| ▲ | AussieWog93 2 hours ago | |||||||||||||||||||||||||
So many comments here about missing end to end encryption, but seriously - why would anyone want this? Lets say burglars break in and steal your homelab. Because you don't have e2ee, they can see all the photos you saved of your dead grandmother! Oh no! Or, in the more likely scenario that something happens to your phone, the lack of e2ee means that even if you lost your keys you didn't lose the only memories that remain of your grandma - you just copy across the .jpgs to a new device. | ||||||||||||||||||||||||||
| ▲ | eddythompson80 6 minutes ago | parent | next [-] | |||||||||||||||||||||||||
It would make hosting a "Family and/or friends" instance possible. I do go back and forth on the accessibility tradeoffs of E2EE for average people though. In this scenario, lose or forget your key/password and you lose ALL of your photos which are very important to some people. Losing them is pretty catastrophic. Google Photos or iPhotos really gives people a sense of security about their photos. ps: It would also make it easier to host cloud instances for Immich without encrypting the file system of a remote server/VPS. Especially when renting servers from small-time sellers, I'm always weary about how much I can really trust their employees access control. I know some level of trust is unavoidable with physical access, but how do they handle those disks during maintenance would also be relevant. | ||||||||||||||||||||||||||
| ▲ | drdaeman 10 minutes ago | parent | prev | next [-] | |||||||||||||||||||||||||
I have an use case. I have a multi-region homelab cluster and I share some photos with my friends in the US and my parents in Russia. I’m auto-uploading full library (basically replacing iCloud/Google Photos) and I can share links to selected photos or albums (a reachable node will be determined by a split-view DNS). All without risks of exposing my full photo archive in case either node gets seized or otherwise compromised. (Now, this is what I’m trying to do. I set things up, but it’s not really functional at the moment, because Ente is buggy af, and I haven’t yet learned how to rebuild and debug their iOS app.) | ||||||||||||||||||||||||||
| ▲ | gchamonlive 29 minutes ago | parent | prev | next [-] | |||||||||||||||||||||||||
If they steal your homelab, e2ee doesn't help, it's encryption at rest. E2ee is for rogue devices sniffing the network, which is more or less of a concern depending on your setup. I'd not have unencrypted traffic in my network if I had for instance those shady TV boxes. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| ▲ | Grombobulous 2 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||
I think we can imagine a scenario where not all of our photos are non-sensitive. I also imagine that a true E2EE architecture means you have more flexibility with cloud storage, managed hosting, and off-site backups. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| ▲ | whalesalad an hour ago | parent | prev [-] | |||||||||||||||||||||||||
You solve this by communicating with it via encrypted methods, like HTTPS, and using a storage volume that is encrypted and gets unlocked at boot. | ||||||||||||||||||||||||||