I’m a little concerned about their implementation. It seems that there’s two private keys that exist on two servers, each in different countries…? One is used for encryption of the data, and one is used to decrypt the key for the former case. In that way, stealing one server isn’t enough, but stealing both would (right?). Obviously, there’s jurisdictional and sovereignty hurdles, but that still doesn’t seem as secure as having each person owning their own private key locally.
That’s the main issue with how Immich has been developed: the main assumption was always that the end user would either self-host it on their own machine, or use disk encryptions (e.g. LUKS) for VPS.
The issue is that if you try to make it a SaaS, like PixelUnion does, there’s no real way to prevent the PixelUnion admins from accessing your data.
I have good hopes for https://zeitkapsl.eu/en/ , hopefully at some point they allow self hosting and then it will be possible to do what PixelUnion does with Immich, but with proper E2EE
You can’t do face detection or other features with E2EE. It’s a design choice, and I think Immich fills a great spot as a google photo replacement, leave E2EE to other tools
They detail their encryption strategy here: https://pixelunion.eu/help/other/data-security/#how-our-encryption-works
Thanks!
I’m a little concerned about their implementation. It seems that there’s two private keys that exist on two servers, each in different countries…? One is used for encryption of the data, and one is used to decrypt the key for the former case. In that way, stealing one server isn’t enough, but stealing both would (right?). Obviously, there’s jurisdictional and sovereignty hurdles, but that still doesn’t seem as secure as having each person owning their own private key locally.
Or maybe I’m just dumb and don’t get it.
That’s the main issue with how Immich has been developed: the main assumption was always that the end user would either self-host it on their own machine, or use disk encryptions (e.g. LUKS) for VPS.
The issue is that if you try to make it a SaaS, like PixelUnion does, there’s no real way to prevent the PixelUnion admins from accessing your data.
I have good hopes for https://zeitkapsl.eu/en/ , hopefully at some point they allow self hosting and then it will be possible to do what PixelUnion does with Immich, but with proper E2EE
You can’t do face detection or other features with E2EE. It’s a design choice, and I think Immich fills a great spot as a google photo replacement, leave E2EE to other tools
Ente does face detection with E2EE. Those features happen client side rather than server side.