Privacy

3982 readers

202 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

Alright, how do you all handle your photos? Self-hosted Immich, Hetzner Nextcloud, Ente or Zeitkapsl? (piefed.zip)

submitted 1 week ago by Blaze@piefed.zip to c/privacy@programming.dev

17 comments fedilink hide all child comments

That's my next project to get things from Google/Apple.

The options I've seen so far

Immich: great if you can self-host, but I prefer not to, so that's out for me
Nextcloud on a VPS (Hetzner or others): you need E2EE to prevent the providers from seeing your photos, but then all the apps like Memories etc don't work ( https://help.nextcloud.com/t/end-to-end-encryption-nextcloud/237705/3 )
Ente: has E2EE embedded, the face recognition happens on the clients. Can be self-hostable, so that gives more trust that other providers can launch their own European instances in the future.
https://zeitkapsl.eu/en/ : has E2EE, but no self hostable option, so you kind of have to trust them that they implement their design (which is actually kind of nice: https://zeitkapsl.eu/en/e2ee-architecture/ . They have a security audit on their roadmap (announced 8 days ago: https://zeitkapsl.featurebase.app/en/p/formal-security-audit )

Any option I am missing?

you are viewing a single comment's thread
view the rest of the comments

[–] Blaze@piefed.zip 1 points 1 week ago (1 children)

I use LUKS on my personal machines, I'm just not sure if I want to enable it for a VPS. Now if you tell me you're doing that without any issue, that's good to know.

this does not protect from an attacker with physical access reading memory.

So in this case, the VPS provider can still access your photos when they are being used by the photos management software?

Seems to be another argument for E2EE embedded photos software.

[–] smiletolerantly@awful.systems 3 points 6 days ago (1 children)

I mean... Depends on your threat model. Hetzner is a very reputable German hoster. The only way someone is going to try and read and puzzle together memory dumps is if you're under investigation for something seriously heinous.

Shutting the VPS down also solves this.

But really, this is a general problem with every "someone else's computer" solution.

E2EE still nice though, wish Immich had it.

[–] Blaze@piefed.zip 1 points 6 days ago

I see. Thanks. E2EE would indeed be nice, but the Immich devs have made it clear for a long time that it woudn't work due to the way Immich has been developed.