Furthermore, an audit of their server code was realized. See https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf
Proposal of change of Ente description:
ente is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. *Their code is fully open-source, both on the client side and on the server side,
so it is self-hostable. It underwent an audit by Cure53 in March 2023 and by Faillible in April 2023.
Edit: removing mention of it being self-hostable. While technically true, they mention in their Github that help will not be provided for self-hosting issues and they also mention other technical caveats. Furthermore, their apps do not support choosing different servers. So for now, while technically possible, very difficult to actually self-host.
Imp. Point- Both Ente Photos and Ente Auth use the same server (intentionally).
Self hosting isn’t that hard due to it just being a Dockerfile, but their apps currently don’t allow setting custom servers Allow for custom server for frontend apps · ente-io/ente · Discussion #504 · GitHub
There’s a note on the server readme about self hosting:
Thanks @jerm for the clarification on the docker files.
Ente did mention that :
Currently you have to pass a flag at build time to configure the endpoint, but there’s a discussion[4] to add an option in-app instead.
Source : Hacker News thread Ente: Open-Source, E2E Encrypted, Google Photos Alternative | Hacker News
5 posts were split to a new topic: Status of planned Ente products (i.e., not Photos and Auth)?
Did anyone get Ente photos to work with self-hosting?
I tried it one month ago, but even though the Android app could connect and authenticate to the server it didn’t sync successfully.
The sync probably didn’t work because the S3 bucket (probably MinIO for you if you configured it the same way I did) would have to be hosted publicly and pointed to with the IP address of domain address… I didn’t feel okay with that and ended up giving up on hosting ente.
How could it sync if you don’t setup a public IP address? It has to connect to some endpoints.
Maybe you could set up a VPN on your phone that connects to your home Wi-Fi and then you put the Ente server only on your local home LAN.
I’m not saying that Ente has to be public. That’s obviously expected and perfectly fine. I’m saying the S3 bucket or in this case, MinIO itself has to be public. I don’t trust MinIO’s security or myself enough for that. This is because the mobile client expects to push files directly to the S3 bucket rather than through the Ente server.
Well, obviously, it’s not going to go through Ente server if you self-host it. But isn’t the data encrypted anyway? If it requires authentication, what would be the risk of putting it on the internet?
When i said ente server there, I meant the self-hosted server.
I don’t want my MinIO container to be publicly accessible or have a port open outside the docker network.
Yes, there’s authentication for MinIO too, it’s just that I would trust Ente’s authentication code more than MinIO’s. So it would be better for uploads to go through my already public Ente container endpoint rather than through MinIO. I also don’t trust myself enough with any potential security configurations for MinIO.
You could use something like Tailscale.
What I don’t understand is that the Ente sever must have a way of authentication and that is Open Source, right ?
Yes, tailscale is good but it’s something I want to avoid for several reasons that might not exist for others.
Ente has a way of authentication. But like I said, Ente’s mobile apps upload directly to the S3 server for backup, bypassing Ente’s own authentication. This means that both Ente and the S3 (MinIO in my case) have to be public or at least accessible from all clients. Please read: Configuring S3 buckets | Ente Help
Again, ente is fine. I’m not okay with opening a port to MinIO. That said, I did actually try it and it does work fine if you’re okay with that.
I’m still reading about Ente but what makes it better than other cloud photo storage options? It has end to end encryption but many others do now as well like Proton.
It’s self hostable and open source, unlike Proton.
since recently it has the reworked on device machine learning for face recognition so you can search for people and has better options for album management than protondrive.
I appreciate your reply!
But ente can only host image files?
Pictures and Videos for now, there were plans for “ente locker” for general files, but I think they halted development on that for now until ente photos gets all important features/more mature.
Also we might see some changes/improvements soon due to mozilla giving them 100k