Not saying one of their team members didn’t misspeak, but I believe this was in reference to their architecture without uprooting a bunch of features and at the expense of complexity and performance with machine learning and other features. I don’t believe they meant it’s entirely impossible. So the appeal of Immich is keeping the code approachable for hobbyists versus a multi tenant e2ee production system.
Sorry by VPS I actually meant the one I am self hosting. I’m actually building a small form factor homelab and setting up guides and templates now to standardize the setup and fabrication of energy efficient or upcycled servers now to lower the barrier of entry of folks to self host their own cloud. The only external VPS service I would use is a gateway so my router doesn’t get spammed with bots and simplify the server configs for my families apps.
For backups, I keep a fast SSD copy on my energy efficient server, another copy is mirrored to my big server, and then I do a nightly Borg backup and push my encrypted blobs to a cloud provider.
I mean i guess it could work for you, yet I don’t believe we should recommend this approach. Happy to discuss this tho, it can be fun to do such custom setups, just being not believing this should be a recommendation.
Yeah, I think both have their merits and Ente is certainly much more broadly applicable. But given the popularity of Immich due to how approachable the ML code and community is, I would like it to be considered as an honorable mention for the hobbyist but with a small disclaimer about their design decision and the implications of where you should and shouldn’t use this.
I’d be happy to write this up if the consensus leads us to adding it and potentially I could also write up about how to secure Immich on your own homelab to avoid the need of e2ee. Then we could link that write up from the recommendation disclaimer or something like that.
I think it’s wrong to view E2EE as separate from the security of your home lab. E2EE is the best defense against data compromise as a result of server compromise. If anything, where the threat is malicious actors, then E2EE is almost more important for a self-hosted environment where security is otherwise unlikely to be up to scratch.
I don’t think recommending Immich makes any sense when it fails to even compete with Ente on such a fundamental level due to a questionable resistance to E2EE.
This concern makes a lot of sense and one I’ll highlight to the Immich maintainers to see if they would like to chime in. I could understand not making it a priority now and then some day having it on the list of todos but it does seem they are adamant on avoiding it at all which is perplexing to me.
It mostly just sounds like this just isn’t something that is a priority for them or the community at large. In this light in that context of privacy recommendations, I can see why not recommending Immich makes a lot of sense as these guys are saying they want simpler code and performance for features - especially those running on the client device- over running Immich in a zero trust env.
I do think there will be a large portion of the PG community bummed by this as I am, but I think creating a guide on how to set up self hosted Immich with a VPS gateway pointing to your servers.
I am the OP revisiting this thread more than 1.5 years after my initial suggestion. I have been self hosting Immich all this time on my own hardware at home - it has been a rock solid and feature rich experience for me.
In the Self-Hosting File Management Tools - Privacy Guides section of the guides dedicated to self hosting, the only recommended photo management option is PhotoPrism, which I have not used but am sure is a viable recommendation. I do believe recommending another feature rich alternative such as Immich would be in the best interest of those inclined to self host for privacy reasons. Excluding it on the basis of lack of E2EE in the context of self hosting on trusted hardware is not logical, especially when that same section of the guides recommends Nextcloud yet explicitly notes that E2EE should not be used with it. Just my two cents as someone who has been happily using Immich for years.
I second this. I propose re-opening the discussion on this thread, in an effort for the Privacy Guides team to seriously reconsider adding Immich alongside Ente Photos on the official website as a recommended photo management solution.
Here are the reasons why:
Immich has already been stable and out of beta for quite some time and has a long development roadmap of adding other important and useful features with active development long into the future. It has been becoming increasingly feature complete with important features such as image recognition, smart search, album creation and sorting, among many others that are important to a photo management solution. It will only keep getting better as time goes on if more people move to it and buy licenses, and/or donate to support the project.
Immich is a part of and backed by FUTO, which is a credible organization committed to a mission of developing and providing open source/source first software that focuses on privacy and user control, among many other things to compete against Big Tech companies/conglomerates, as mentioned in their statement of who they are. They are also committed to having a sustainable financial, business, and software development model for all of their software projects to ensure their software’s validity for a long time to come.
Immich has officially (or unofficially, depending on how one looks at it) been endorsed and recommended by large YouTube channels such as Lawrence Tech Systems (as seen here and here) that specialize in showcasing and doing tutorials on self-hosted software, information technology, and open source software solutions for businesses.
Immich has some legitimate advantages to the self-hosted version Ente Photos, such as photo directories being easier to back up and more flexibility on photo storage, such as on NAS systems for example, due to not imposing end-to-end encryption for storage. In contrast, the self-hosted version of Ente Photos relies on S3 storage at the moment and does not allow for storage on directories of a user’s choosing due to the E2EE reliance. I argue that E2EE is not a strict necessity for everyone self-hosting, as the data is already in the control of the user since Immich is running on a server that is physically located in their home. E2EE is indeed important, but it is more useful for SaaS solutions that are hosted by third-parties, where the user does not have control or ownership of the infrastructure that their utilized cloud application is running on. Also, Immich is specifically designed for and developed with self-hosting in mind, whereas Ente Photos, while being also self-hostable, does involve some workarounds since the self-deployed version is the exact same as what is being run on Ente’s own servers.
That means to say, Ente Photos is also a great photo management solution and I want to see it succeed every bit as much as Immich. I love both projects equally and I hope to see PG add Immich to the list among Ente Photos, going into 2026.
True. However, even if they don’t decide to add it to their site, I don’t see it as too much of a big deal because it doesn’t impact the quality or validity of Immich just because it is not added or suggested here in the future. The PrivacyGuides team has a set of standards or criteria that they set to evaluate software and providers for inclusion on their recommendations in order to be as professional and objective in privacy recommendations as possible. For projects that are not listed on PG, not being listed on the recommendations pages do not mean that the projects are bad or possess ill-intent or bad faith, and does not discount their validity of use for users. So, while I would ideally find it to be awesome if Jonah decides to list Immich on PG, I would totally have respect and understanding of their decision in case they don’t list it yet.
For a home lab, like another commenter says, lack of e2ee sounds like a caveat to add to a recommendation rather than withholding one. Whoever is savvy enough to run a home lab, I reckon, is also in a position do their own threat modelling.
Clearly, there’s a hierarchy implied here in which Ente trumps Immich; but this isn’t a point anyone’s contesting in this thread.
Does recommending one over the other imply a victory in any PG-run competition? If not, I see no reason to not consider Immich since they’ve now self-declared stability, which seemed to be the primary concern?
Especially since PhotoPrism, as another commenter mentioned, is already recommended by PG (link / mirror).
Not really, no. Encryption-at-Rest is enough to thwart damages from a potential theft of physical equipment. Whereas, for an active interception, an encrypting transport (preferably any based on Authenticated Key Exchange like TLS) between the client & server / peers is protection enough.
Can somebody here explain to me how self-hosting file/photo servers is not a really terrible idea for virtually everybody?
Yes, yes, privacy, trusting companies, etc.. But what happens if your house burns down or your hosting hardware somehow gets destroyed? You risk losing all of your, potentially priceless, files and photos. How do you achieve redundancy without using a third party? If you are already using a third party for backups then why self-host in the first place? Maybe you’ll be backing up some encrypted blobs to third parties?
I can understand self-hosting some stuff, but for files/photos stuff the lack of CDN and built-in redundancy that you get from AWS/GCP/Azure makes it an extremely hard sell for me.
How often your house burns down? How often big corporate companies compromise your data online? Depending how you answer those questions you may have some decision path.
Really just need a trusted offsite backup to mitigate most of this risk. Make a club with a friend or two, setup geographically separated home servers for collective backups.
Im frankly surprised there isnt already a PG CDN/redundancy network to this effect (Im far to lazy to establish one, look elsewhere)
The whole premise of self-hosting is that individuals can host cloud services on hardware that they have unconditional ownership and control over. Self-hosting is a means to keep personal data in the user’s own domain without any reliance on outside companies, while keeping the benefits of using cloud services for activities like device syncing, photo storage, cloud storage, media streaming, among others. It also has other benefits not related to privacy and data control like saving money on SaaS subscriptions. Also, if I am running my own services on devices that I control in my physical domain, my data should be in theory be more legally protected if it is in my possession as opposed to being managed by a company or business firm. In that case, the government would need a valid warrant and would have to go directly through me and bust the door to my house down if they want my data specifically, as they cannot supeona the companies that I am using the services with if I am using third-party hosted solutions that I am not hosting myself.
It’s never happened, but one could argue that companies harvesting my data is not in the same ballpark of badness as irrecoverably losing all of my files and photos which could have great sentimental value.
Clearly you and I have vastly different friends Its been hard enough for me to get my friend group to get off Telegram and on to Signal. Trusted offsite backups? Not a chance.
I think you listed some great things about self-hosting that I can’t disagree with. However, I outlined the benefits of cloud companies that you do lose: geographically diverse redundancies. OK, you could say that not being geographically diverse is a slight inconvenience, sure. But lacking redundancy is like driving a car without insurance. It’s irresponsible if you care about losing your data.
The solution seems simple. Get rich so you can host backups in your villas around the world .
One concept is called “buddy backup” basically you let your friends into your infrastructure in exchange for access to their infrastructure as an off-site backup.
Alternatively, you can use a Zimaboard2 that you own and put it in your friend’s house (or parent’s house):
@lone-cloud every noob has to start somewhere. It might as well be something that you are interested in learning and benefits you. Again, self-hosting is the next step after learning to get into Linux.
I use Proton Drive for this reason. Ideally, I want a second device I can self-host at another place (or at least keep a spare hard drive at another location), but for now, I depend on Proton for this.
Its been hard enough for me to get my friend group to get off Telegram and on to Signal. Trusted offsite backups? Not a chance.
.