Show HN: We built an end-to-end encrypted alternative to Google Photos
Over the last year we've been building ente[1], a privacy-friendly, easy-to-use alternative to Google Photos. We've so far built Android[2][3], iOS[4], web[5] apps that encrypt your files and back them up in the background. You can access these across your devices, and share them with other ente users, end-to-end encrypted. You can also use our electron app[6] to maintain a local copy of your backed up files.
We've built a fault-tolerant data replication layer that replicates your data to two different storage providers in the EU. We will be providing additional replicas as an addon in the future.
We're relying on libsodium[7] for performing all cryptographic operations. Under the hood it uses XChaCha20 and XSalsa20 for encryption and Argon2 for key derivation.
We have documented our architecture[8] and open-sourced our clients[9].
We did a soft-launch on r/degoogle[10] sometime ago, and have since then ironed out issues and polished the product.
But we are far from where we want to be in terms of features (object and face detection, location clustering, image filters, ...) and user experience. We are hoping to use this post as an opportunity to collect feedback from fellow hackers.
If there's anything we can do better, please let us know, we would like to.
Best,
- Vishnu, Neeraj, Abhinav
[1]: https://ente.io
[2]: https://ente.io/apk
[3]: https://play.google.com/store/apps/details?id=io.ente.photos
[4]: https://apps.apple.com/in/app/ente-photos/id1542026904
[5]: https://web.ente.io
[6]: https://github.com/ente-io/bhari-frame/releases/latest
[7]: https://libsodium.gitbook.io
[8]: https://ente.io/architecture
[9]: https://github.com/ente-io
[10]: https://www.reddit.com/r/degoogle/comments/njatok/we_built_a...
420 comments
[ 47.7 ms ] story [ 429 ms ] thread[1]: https://ente.io
[2]: https://ente.io/apk
[3]: https://play.google.com/store /apps/details?id=io.ente.photos
[4]: https://apps.apple.com/in/app/ente-photos/id1542026904
[5]: https://web.ente.io
[6]: https://github.com/ente-io/bhari-frame/releases/latest
[7]: https://libsodium.gitbook.io
[8]: https://ente.io/architecture
[9]: https://github.com/ente-io
[10]: https://www.reddit.com/r/degoogle/comments/njatok/we_built_a...
Also, the website looks absolutely great!
Also have a question about the pricing. I’m happy to pay at the current tiers, especially to help getting y’all bootstrapped. But I’m curious if reducing the pricing will be an objective for you as you scale? I’m not sure I see myself maintaining the current expense indefinitely or it making it easy to recommend to less technical friends/family.
On the business side, there's plenty of companies that have offered and succeeded with self-hosted software. On the client side, there's many individuals like myself willing to dedicate time, money, and effort to self-host services. I spent quite a bit of time setting up my NAS with self-hosted services, not only because the number of photos and media I store would be prohibitively expensive to host elsewhere (I do photography and videography as a hobby, 120 fps 10 bit footage adds up), but because I enjoy the hobby.
If you're hosting the service, there's no need for data to be encrypted client-side. Unless, of course, you were intending on running the service on a public cloud which you didn't control, but that's something I don't think many privacy conscious folk would do.
There's plenty of open source, self-hosted alternatives to Google Photos.
Of course it's still possible that an update could be sent to everyone which contains some code that only runs when a certain username is entered, so users would need to avoid updating the app until an audit by a trusted third party had approved it.
[0] https://github.com/kpcyrd/pacman-bintrans
For web apps, the situation is even more difficult, but there is a technique called Secure Bookmarks which allows you to confirm that a specific bundle of JavaScript is running (at the expense of some usability):
https://coins.github.io/secure-bookmark/
Most likely, QoS would be better from ente's hosting and I would be inclined to take advantage of that. An open source server can be audited and offer an off-ramp should their service no longer suit me.
Then again, the economics of enabling self-hosted infrastructure are probably less exciting compared to locking users in to marked-up, white-labeled infrastructure.
Secondly, if you do provide service to terrorists or pedophiles, and take no steps to stop doing so, law enforcement and society in general is not going to be very happy with you.
Now, Ente could still change its web application to somehow leak the master key and not disclose the changes in the source repo. One solution for this vulnerability is to package the entire web client as a browser extension, which is what Mega is doing:
https://github.com/meganz/web-extension
[0] https://github.com/tasn/webext-signed-pages
[1] https://coins.github.io/secure-bookmark/
Links and data tranfers can be traced.
Warrants and suponeas can make such traces / actions legal.
Is there a family plan? We currently have 200gb google photos plan with my wife, but to migrate we have to take 1000gb plan (which we fill maybe in 8 years at current pace of adding content). Maybe something in between 100gb and 1000gb would find it’s audience.
Why would someone pick your service?
> Our pricing is structured such that the 1TB plan costs only 3x the 100GB plan. This model works under the assumption that the average utilization of a 1TB plan (across all customers) will be close to 30%.
> So if we bring in an intermediary plan (say 500GB), we would have increase the pricing of the 1TB plan (since at least 50% will now be utilized), and also set the price of the 500GB plan to around 2-2.5x of the 100GB plan.
> This seemed like a lose-lose situation for everyone with growing storage needs.
> Since Apple and Google don't support per GB billing yet (which IMO would have been the fairest way to go), we had to pick buckets, and the current ones seemed like the fairest possible.
--
I hope this makes sense. Please let me know if we can do better.
[1]: https://www.reddit.com/r/enteio/comments/p4m0ee/more_price_t...
The algorithms are what makes Google Photos; Google Photos. If I wanted to just store my photos I'd throw them in a S3 bucket or Dropbox or something.
Google Photos lets me automatically categorise my photos by person, lets me search my library using text search for anything (e.g. I can search 'museum' and see pictures I've taken in museums). That is where the real value of Google Photos comes into play.
> But we are far from where we want to be in terms of features (object and face detection, location clustering, image filters, ...) and user experience. We are hoping to use this post as an opportunity to collect feedback from fellow hackers.
So you're going to implement algorithms then?
I'm excited to review this project. Thanks to the creators.
This has come at a perfect moment ... as, this weekend, I'm literally downloading my entire Google photos archive (one year at a time) to my local harddrive and figuring out a way forward.
I'm done with Google after a 'straw breaking the camels back' moment with their payment system.
I can see myself paying for such software if it was mature enough.
My experience is that it works great, provided that you're on your local network. When away from home or traveling, less so. Maybe I could configure things better to alleviate that, I don't know, but I haven't managed to yet.
Sharing is less convenient. Trying to share a photo on-platform is a terrible experience for the receiver with multiple slow redirects, so much so that generally if you're on mobile it's easier/better to just download the photo to your device and share the photo directly. The Moments android app has a flow for doing this, which is nice. It also makes a certain amount of sense: the alternative would be others connecting to your NAS online, which is always going to be less nice than just connecting to Google photos.
The search capabilities are pretty decent. It can recognize people and tag them appropriately. It can recognize some things. In some ways, I prefer searching it over searching Google Photos. But again, only if you're on your local network with your NAS.
--
Edit: see aborsy's response to me below. Looks like I'm a version behind. Maybe on-platform photo sharing is better now, I'll update the software and check it out
https://github.com/awesome-selfhosted/awesome-selfhosted
It's pretty dang hard to recreate a Google service.It's great for backup and have control over the photos - but dang it's slow....if I need something real quick, I usually go to google photos...even when I'm home. Maybe I need to upgrade to a NAS w/ faster processor, I don't know.
I've turned off the Google Photos facial recognition stuff because of privacy, but dang I miss the convenience. Moments has their own but it's not a good.
Google photos I can easily search for a city or text or an object and it pops up quickly.
If you want to check it out, here's a couple photos from when I picked some peppers the other day:
https://ojensen5115.quickconnect.to/mo/sharing/pgdYsVEqu
But I don't want my GPU burning away running them when they could run much more efficiently and out of mind in the cloud.
Yes, we will implement the algorithms, purely on the client side, such that we don't hold indexes to your personal data.
But I understand how that piece of text could have thrown you off, I'll think of ways to rephrase it. Thanks for pointing it out.
In the happy path the files/thumbnails are indexed before they are uploaded. But we are designing a framework that will pull files/thumbnails for indexing if they are unindexed or indexed by older models.
> how do you do this in a privacy preserving way
Our accuracy will not match that offered by services who index your data on their servers. But there's a trade off between user experience and privacy here, and we are hopeful that ente will be a viable option for an audience who is willing to sacrifice a bit of one for a lot of the other.
“You stuff will be private but in return accuracy will be so bad that the UX is gonna suck!”
That’s the key piece people miss when they wanna do anything with ML…that’s it’s a different problem compared to writing code because it’s not about the code anymore, it’s about having great training data!
We don't feel that the entire UX of a photo storage app will "suck" because of a reduced accuracy in search results, and we think that for some of us the reduced accuracy might not be a deal breaker.
[1]: https://developer.apple.com/documentation/coreml
I know IBM has released something lately, but given the source..
Does anyone use HE for the type of ML application you are describing?
> Our accuracy will not match that offered by services who index your data on their servers. But there's a trade off between user experience and privacy here,
I think most people here understand that[0]. We are on Hacker News after all and not Reddit or a more general public place. The concern isn't that you are worse. The concern is that your product has to advance and get better over time. That mechanism is unclear and potentially concerning. The answer to this is the answer to how you ensure continued privacy.
You talk about the "push files/thumbnails for indexing" and this is what is most concerning to me and at the heart of my original question. How are you collecting those photos for _your_ training set? Obviously this isn't just ImageNet (dear god I hope not). Are you creating your own JFT-300M? Where are those photos being sourced from? What's the bias in that dataset? Obviously there are questions about the model too (CNNs and Transformers have different types of biases and see images differently). But that's a bigger question of training methods and that gets complicated and nuanced fast. Obviously we know there is going to be some distillation going on.
There's a lot of concerns here and questions that won't really get asked of people that aren't pushing privacy based apps. But the biggest question is how you get feedback into your model and improve it. Non-privacy preserving apps are easier in this respect because you know what (real world) examples you're failing on. But privacy preserving methods don't have this feedback mechanism. We know homomorphic encryption isn't there yet and we know there are concerns with federated learning (images can be recreated from gradients). So the question is: how are you going to improve your model in a privacy preserving method?
[0] I think people also understand that on device NNs are going to be worse than server side NNs since there's a huge difference in the number of parameters and throughput between these and phone hardware can only do so much.
We will not improve our models with the help of user-data and will resort to only pre-trained models that are available in the public domain.
Yes to this. Prove it as well.
[0] https://news.ycombinator.com/item?id=28252634
Having vendors vacuum up my data is sub-optimal from a privacy/ownership standpoint. I'm curious how to enable models without giving away my data. Open source models owned by society? Numerai style training (that I don't understand) https://numer.ai/ ?
This is still an unsolved problem in ML. Not only do we have dataset biases (as discussed above) but models can also exaggerate these biases. So even if you get a perfectly distributed dataset your model can still introduce problems.
But in either case, we don't have the same concerns in research as we have in production. While there are people researching these topics most of us are still trying to just get good at dealing with large data (and tails) in the first place. Right now the popular paradigm is "throw more data at the model." There are nuances and opinions to this why this may not be the best strategy and why we should be focusing on other aspects (opinions being key here).
Either way, "using publicly available datasets" is an answer that suggests 1) they might not understand these issues and 2) the model is going to have a ton of bias because they're just using off the shelf models. I want some confidence that these people actually understand ML instead of throwing a neural net at the problem and hitting go.
> I'm curious how to enable models without giving away my data.
Our best guess right now is homomorphic encryption. But right now this is really slow and not as accurate. There's federated learning but this has issues too. Remember, we can often reconstruct images from the dataset if we have the trained model[2]. You'll see in this reference that while the reconstructions aren't perfect, they are more than satisfactory. So right now we should probably rule out federated learning.
> Open source models owned by society?
Actually models aren't the big issue. Google and Facebook have no problem sharing their models because that isn't their secret sauce. The secret sauce is the data (like Google's proprietary JFT-300M) and the training methods (though most of the training methods are public as well as few are able to actually reproduce due to not having millions of dollars in compute).
I hope this accurately answers your questions and further expands on the reasoning behind my concerns (and specifically why I don't think the responses to me are sufficient).
[0] https://image-net.org/about.php
[1] https://arxiv.org/abs/1707.02968 (personally it bugs me that this dataset is propr...
Looking at this while better understanding the problem, I wonder what features I really want for my own photo library. Thinking of iOS photos. Matching people together seems hard. But grouping photos by GPS location or date is trivial. So we have to get clear on what features are important for home photo libraries.
I can now see how the idea of "use public libraries = solution" falls short. It neither presents a viable solution or demonstrates rigorous understanding.
These are good points about GPS and other metadata. I didn't really think about that when thinking about this problem, but every album I create is pretty much a combination of GPS and temporally based (though I create this with friends). But I think you're right in suggesting that there are likely _simple_ ways to group some things that aren't currently being done.
> I can now see how the idea of "use public libraries = solution" falls short. It neither presents a viable solution or demonstrates rigorous understanding.
ML is hard. But everyone sells it as easy. But then again, if it was easy why would Google and Facebook pay such a high rate for researchers? There's a lot of people in this space and so it is noisy. But I think if you have a pretty strong math background you start to be able to pick out the signal from the noise better and see that there is a lot more to the research than getting SOTA results on benchmark datasets.
Apple used to sell this. Then they stopped.
And if I need to have other kind of client... like a nas to do that... Why I need the cloud?
Indexing will be opt-in. You will be able to run the indexing only on your desktop client for instance.
> Why I need the cloud?
So that you don't have to manage your own storage infrastructure? But if you would like to do that, then there are self-hosted alternatives that will better serve your use case.
Now that you've mentioned it, yes, I'd like to try that. But as a counterpoint to your argument, I've never needed it, and I suspect that a lot of people may not actually be getting the same value propositions that you're getting.
On the other hand, Google Photos is Google Photos. But it's often a mistake to compete directly with an established product. New ideas tend to win by transcending the competition.
I propose that if this Show HN turns into a product, it will be because it does something people didn't realize they wanted. Maybe that's privacy. I don't know.
I like the idea of being able to type “water” and see a bunch of water bottles mixed in with all the water-y places we’ve visited.
What sealed the deal was to see it on a map. I typed “water” into Photos just now, and it did a pretty good job. But there’s something peculiar about being able to look at a pin and say “I’ve been at that pin.”
Just a silly thing. But it costs me nothing to get it, so I want it.
For some reason, it only has 40 places, whereas I have 9,987 photos. I definitely have photos from Cancun, so I wonder if the location data somehow got stripped, possibly when I got a new iPhone around 4 months ago… though that doesn’t make much sense to me.
Anyway, I just wanted to say thanks for pointing out that the thing I wanted already exists on iOS, even if it didn’t have a pin on Cancun. I’ll check the exif data someday, perhaps, or sync to Google photos and see if it pops up.
Cheers!
There are annoying limitations though, probably because the original team moved on and it's in maintenance stage. Using my example above, google photos has no idea what the "outer banks" are (which is where the beach photos were taken in north carolina) and returns no results. It also has trouble parsing out entities from search terms, so "north carolina beach maggie" isn't going to find pictures of Maggie on the beach in North Carolina (which you'd think they could really fix given that, well, they're google). Finally, there's no way (that I know of) to jump from search results to your full timeline; let's say that "north carolina beach" gets me a bunch of beach pictures from January 2015 (yeah, it was cold), but doesn't have _the_ picture from the trip that I know I want - there's no direct way to click to January 2015 from the results, which really sucks. (Instead you have to go back out of results and use their fiddly scroll to get there.)
For me the killer feature of Google photos are: - Free storage of photos (hence why I'll move after I run out of free space) - Tagging faces - Sharing albums
Instead of natural language search, where I have no idea whether it understood me, I wish I could do (modifying your example):
"North Carolina" "Maggie Thomson" "Tom Morgan" -beach 2018
for all photos in NC, with Maggie and Tom, not in a beach from 2018
and even better, if it could tell me the number of results that would show up if we removed each keyword above.
I guess it's a tough problem, even for Google :(
It's amusing how people's insights can turn myopic. Search in photos is the killer feature, and it even solves the problem that you have.
If you realize that you need to see photos from January 2015, don't try to scroll back in your photos feed. Just do a second search for "January 2015".
And it's not just dogs. Specific people, locations (before I turned of geotagging on my photos), scenery (mountains, outdoors), etc.
Sometimes this search is nice, but it's not good enough that I can really rely on it.
Neither of those give you any privacy unless you do the encryption yourself in which case you have to build something to access them unencrypted. Have you checked out what the service actually does?
I want automatic backup, easy sharing, and accessibility from all devices.
This is untrue, and actually one of the reasons I hope a strong competitor to Google Photos comes along soon. The search function is, for whatever reason, heavily censored and perhaps even biased in some circumstances. Worse, it is completely useless. For example, the query "fat" returns nothing, despite the fact that my gallery is filled with drawing reference photos that includes plus-sized people. "Black people" returns photos of non-black people, and (infamously, and perhaps for related reasons re: the shortcomings of Google's image recognition and tagging algorithm) "gorilla" returns 0 results. "Red shirt" returns an image of a blue decorative screen; "comic" returns anime and webpage screenshots; "woman" returns multiple photos consisting entirely of groups of men.
The situation is dire.
I have an album shared with my parents which photos of my daughter are automatically added to.
I have an album shared with my daughter which photos of our dog is automatically added to.
I also like the collages, slideshows, movies and this day x years ago photos which Google Photos automatically creates and notifies me of.
Simple and reliable backup and reasonably speedy browsing is what I need.
* it's free and comes by default with an Android phone.
* it just works.
If you can make an effortless way to get online backups of my photos at a reasonable price while regaining privacy, then I'll switch in a heartbeat without a single thought about any of those ML-based moat features Google has crammed in their service.
Jeesh, that's easy.
You encrypt the algorithms too.
- when registering via the Android application I got no 1Password prompt to fill in the fields; this is usually the case with other applications - there doesn't seem to be an option to back-up single photos, only whole directories; why is this?
Regarding the lack of option for backing up individual files, currently that option exists only on iOS since the OS provides users with an option to grant permission to a few files instead of their entire gallery.
There are two ways to work around this on Android right now:
1. Share a file from outside the app to ente.
2. Skip the folder selection, choose the file you want to backup from your device folder, and add it to an album (you will be prompted to create an album if none exist).
We are optimistic that with the Data Transfer Project[1], Google will eventually expose APIs for us to perform this migration programmatically.
[1]: https://datatransferproject.dev
Edit: I think it's similar to "being"
Also, I've a thing for rubber ducks.
Also, the domain was available. :)
>the receiver just needs a free ente account.
I feel like there should be an even more frictionless option to make it easy for family to access photos. For example, if there were a way to just trigger a mailing list when an album is added to, that would be perfect. “Here is an update on our trip: [link]” I love that you mention you are security and privacy focused, and I see how this could conflict with that mission. Perhaps a tradeoff here could be allowing one viewing via link and future viewings require account?
We can do this if all of the participants are already on ente.
> allowing one viewing via link and future viewings require account
We are hoping to come up with an implementation similar to this where in a link to an album can be shared with N devices. We will persist an accessToken on the viewer's localstorage so that they can re-view the album multiple times without having to sign up.
I would feel a lot more comfortable with this if it didn't collect any data of mine, and you were just storing ciphertext.
I don't want an account, and I don't want to give you my name or email.
I can't imagine how that information could be used to stop an attack that otherwise would succeed. Is this just so that you can say "Your last login was from Safari on an iPhone" to the user to reassure them their password hasn't been stolen (or the attacker has correctly guessed the most popular browser on the most popular platform)?
If so, this seems like a string that could be generated client-side, and stored encrypted on your server, so that you never have to log this data in plaintext.
But your point is valid. Just the operating system and app version is enough to derive this information. We will make this change and update our privacy policy.
Thanks for bringing this up!
If I have to trust you with my information, you didn't need to bother with the crypto stuff.
If at all the upload flow breaks in between, just drag and drop the exported folder again, we will skip already uploaded files and resume from where we left off.
Commercially, Apple and Google are both 2TB for 10 CHF and Amazon gives you unlimited as part of a Prime membership. Storage providers like Backblaze and Wasabi both charge around $5/TB and that's really the table-stakes price. For the more DIY-inclined, Hetzner sells a 2TB OwnCloud instance for 9.90€/month.
I'd prefer to buy software from you than storage. It's out of the question for me to pay you per TB but I'd consider paying a flat rate for software I then host myself.
What we do not need is more cloud offerings that can change, vanish or lock us out at the blink of an algorithm's eye.
What we need, rather, are reliable and easy-to-use solutions that allow us to retain full control of our data (i.e. self-hosted and offline) while having feature parity with the big cloud-only solutions.
I for one am convinced that there is plenty of money to be made that way. Perhaps not as much on autopilot as with the quasi-scam that is cloud computing, but people willingly paid hundreds or thousands for software before clouds and subscriptions. People will do so again, if you bring a convincing, unique or competitive product to market.
That being said, I like, appreciate and support this project for its impetus, even though I think its distribution strategy is misguided and fad-driven (re-selling cloud space instead of selling software). It's not too late to change that...
We don't have a problem with offering a self-hosted variant. But given our limited engineering bandwidth we had to take a call on who our target market should be, and we felt that it was more important to make privacy accessible to people like my mom and dad. Hence this direction.
I suspect the way it usually happens is that somebody your parents trust (like you) tells them to sign up for a privacy-preserving backup service.
But who's going to tell them to do that? Do you have the money to pay for advertising?
Normally, I'd suspect it's the tech-savvy younger folks who'd tell them to buy something like this but with your pricing and lack of self-hosted options, I suspect you've alienated a large portion of the tech-savvy audience you need to advocate for your product.
We are hopeful that we will be able to reduce the pricing as we scale up and hit a critical mass.
> who's going to tell them to do that?
We plan to implement a referral program, similar to what Dropbox did, to incentivize existing customers to spread the word.
That said, you do bring up interesting points. To repeat, we aren't averse to the idea of maintaining a self-hosted variant. Just that due to our limited bandwidth we had to choose one direction over another. Having advocates is important and I suppose with time we will have clarity on how to best do this without stretching ourselves too thin.
That being said, really really hoping for your success! It finally fills a MUCH needed gap in 2021 consumer image viewing software.
There are many many gaps in it right now. Synology is basically the only self-hosted photo solution that grandma could use. Honestly surprised that more people aren't taking advantage of the opportunity.
Time will tell if it was the right way forward, but I just went with "you can't fight gravity" and built it the way folks expect it to be (ex: supabase / posthog / gitlab).
Spot on. We iterated on a similar product in this space: "privacy preserving", "self-hosted", "open source" etc. But focused on local AI indexing & search of personal videos and photos [0], rather than backups.
We ultimately shelved VideoNinja because we weren't able to find a sustainable business angle:
* Non-technical people simply don't care (happy locked into Apple / Google).
* Technical people understood the proposition, but are super stingy. Case in point, see the responses in this very thread: "$10 per year max; I can buy a HDD for less!". That's one (cheap) restaurant meal per year.
So I fully understand your decision to go "cloud". Although that immediately takes your product off the table for me personally. I want nothing of mine (of value) in the cloud.
I feel there must be a way to square that circle, the market exists.
[0] https://video-ninja.com/
I currently have a self-hosted google photos clone and I only paid for the hardware. Highly recommend.
I think until they've got a customer base and a proven model a happy median is to put the code in escrow and agree to give the source to paid licensees should the project be abandoned/more than x months without updates/whatever.
What's the issue with the cloud if you encrypt client-side? It's off-site backup. Isn't it too risky to have your life's work on a few drives in the same location?
- Scene finding for directors/news channels. AP and other sources have a lot of material but you pretty much literally have to watch the entire video in order to find a good scene.
- Scene finding for the XXX crowd. Very underserved market.
- Scene finding for police/lawyers. While it may seem like the opposite of 'privacy preserving', defense attorneys are literally just swamped with video evidence in an attempt to make them give up. Similarly if you're suing a big company for something as simple as an on the job injury or harassment, and need to prove there's a pattern of harm... they'll give you everything and let you do the work of finding out that there was a pattern of bad behavior.
It's the kind of thing that'd be useful as an open source solution... or failing that having a company which is 100% neutral in operation is also good.
I'm currently using Microsoft for something like this because they're absolution massive and apart from their OpenAI division, they only care that what you process is legal.
- Our 1TB plan costs only 3x the 100GB plan. This model works under the assumption that the average utilization of a 1TB plan (across all customers) will be ~30%.
- If we were to bring in an intermediary plan (say 500GB), we would have to increase the pricing of the 1TB plan (since at least 50% will now be utilized), and also set the price of the 500GB plan to at least 2x of the 100GB plan. Both plans now appear unattractive.
- Since Apple and Google don't support per GB billing yet (which IMO would have been the fairest way to go), we had to pick buckets, and the current ones seemed like the fairest possible.
I hope this makes sense.
What happens if you start by pricing all tiers "honestly" (i.e. reasonably profitable even at 100% utilization)? Have you determined that the market won't bear that pricing? If so, is there any way to meet in the middle?
In general, you may be erring a little too much on the side of asking some customers to grossly overpay for their actual utilization and, in practical terms, 100GB to 1TB is just an extremely wide gap, as evidenced by your parent's comment.
So, it seems that most who tip over into the 100GB - 1TB plan will be there, overpaying, for a long time. And, obviously, most people who make it to 1TB will pass through that range. So, if you do see a higher concentration of users in that range than at 1TB (as intuituon would suggest), then you're essentially "punishing" a plurality of your customers by asking them to subsidize a smaller group's pricing.
Failing other options, it may be better to do the inverse: raise the pricing of 1TB to accomodate a "friendlier" 500GB plan.
If not you, someone will figure this out. Charging by the GB seems hard. What if instead your levels were: 1,000 photos 10,000 photos 100,000 photos
You might get people who store super high res files, but work that into the pricing.
Do you have any marketers to help you? Will be hard to navigate the messaging alone.
Photos can easily be 30 MB each or more, especially from dedicated cameras. If all photos were 30 MB it would cost $5.69 per year for 1,000 photos.
Not making any point, just calculated it for myself and thought to share.
You know it really gets me thinking about packages rather than GB for this service. Maybe there's a "family plan" opportunity here. Do families value anti-surveillance in general, or is it simply lone actors?
Just the idea of archetypes flashed through my mind. An opportunity to sell to difference audiences. What kind of algos do individuals need, pro photographers, families?
When I was looking at setting up a similar service, it seemed like you Backblaze B2+Cloudflare might well be the best combination. B2 will sell you storage at $5/TB, and you can get free bandwidth out to Cloudflare's network. It's against Cloudflare's terms to use free plan for image hosting that isn't just images as part of webpages. However, one of their staff members commented on a thread that they'd likely to be willing to set up a custom plan for a business who wanted to do this. And I'd bet that Cloudflare's bandwidth would be a lot cheaper than B2's.
Interestingly, Workers Unbound charges 0.045/GB which is more than B2's 0.01/GB.
A viable long term alternative could be Wasabi that offers free egress in return for a $6/TB plan. But we're waiting to see how things pan out before executing an expensive migration.
```
{
}```
The last I checked was a few months ago, not sure if things have been fixed now.
With Workers, we simply fetch the remote resource from B2 and return it back to the client, acting as a thin proxy.
They also used dark pattern on Android for years by enabling cloud sync by default for everything. So a lot of people got all their photos uploaded while they had no idea about feature.
So it's not any different from Facebook that constantly tried to collect as much data on you as possible. Do you know what is evil about facebook?
And I don't think anything is wrong about Facebook's business model. I think most people are uninformed about it and believe that they sell personal data, but if you understand the way they make money, it's very difficult to say that there is any particular issue with it.
That is utterly unacceptable.
What's evil about that?
$300/year for 2TB isn't happening. I can buy a 12TB HDD for less, if I shop around.
I'd like a service like this to keep small, well-compressed 1080p or 4k photos available for instant access, and original files in archival storage of some kind.
I'm totally glad to pay the $10/year for the baseline service, and another $12 for deep glacier costs. I'm not glad to pay thousands of dollars for a service like this over the lifetime of my photos. I'm not quite sure where the line between that is.
I'll also mention: open-source, data export, and the option of self-hosting is helpful. I don't want to spin up an EC2 instance for this when I can buy $12, but if you go out-of-business, I'd like to have the option. Could also be an option you only guarantee if the service is discontinued or has substantially different costs/terms.
You can pay even less to store that data in /dev/null. To make a more realistic comparison you should also include data retrieval & data transfer costs. Reading a terabyte from those services costs around $100.
Rolling your own on top of a cloud storage provider is great too but for an incremental $100-$200/year some people would pay for something that “just works”.
At $14.99 /mo for a 1TB storage or even the discounted Indian pricing of ₹999 /mo; I would put it at a high price point for a Photo Service/Tool.
Just a thought. I'd priced it similar to Google Photos but sell the encrypted/privacy part as a prominent feature.
Yes, ente.io is easier to setup, but there are many things lacking or unpolished (e.g. the image sizes that are being loaded while going through the fotos fullscreen in the browser).
[1] https://photoprism.app
I like that it is self hosted, it also uses TensorFlow to classify images so you can perform keyword searches e.g "museum". It doesnt appear to be as good as Google Photos though, e.g in GP you can search "vaccination card" and it does what you expect which is very impressive.
Face detection is currently under heavy development also, which is very exciting: https://github.com/photoprism/photoprism/issues/22
There are certainly things that are missing, but I'm okay with the tradeoffs for now in the hope that it will eventually improve.
Equal: no. Comparable: sure.
Cloud services have entire departments of people constantly combatting this stuff for a reason. It's the single hardest part about providing an image service.