Photo management self hosted question

Hello everyone.

First I am new on this forum and on this website, and I want to thank everyone because I learned a lot since I discovered this website and I changed my workflow …

I am not an English native speaker, so excuse me for any English mistakes.

I actually have two questions.

First one is about photo management, I am currently using google photo and I want to avoid it, so I am looking for an alternative.
I tried to install ente because I have stuff to self-host some stuff, but I don’t succeed, so I checked for an alternative and found immich which is really similar to google photo, one missing cool feature in my opinion is the free space on mobile (as I understand they don’t want to implement it now because the app isn’t stable enough in their opinion).
I see that nextcloud has a photo plugin too (I don’t have nextcloud set up on my environment).

My question is why immich is not in the recommended list of privacy guide recommendations ?

My second question is more general, I don’t know if I am in the right place to ask it, but I read on reddit/privacy that on mobile it’s recommended to use progressive web app as much as possible, and/or use website when possible and not download the application whenever it’s possible, but I read on the recommendation of privacy guides that it’s better to download native application when they exist, so what is the best things to do, I am a little bit confused.

I think it’s because it’s still a very new software. And similar to Nextcloud, it does not have end-to-end encryption (not to big of a problem if you self-host it, but a big problem if someone were to host it for you)

Despite that though, Immich is really great imo, it’s still a new tool, but I’ve been using it a lot and I like it

4 Likes

I agree outside of security Immich has incredible app support for both Google and Apple, along with relatively smooth migrations. I use them self hosted on Docker and about to move to a distributed filesystem and kubernetes build.

For being so new, the team has a very high trajectory of features they’re adding and have funding from FUTO.

That said, it seems like the immich team does not want to implement e2ee as the system was designed to be efficient over enterprise security needs: [Feature]: Encryption for data at rest · Issue #450 · immich-app/immich · GitHub

I think if the use case is a family server then it should be fine.

2 Likes

Best way to self host it IMHO, is via TrueNAS Scale App. If your drives are encrypted, you should be good.

You can do remote backup via whatever cloud backup you use. I am currently leaning towards Blackblaze vs Storj. You encrypt it before you send it so it should be more than adequate to protect you.

1 Like

Welcome to the forum

Look at this quote :

Web apps are better sandboxed since they benefit from the Vanadium/Chromium sandbox, but they’re served arbitrarily by web servers.
Native apps mainly rely on the OS app sandbox (some parts can use a stricter sandbox called isolatedProcess), but can use more security features such as certificate pinning and the hardware-backed keystore. There are also W^X restrictions as signed code is distributed through app repositories with signature enforcement for app updates.
It comes down to the app in question.](Comparing security of using website or app - GrapheneOS Discussion Forum)

2 Likes

Oh ok I understand, the recommendation says to focus more on end to end encrypted solution because they are more focus on people who don’t have infrastructure to self host stuff because it’s not the most number of people who have this kind of things.

So in case of self host solution I could simply use immich because I have the control over my data.

Thank you for your answer I think I will keep going with this soft.

About the encryption before sending it to cloud is already what I do.
All my machine backups are encrypted before being send a cloud provider.

About TrueNAS, I am using proxmox on my own server, on this one I have a machine running docker and on this one I run the immich docker container, is it not enough ?

1 Like

Yes, actually it will be for my photos only and my backups are going to be encrypted before send to a cloud provider.

Thank you for your answer.

If you are still interested in self-hosting Ente, you could try to follow this guide by Jim’s Garage: https://www.youtube.com/watch?v=Gu-zAxAOn1E.

Personally, I think E2EE is just as important when self-hosting services since most people are not cybersec experts and lack the skills to secure their servers to the same extent as companies providing public services. That’s a big reason why I would encourage you to host Ente, rather than Immich, if you can get it to work.

1 Like

Welcome to the forum. For next time please open a seperate topic for other unrelated questions. Combining two questions in one post makes it very hard to read and keep track.

2 Likes

Sorry, I will do that next time

1 Like

Saddly I follow this video, but maybe I am too bad but I don’t succeed

Thank you for your answer, I understand that it depend on the app of the website, sadly I still don’t know when to use application on mobile or just website in my browser.

Do you have any list of recommendation app to download or to keep using in web browser please ?