent | prev | next [-]

I think we can imagine a scenario where not all of our photos are non-sensitive.

I also imagine that a true E2EE architecture means you have more flexibility with cloud storage, managed hosting, and off-site backups.

AussieWog93 2 hours ago | parent [-]

I hear ya, I was being a little bit over the top. But I really do think that for every one user who would turn on e2ee and get some genuine benefit out of it, there would be a dozen that turn it on because "encryption good" and accidentally lose all their data.

Grombobulous 2 hours ago | parent [-]

True, e2ee is pretty scary as far as data loss.

Still, good application design can help mitigate that. Apple does it with their e2ee recovery methods, although Ente does rely on a recovery key that you should print out and put in a safe as well as store in other safe locations.

But also, what I love about the E2EE of Ente is that I can securely use a cloud hosted provider but then my home NAS backups are unencrypted.

The Ente desktop app has a continuous export feature where I just leave the application on my main desktop computer and it constantly backs it up to my home NAS. It also does the local machine learning and video streaming encoding processing on the desktop.

So, if I lose my Ente account, no big deal. I get another one and wipe everything and restore from my NAS backup.

I feel like this is the best of all worlds. I get cloud convenience and no real self-hosting burden along with solid ownership of my data.

Perhaps Immich doesn’t bother with e2ee since it’s primarily designed for self-hosting, while for Ente it’s meant to be suitable for both a paid cloud service and self-hosting.

sylens 8 minutes ago | parent [-]

Yeah Immich and Ente are going for two different use cases. While Ente can be self hosted, I view it as more of an escape hatch if they ever enshittify vs how I would start off using the service. I like not having to manage ingress for a photos service so my family can use it but others cannot

whalesalad an hour ago | parent | prev [-]

You solve this by communicating with it via encrypted methods, like HTTPS, and using a storage volume that is encrypted and gets unlocked at boot.