First I am new on this forum and on this website, and I want to thank everyone because I learned a lot since I discovered this website and I changed my workflow …
I am not an English native speaker, so excuse me for any English mistakes.
I actually have two questions.
First one is about photo management, I am currently using google photo and I want to avoid it, so I am looking for an alternative.
I tried to install ente because I have stuff to self-host some stuff, but I don’t succeed, so I checked for an alternative and found immich which is really similar to google photo, one missing cool feature in my opinion is the free space on mobile (as I understand they don’t want to implement it now because the app isn’t stable enough in their opinion).
I see that nextcloud has a photo plugin too (I don’t have nextcloud set up on my environment).
My question is why immich is not in the recommended list of privacy guide recommendations ?
My second question is more general, I don’t know if I am in the right place to ask it, but I read on reddit/privacy that on mobile it’s recommended to use progressive web app as much as possible, and/or use website when possible and not download the application whenever it’s possible, but I read on the recommendation of privacy guides that it’s better to download native application when they exist, so what is the best things to do, I am a little bit confused.
I think it’s because it’s still a very new software. And similar to Nextcloud, it does not have end-to-end encryption (not to big of a problem if you self-host it, but a big problem if someone were to host it for you)
Despite that though, Immich is really great imo, it’s still a new tool, but I’ve been using it a lot and I like it
I agree outside of security Immich has incredible app support for both Google and Apple, along with relatively smooth migrations. I use them self hosted on Docker and about to move to a distributed filesystem and kubernetes build.
For being so new, the team has a very high trajectory of features they’re adding and have funding from FUTO.
Best way to self host it IMHO, is via TrueNAS Scale App. If your drives are encrypted, you should be good.
You can do remote backup via whatever cloud backup you use. I am currently leaning towards Blackblaze vs Storj. You encrypt it before you send it so it should be more than adequate to protect you.
Web apps are better sandboxed since they benefit from the Vanadium/Chromium sandbox, but they’re served arbitrarily by web servers.
Native apps mainly rely on the OS app sandbox (some parts can use a stricter sandbox called isolatedProcess), but can use more security features such as certificate pinning and the hardware-backed keystore. There are also W^X restrictions as signed code is distributed through app repositories with signature enforcement for app updates.
It comes down to the app in question.](Comparing security of using website or app - GrapheneOS Discussion Forum)
Oh ok I understand, the recommendation says to focus more on end to end encrypted solution because they are more focus on people who don’t have infrastructure to self host stuff because it’s not the most number of people who have this kind of things.
So in case of self host solution I could simply use immich because I have the control over my data.
Thank you for your answer I think I will keep going with this soft.
About the encryption before sending it to cloud is already what I do.
All my machine backups are encrypted before being send a cloud provider.
About TrueNAS, I am using proxmox on my own server, on this one I have a machine running docker and on this one I run the immich docker container, is it not enough ?
Personally, I think E2EE is just as important when self-hosting services since most people are not cybersec experts and lack the skills to secure their servers to the same extent as companies providing public services. That’s a big reason why I would encourage you to host Ente, rather than Immich, if you can get it to work.
Welcome to the forum. For next time please open a seperate topic for other unrelated questions. Combining two questions in one post makes it very hard to read and keep track.
Thank you for your answer, I understand that it depend on the app of the website, sadly I still don’t know when to use application on mobile or just website in my browser.
Do you have any list of recommendation app to download or to keep using in web browser please ?