Show HN: We built an end-to-end encrypted alternative to Google Photos

1180 points by vishnumohandas ↗ HN
Hello HN,

Over the last year we've been building ente[1], a privacy-friendly, easy-to-use alternative to Google Photos. We've so far built Android[2][3], iOS[4], web[5] apps that encrypt your files and back them up in the background. You can access these across your devices, and share them with other ente users, end-to-end encrypted. You can also use our electron app[6] to maintain a local copy of your backed up files.

We've built a fault-tolerant data replication layer that replicates your data to two different storage providers in the EU. We will be providing additional replicas as an addon in the future.

We're relying on libsodium[7] for performing all cryptographic operations. Under the hood it uses XChaCha20 and XSalsa20 for encryption and Argon2 for key derivation.

We have documented our architecture[8] and open-sourced our clients[9].

We did a soft-launch on r/degoogle[10] sometime ago, and have since then ironed out issues and polished the product.

But we are far from where we want to be in terms of features (object and face detection, location clustering, image filters, ...) and user experience. We are hoping to use this post as an opportunity to collect feedback from fellow hackers.

If there's anything we can do better, please let us know, we would like to.

Best,

- Vishnu, Neeraj, Abhinav

[1]: https://ente.io

[2]: https://ente.io/apk

[3]: https://play.google.com/store/apps/details?id=io.ente.photos

[4]: https://apps.apple.com/in/app/ente-photos/id1542026904

[5]: https://web.ente.io

[6]: https://github.com/ente-io/bhari-frame/releases/latest

[7]: https://libsodium.gitbook.io

[8]: https://ente.io/architecture

[9]: https://github.com/ente-io

[10]: https://www.reddit.com/r/degoogle/comments/njatok/we_built_a...

420 comments

[ 47.7 ms ] story [ 429 ms ] thread
(Since the original links are now clickable, I propose that it would be nice if HN made all links in self-text posts clickable by default. It seems like it might foster a healthier community, since it will feel less like it's a special privilege to have clickable links.)
Kudos on your launch! I just had a question: the pricing plans seem slightly pricey, is it to break even before bringing prices down, or is it due to expensive storage? If the latter, is there a self-hosted option?

Also, the website looks absolutely great!

yes! googol is cheaper and the bottom line matters to lot of people. perhaps this is a good way to ask people whether they'd pay additional 5-10$ for privacy.
Thanks! We're currently focusing on breaking even and becoming self sustaining. With scale we're hopeful that we'll be able to reduce the prices.
Have been hoping for something like this for probably a decade – and your product looks great.

Also have a question about the pricing. I’m happy to pay at the current tiers, especially to help getting y’all bootstrapped. But I’m curious if reducing the pricing will be an objective for you as you scale? I’m not sure I see myself maintaining the current expense indefinitely or it making it easy to recommend to less technical friends/family.

The idea behind the project is to make privacy accessible. We are hopeful that we'll be able to lower the price points as we scale up and still remain profitable.
ELI5 what does self hosting option mean here in this context?
congrats! wishing you good luck
V cool service! What metadata do you store btw? Can I use it to store nice dslr pics and later sort by ISO?
On mobile we already include EXIF information in the encrypted-metadata. We will be doing the same on web soon, and will then enable client-side search over that data.
This is looks super cool, however not something I'd be interested in using myself if I can't selfhost it (at least it looks like thats not possible from the website).
self hosting is not worth the time and effort.
That is not categorically true.

On the business side, there's plenty of companies that have offered and succeeded with self-hosted software. On the client side, there's many individuals like myself willing to dedicate time, money, and effort to self-host services. I spent quite a bit of time setting up my NAS with self-hosted services, not only because the number of photos and media I store would be prohibitively expensive to host elsewhere (I do photography and videography as a hobby, 120 fps 10 bit footage adds up), but because I enjoy the hobby.

we have so many consumer facing apps. you'd want to maintain all those and actually have a life to use those? good luck!
Not everybody has to use "many" apps. You can only self-host those you care about.
Self-hosting a zero knowledge service is probably unnecessary.

If you're hosting the service, there's no need for data to be encrypted client-side. Unless, of course, you were intending on running the service on a public cloud which you didn't control, but that's something I don't think many privacy conscious folk would do.

There's plenty of open source, self-hosted alternatives to Google Photos.

How do you know it's zero knowledge?
The source code of the client-side apps appears to be available on GitHub. So if they're bluffing, it won't be too long until someone calls them out on it.
Unless they only send compromised code to you personally and nobody else.
One way to mitigate that is through Binary Transparency, which would allow people to detect if a release is made for which there is no source code available (assuming the project already has reproducible builds). There is already a project attempting this for Arch Linux packages[0].

Of course it's still possible that an update could be sent to everyone which contains some code that only runs when a certain username is entered, so users would need to avoid updating the app until an audit by a trusted third party had approved it.

[0] https://github.com/kpcyrd/pacman-bintrans

Without a fully described mechanism to confirm that the client you download is not compiled with additional code (i.e. without specifying exactly how the client is compiled, using which version of which compiler, and which compile flags, dependency versions, etc) any kind of "the code seems to be on github" is kind of meaningless.
Ideally they should support reproducible builds so that anyone can confirm that the hash of the app corresponds to a specific tag on the source repository. Unfortunately app stores are making it harder to know what the hash of the app you are installing is, but for side-loading this should still be possible.

For web apps, the situation is even more difficult, but there is a technique called Secure Bookmarks which allows you to confirm that a specific bundle of JavaScript is running (at the expense of some usability):

https://coins.github.io/secure-bookmark/

F-Droid supports reproducible builds. Any serious FOSS app, I think, must priortise publishing to F-Droid.
To me it is a canary signal that I have the option to self-host.

Most likely, QoS would be better from ente's hosting and I would be inclined to take advantage of that. An open source server can be audited and offer an off-ramp should their service no longer suit me.

Then again, the economics of enabling self-hosted infrastructure are probably less exciting compared to locking users in to marked-up, white-labeled infrastructure.

Yeah, having attempted to operate a service very similar to this (only more focused on general encrypted cloud storage) I will say there are no good economics in usage-based billing. You're much better off selling a license to use the software and give users the ability to use common cloud storage providers (minimally the s3-compatible ones but also things like Google Drive) as the backing for this. Even safer from a legal perspective would be not having accounts at all and allowing users to purchase a 1-year license based on license keys that are cryptographically validated but not stored anywhere. Then it's impossible to do anything user specific whether you are compelled to or not.
(comment deleted)
I noticed on one of the screenshots there are buttons labelled "When in Rome" and "Christmas 2019". What do the labels reference? Are you using tags added from the photos metadata? Thanks!
Those are manually created album names. We don't have automatic clustering enabled yet. But it is in the pipeline and we hope to ship it later this year.
What are your plans for when your app is found to host content such as terrorist executions, child porn, etc.? (This isn't trolling, it's something that eventually happens with every product, and I've been wanting a non-Google version myself but wondering how that kind of abuse would be dealt with.)
The answer to this question is why the only solution in the long run is local storage.
Just imagined a distopian future where storing data locally would be illegal, for the society good of course /s
Not when you have government-mandated software checking your local files against hashes. Not today, but someday.
I don't think they would be able to do anything about it, since (from what I could infer from reading) it is zero-knowledge, so no one from the company can access the pictures. I might be wrong, though
Yes, and that is a problem.
What is the problem/why is there a problem?
Well, first and foremost, if I ran a service, I would not want to help either terrorists or pedophiles. I would be very unhappy if I was doing that.

Secondly, if you do provide service to terrorists or pedophiles, and take no steps to stop doing so, law enforcement and society in general is not going to be very happy with you.

(comment deleted)
Well, depending on legislation, they could be ordered to change the code to send the user password to them on next login for that account and then decrypt everything…
(comment deleted)
The architecture of Ente (https://ente.io/architecture) prevents your unencrypted master key from being exposed to the server. The password authentication appears to be client-side, which means that the data could not be compromised solely by a malicious server-side change.

Now, Ente could still change its web application to somehow leak the master key and not disclose the changes in the source repo. One solution for this vulnerability is to package the entire web client as a browser extension, which is what Mega is doing:

https://github.com/meganz/web-extension

There are a couple of other ways to mitigate the problem for web applications. If you're willing to install a browser extension, then it might make more sense to use the Signed Pages extension[0] which applies PGP signature checking to web pages. The other solution is to use Secure Bookmarks[1], which combine SRI integrity hashes with Data URIs to ensure that a fixed bundle of JavaScript is running in the page.

[0] https://github.com/tasn/webext-signed-pages

[1] https://coins.github.io/secure-bookmark/

something that only showed up in mainstream media 10 years after smart phones got launched. gawd.
It is not possible to prove this, because the photos are encrypted.
Encrypted content can be decrypted.

Links and data tranfers can be traced.

Warrants and suponeas can make such traces / actions legal.

the answer is right here https://ente.io/transparency
It does not say how often it is updated. Wouldn't it be better to say "as of 8/29/2021, we have received no such requests and we are updating this page monthly".
Yes, this is a good first step towards a true warrant canary, but you need to date it and provide a cryptographic hash of the content.
Since it‘s a paid service with user accounts. You would be able to ban users that have been reported to use this service for illegal means. The same question can be asked to WhatsApp / iMessage / Signal / etc.
Awesome work. Although the price is 5x of google’s, the privacy is worth it.

Is there a family plan? We currently have 200gb google photos plan with my wife, but to migrate we have to take 1000gb plan (which we fill maybe in 8 years at current pace of adding content). Maybe something in between 100gb and 1000gb would find it’s audience.

Yes, we have both a 100GB and a 1000GB plans, you can check them on https://ente.io/#pricing
Pricing is expensive comparing it to mega (https://mega.io/pro). Mega is end to end encrypted as well (Mega is 2tb for $118. Source code is also available https://mega.io/sourcecode).

Why would someone pick your service?

ente is focused towards solving the sole problem of photo storage and organization while Mega serves as a general purpose drive. The product is in it's infancy right now. Once we have search and indexing, the difference will hopefully be clearer.
Exactly my point. I’m getting close to 200gb, but it’s gonna be a while I reach 1000gb. So essentially i’ll be paying for the space I don’t use for years.
Sharing my response to a similar question we ran into on reddit[1].

> Our pricing is structured such that the 1TB plan costs only 3x the 100GB plan. This model works under the assumption that the average utilization of a 1TB plan (across all customers) will be close to 30%.

> So if we bring in an intermediary plan (say 500GB), we would have increase the pricing of the 1TB plan (since at least 50% will now be utilized), and also set the price of the 500GB plan to around 2-2.5x of the 100GB plan.

> This seemed like a lose-lose situation for everyone with growing storage needs.

> Since Apple and Google don't support per GB billing yet (which IMO would have been the fairest way to go), we had to pick buckets, and the current ones seemed like the fairest possible.

--

I hope this makes sense. Please let me know if we can do better.

[1]: https://www.reddit.com/r/enteio/comments/p4m0ee/more_price_t...

This looks very good and the pricing plans are reasonable. However I want something locally hosted. I will pay to buy the software and run it on my own equipment. I really don't want to keep paying a subscription perpetually in order to store my photos.
Thanks! ente is currently not directed at an audience that has the knowledge to set up and maintain a reliable storage infrastructure. We had started off on the self-hosting route and then realized the difficulties in scaling such a product in the consumer space. So we have for now decided to direct our limited bandwidth into making the product accessible. Sorry about that.
No worries, I understand. Congrats on the launch and good luck!
Looks great - congratulations! Could you please add if / how you store a hash of the user password of authentication - it‘s not discussed on the architecture page. Thank you.
We don't store your password's hash. Since we use authenticated encryption, clients can identify when the decryption of your masterKey fails because you used a key generated from a wrong password.
Ok, that‘s cool! But the client get‘s to download the encrypted master key without authentication, right? Doesn’t that enable easy offline attacks or is the decryption too time-consuming?
No, the client has to first verify their email address and 2FA (if configured) to receive the encrypted keys. In addition to this the decryption is time-consuming.
Congrats! Love the product. I can see myself switching to ente very soon.
Your homepage says "protect your photos/faces etc. from algorithms"

The algorithms are what makes Google Photos; Google Photos. If I wanted to just store my photos I'd throw them in a S3 bucket or Dropbox or something.

Google Photos lets me automatically categorise my photos by person, lets me search my library using text search for anything (e.g. I can search 'museum' and see pictures I've taken in museums). That is where the real value of Google Photos comes into play.

> But we are far from where we want to be in terms of features (object and face detection, location clustering, image filters, ...) and user experience. We are hoping to use this post as an opportunity to collect feedback from fellow hackers.

So you're going to implement algorithms then?

You're willing to pay the price of those algorithms and the Google ecosystem. Others are not.

I'm excited to review this project. Thanks to the creators.

This has come at a perfect moment ... as, this weekend, I'm literally downloading my entire Google photos archive (one year at a time) to my local harddrive and figuring out a way forward.

I'm done with Google after a 'straw breaking the camels back' moment with their payment system.

Why not use Takeout to download all at once?
On top of this, good algorithms should be run if it is possible to do it in a privacy friendly way.
Those "algorithms" can run locally, on a NAS or a desktop, generate the metadata and make it available to you only on your mobile.

I can see myself paying for such software if it was mature enough.

Synology Photos is one such solution already for example.
I have Synology, actually. Is Synology Photos trustable?
The software with these features is called Synology Moments. I use it and I mostly love it, at the very least as a backup for my Google Photos.

My experience is that it works great, provided that you're on your local network. When away from home or traveling, less so. Maybe I could configure things better to alleviate that, I don't know, but I haven't managed to yet.

Sharing is less convenient. Trying to share a photo on-platform is a terrible experience for the receiver with multiple slow redirects, so much so that generally if you're on mobile it's easier/better to just download the photo to your device and share the photo directly. The Moments android app has a flow for doing this, which is nice. It also makes a certain amount of sense: the alternative would be others connecting to your NAS online, which is always going to be less nice than just connecting to Google photos.

The search capabilities are pretty decent. It can recognize people and tag them appropriately. It can recognize some things. In some ways, I prefer searching it over searching Google Photos. But again, only if you're on your local network with your NAS.

--

Edit: see aborsy's response to me below. Looks like I'm a version behind. Maybe on-platform photo sharing is better now, I'll update the software and check it out

In DSM 7, it’s called Synology Photos!
Thanks for the heads up! Looks like I have an update to install :)
For at-home NAS, is Synology the best for recreating Google services?
It's the best I've found so far. They have a number of apps (docs, drive, moments, etc), and I wouldn't say they are as good as Google right now, but they are quite workable.
In Love my synology. The differentiator between NAS devices is not the hardware but the software.
i have one myself and i would say its the best out of all the alternative nas's out there. you pay a bit extra but its worth it considering how easy it is to setup. i also paid a bit more extra for the plus model so i could run docker which in turns gives you a huge selection of other apps over the built in apps or the synocommunity apps

https://github.com/awesome-selfhosted/awesome-selfhosted

I've had Synology for years and I have used their Photos and Momemts app.

It's pretty dang hard to recreate a Google service.It's great for backup and have control over the photos - but dang it's slow....if I need something real quick, I usually go to google photos...even when I'm home. Maybe I need to upgrade to a NAS w/ faster processor, I don't know.

I've turned off the Google Photos facial recognition stuff because of privacy, but dang I miss the convenience. Moments has their own but it's not a good.

Google photos I can easily search for a city or text or an object and it pops up quickly.

> Those "algorithms" can run locally

But I don't want my GPU burning away running them when they could run much more efficiently and out of mind in the cloud.

Then you aren't the target audience?
> So you're going to implement algorithms then?

Yes, we will implement the algorithms, purely on the client side, such that we don't hold indexes to your personal data.

But I understand how that piece of text could have thrown you off, I'll think of ways to rephrase it. Thanks for pointing it out.

You can run algorithms locally and still violate privacy by uploading private facts derived from the data with algorithms. Saying you won’t hold “indexes” doesn’t begin to cover it.
Well, it does begin to cover it. Do you have to be so strident?
What do you think is meant by indexes?
Actually I'm really curious how you do this. If the photos aren't stored client side, then how do you search? Do you have a thumbnail of every photo client side? Is that enough? I mean ImageNet scores are still pretty low for small/fast neural nets. And ImageNet isn't even representative of real world photos. So obviously to be successful you're going to have to continue training. So how do you do this in a privacy preserving way? Even federated learning can have some issues because images can be reconstructed from gradients.
> Do you have a thumbnail of every photo client side

In the happy path the files/thumbnails are indexed before they are uploaded. But we are designing a framework that will pull files/thumbnails for indexing if they are unindexed or indexed by older models.

> how do you do this in a privacy preserving way

Our accuracy will not match that offered by services who index your data on their servers. But there's a trade off between user experience and privacy here, and we are hopeful that ente will be a viable option for an audience who is willing to sacrifice a bit of one for a lot of the other.

As someone who has worked on systems like these let me translate:

“You stuff will be private but in return accuracy will be so bad that the UX is gonna suck!”

That’s the key piece people miss when they wanna do anything with ML…that’s it’s a different problem compared to writing code because it’s not about the code anymore, it’s about having great training data!

Apple Photos seems to be using just Core ML[1] for on-device recognition and it does a pretty good job. As for Android, we plan to use tflite, but the accuracy is yet to be measured. And if customers do install our desktop app, we will be able to improve the indexes by re-indexing data with the extra bit of compute available.

We don't feel that the entire UX of a photo storage app will "suck" because of a reduced accuracy in search results, and we think that for some of us the reduced accuracy might not be a deal breaker.

[1]: https://developer.apple.com/documentation/coreml

(comment deleted)
Up until recently I’ve used Apple Photos happily since it provided a good combination of convenience plus the privacy of on-device recognition. You have a compelling product if you can convince customers you are as reliable and more trustworthy than Apple. You do face the disadvantage of not being the default option for iOS/macOS but that should be balanced by being available cross-platform in Android, Linux, Windows.
Core ML and TFlite are just tools for running ML models. Generating the models is the hard part, and that is what encryption will make more difficult.
We will resort to models that are available in the public domain.
As someone else who works on systems like these, I agree training data is the whole problem. However you can use some techniques like homomorphic encryption and gradient pooling to collect training data from client code while remaining end-to-end encryption. It's hard, but it's not impossible.
Really? Have we had a revolution in homomorphic encryption such that it can be used for anything other than 1-million-times-slower proofs-of-concept?

I know IBM has released something lately, but given the source..

Does anyone use HE for the type of ML application you are describing?

To be honest, that wasn't a concern with my question. I think most people on HN understand this aspect. My question was more about how you improve your models when you don't have the same feedback mechanisms as non-privacy preserving apps. Google can look at your photos and see what photos fail and collect the biased statistics. In a privacy preserving version you won't be able to do this. Sure, you can on an internal dataset, but then there are lots of questions about that dataset's bias and if it is representative of the real world. I mean how many people think ImageNet is representative of real world images? A surprising number.
So I guess there is more to the question that I'm asking.

> Our accuracy will not match that offered by services who index your data on their servers. But there's a trade off between user experience and privacy here,

I think most people here understand that[0]. We are on Hacker News after all and not Reddit or a more general public place. The concern isn't that you are worse. The concern is that your product has to advance and get better over time. That mechanism is unclear and potentially concerning. The answer to this is the answer to how you ensure continued privacy.

You talk about the "push files/thumbnails for indexing" and this is what is most concerning to me and at the heart of my original question. How are you collecting those photos for _your_ training set? Obviously this isn't just ImageNet (dear god I hope not). Are you creating your own JFT-300M? Where are those photos being sourced from? What's the bias in that dataset? Obviously there are questions about the model too (CNNs and Transformers have different types of biases and see images differently). But that's a bigger question of training methods and that gets complicated and nuanced fast. Obviously we know there is going to be some distillation going on.

There's a lot of concerns here and questions that won't really get asked of people that aren't pushing privacy based apps. But the biggest question is how you get feedback into your model and improve it. Non-privacy preserving apps are easier in this respect because you know what (real world) examples you're failing on. But privacy preserving methods don't have this feedback mechanism. We know homomorphic encryption isn't there yet and we know there are concerns with federated learning (images can be recreated from gradients). So the question is: how are you going to improve your model in a privacy preserving method?

[0] I think people also understand that on device NNs are going to be worse than server side NNs since there's a huge difference in the number of parameters and throughput between these and phone hardware can only do so much.

> how are you going to improve your model in a privacy preserving method

We will not improve our models with the help of user-data and will resort to only pre-trained models that are available in the public domain.

This is one of your best replies in the whole thread.

Yes to this. Prove it as well.

Why is it such a great reply? They didn't really answer my question.
I liked the clarity of response. Public models, not user data seems a clear answer to your question?
Not really. In fact it might suggest something I'm specifically more worried about. Datasets that we use in research aren't really appropriate in production. They have a lot of biases that we don't exactly care about in research but you do in production that can also get you into a lot of political and cultural trouble. So really if they are going to just use public datasets and not create their own then I expect a substantially low performance, potential trouble ahead, and I'm concerned about who is running their machine learning operations.
Appreciate the detail here. Given your relevant experience sounds like something that the devs need to address.
Being in the ML community I have a lot of criticisms of it. There are far too many people, especially in production, that think "just throw a deep neural net at it and it'll work." There is far more to it than that. We see a lot of it[0]

[0] https://news.ycombinator.com/item?id=28252634

Wow fascinating. What do you ideally want to see in terms of datasets enabled by user data?

Having vendors vacuum up my data is sub-optimal from a privacy/ownership standpoint. I'm curious how to enable models without giving away my data. Open source models owned by society? Numerai style training (that I don't understand) https://numer.ai/ ?

Datasets are actually pretty hard to create. You can see several papers specifically studying ImageNet[0] including some on fairness and how labels matter. There's also Google's famous private JFT-300M dataset[1]. JFT was specifically made with heavy tails in the distribution to better help study these areas, which is specifically the problem we're interested with here and one that is not solved in ML. Even with more uniform datasets like CIFAR there are still many features that are noisy in the latent space. This is often one of the issues with doing facial recognition and why there's issues with people with darker skin. Even if you have the same number of dark skinned people as light skinned you may be ignoring the fact that cameras often do not have high dynamic ranges and so albedo and that dynamic range play a bigger role that simply "1M white people and 1M black people". There's tons of effects like this that add up quickly (this is just an easy to understand example and one that's more near the public discourse). You can think back to how Google's image search at one point showed black people if you searched gorilla. On one hand you can think "oh got a dark color humanoid" or you can think "oh no... dear god...". That's not a mistake you want to make, even if we understand why the model made it. It is also hard to find these mistakes, especially because the specifics of them aren't shared universally across cultures because this mistake has to do with historical context.

This is still an unsolved problem in ML. Not only do we have dataset biases (as discussed above) but models can also exaggerate these biases. So even if you get a perfectly distributed dataset your model can still introduce problems.

But in either case, we don't have the same concerns in research as we have in production. While there are people researching these topics most of us are still trying to just get good at dealing with large data (and tails) in the first place. Right now the popular paradigm is "throw more data at the model." There are nuances and opinions to this why this may not be the best strategy and why we should be focusing on other aspects (opinions being key here).

Either way, "using publicly available datasets" is an answer that suggests 1) they might not understand these issues and 2) the model is going to have a ton of bias because they're just using off the shelf models. I want some confidence that these people actually understand ML instead of throwing a neural net at the problem and hitting go.

> I'm curious how to enable models without giving away my data.

Our best guess right now is homomorphic encryption. But right now this is really slow and not as accurate. There's federated learning but this has issues too. Remember, we can often reconstruct images from the dataset if we have the trained model[2]. You'll see in this reference that while the reconstructions aren't perfect, they are more than satisfactory. So right now we should probably rule out federated learning.

> Open source models owned by society?

Actually models aren't the big issue. Google and Facebook have no problem sharing their models because that isn't their secret sauce. The secret sauce is the data (like Google's proprietary JFT-300M) and the training methods (though most of the training methods are public as well as few are able to actually reproduce due to not having millions of dollars in compute).

I hope this accurately answers your questions and further expands on the reasoning behind my concerns (and specifically why I don't think the responses to me are sufficient).

[0] https://image-net.org/about.php

[1] https://arxiv.org/abs/1707.02968 (personally it bugs me that this dataset is propr...

godelski, I really appreciate such a thoughtful response to my curiosity.

Looking at this while better understanding the problem, I wonder what features I really want for my own photo library. Thinking of iOS photos. Matching people together seems hard. But grouping photos by GPS location or date is trivial. So we have to get clear on what features are important for home photo libraries.

I can now see how the idea of "use public libraries = solution" falls short. It neither presents a viable solution or demonstrates rigorous understanding.

Hey, that's what HN is about. You got experts in very specific niches and we should be able to talk to each other in detail, right? That's the advantage of this place as opposed to somewhere like Reddit. Though expanding size we face similar issues.

These are good points about GPS and other metadata. I didn't really think about that when thinking about this problem, but every album I create is pretty much a combination of GPS and temporally based (though I create this with friends). But I think you're right in suggesting that there are likely _simple_ ways to group some things that aren't currently being done.

> I can now see how the idea of "use public libraries = solution" falls short. It neither presents a viable solution or demonstrates rigorous understanding.

ML is hard. But everyone sells it as easy. But then again, if it was easy why would Google and Facebook pay such a high rate for researchers? There's a lot of people in this space and so it is noisy. But I think if you have a pretty strong math background you start to be able to pick out the signal from the noise better and see that there is a lot more to the research than getting SOTA results on benchmark datasets.

Agree with the above poster. I don't care about algorithms. I want algorithms. But I want algorithms that only work for me. Screw off everyone else.

Apple used to sell this. Then they stopped.

But that will mean that for every version of the algorithms, it have to read all the photos since 15 years ago... my phone battery will die soon.

And if I need to have other kind of client... like a nas to do that... Why I need the cloud?

> phone battery will die soon

Indexing will be opt-in. You will be able to run the indexing only on your desktop client for instance.

> Why I need the cloud?

So that you don't have to manage your own storage infrastructure? But if you would like to do that, then there are self-hosted alternatives that will better serve your use case.

We need to make this stuff local again, that will be the real competitor to big corp Foo... no servers, no end-to-end, no service cost, no ads, no privacy issues, no random revokation of accounts without recourse, just one end - the users. We can have face detection etc locally if people want it... cycles, it's going to happen eventually.
we had that, but almost everyone decided they like the cloud better.
Am I the only one who never realized you can search "museum" and see your museum photos?

Now that you've mentioned it, yes, I'd like to try that. But as a counterpoint to your argument, I've never needed it, and I suspect that a lot of people may not actually be getting the same value propositions that you're getting.

On the other hand, Google Photos is Google Photos. But it's often a mistake to compete directly with an established product. New ideas tend to win by transcending the competition.

I propose that if this Show HN turns into a product, it will be because it does something people didn't realize they wanted. Maybe that's privacy. I don't know.

The search is really quite fun to play with, and very useful! I also like searching on the map and seeing where I’ve taken photos. Especially if I’m looking for one particular photo, it’s fun to zoom in from the world map
Thanks for pointing that out. I actually had the opportunity to sync my iPhone photos to Google Photos, but opted to decline. This made me reconsider; cheers.
Why would this feature , that is also apart of Photos, make you reconsider ?
As much as I like apple / iCloud / my iPhone, I do like the idea of seeing all the places on a map that I’ve traveled with my lovely wife Emily. We’re hoping to go to the Seychelles if the next three months work out at my contract gig.

I like the idea of being able to type “water” and see a bunch of water bottles mixed in with all the water-y places we’ve visited.

What sealed the deal was to see it on a map. I typed “water” into Photos just now, and it did a pretty good job. But there’s something peculiar about being able to look at a pin and say “I’ve been at that pin.”

Just a silly thing. But it costs me nothing to get it, so I want it.

Yes but I’m saying that’s a feature in Photos right now. So long as the photo has location data , you can see it on the Map in Places on the albums tab.
Thank you! I did finally figure out what you were pointing out. Apparently there is a “places” album, as you say.

For some reason, it only has 40 places, whereas I have 9,987 photos. I definitely have photos from Cancun, so I wonder if the location data somehow got stripped, possibly when I got a new iPhone around 4 months ago… though that doesn’t make much sense to me.

Anyway, I just wanted to say thanks for pointing out that the thing I wanted already exists on iOS, even if it didn’t have a pin on Cancun. I’ll check the exif data someday, perhaps, or sync to Google photos and see if it pops up.

Cheers!

There's more you can do honestly. Search and and assign people so you can find picture with just them. This also works for pets. People, pets , objects, place, etc. Hell, I searched the car I use to drift and it showed up. It's really neat.
I use it all the time - it's the killer feature of google photos. The premise is that if you come back from vacation with 300 photos, it's unlikely that you (the average non photography-nerd user) are going to sit there and tag them all. If in a few years you want to find "that photo of me you took on the beach in north carolina", with a quick search you can.

There are annoying limitations though, probably because the original team moved on and it's in maintenance stage. Using my example above, google photos has no idea what the "outer banks" are (which is where the beach photos were taken in north carolina) and returns no results. It also has trouble parsing out entities from search terms, so "north carolina beach maggie" isn't going to find pictures of Maggie on the beach in North Carolina (which you'd think they could really fix given that, well, they're google). Finally, there's no way (that I know of) to jump from search results to your full timeline; let's say that "north carolina beach" gets me a bunch of beach pictures from January 2015 (yeah, it was cold), but doesn't have _the_ picture from the trip that I know I want - there's no direct way to click to January 2015 from the results, which really sucks. (Instead you have to go back out of results and use their fiddly scroll to get there.)

It's a great idea that works in a limited way. Getting that next 30% is going to take awhile nevermind natural language queries.
Nah, a couple gigs of free storage is Google's killer feature. Photo organization is braindead simple and barely requires more than S3.
I try to use it often but it works pretty poorly and I always have to scroll through years of photos to look for what I need.

For me the killer feature of Google photos are: - Free storage of photos (hence why I'll move after I run out of free space) - Tagging faces - Sharing albums

Yeah, it's a killer feature, but I really wish they had some sort of a documented "search API".

Instead of natural language search, where I have no idea whether it understood me, I wish I could do (modifying your example):

"North Carolina" "Maggie Thomson" "Tom Morgan" -beach 2018

for all photos in NC, with Maggie and Tom, not in a beach from 2018

and even better, if it could tell me the number of results that would show up if we removed each keyword above.

I guess it's a tough problem, even for Google :(

> there's no direct way to click to January 2015 from the results, which really sucks. (Instead you have to go back out of results and use their fiddly scroll to get there.)

It's amusing how people's insights can turn myopic. Search in photos is the killer feature, and it even solves the problem that you have.

If you realize that you need to see photos from January 2015, don't try to scroll back in your photos feed. Just do a second search for "January 2015".

That's worse than click-to-this-photo-in-context though. Maybe I have 4000 photos from January 2015, so it doesn't help to search for the month.
To an extent it does. For example “Seattle night in July” shows me night pictures taken in Seattle the one July I was there a few years ago.
I use this feature occasionally, but it also seems to be pretty bad for the searches I try. For example, if I search for 'dog', I do indeed get pictures back that contain my dog. However, there are a ton of false negatives -- that is to say, the 'dog' search doesn't show me all of the photos that most definitely and very clearly have my dog in them.

And it's not just dogs. Specific people, locations (before I turned of geotagging on my photos), scenery (mountains, outdoors), etc.

Sometimes this search is nice, but it's not good enough that I can really rely on it.

To think that someone can just throw their photos in s3 assumes people are ops, devils, or devs. That’s a small slice of the population. What about everyone else?
I also mention Dropbox. I haven't used it for a while though
You're right, a few hours of work on top of S3 are needed to obviate Google Photos.
> If I wanted to just store my photos I'd throw them in a S3 bucket or Dropbox or something.

Neither of those give you any privacy unless you do the encryption yourself in which case you have to build something to access them unencrypted. Have you checked out what the service actually does?

Wouldn't a mega encripted folder make sense for the average person?
Let's say you store your photos in Dropbox but inside an encrypted folder. What would you have to do to view the photos? Unless there client you encrypt your files with has a photo viewer, you'd have to download the pictures and decrypt them to look at them. The whole thing becomes very inconvenient very quickly.
I don't want Google at all in my life, so I think this product seems very attractive. But of course it depends on the user, what they value.
I want none of those features.

I want automatic backup, easy sharing, and accessibility from all devices.

>lets me search my library using text search for anything

This is untrue, and actually one of the reasons I hope a strong competitor to Google Photos comes along soon. The search function is, for whatever reason, heavily censored and perhaps even biased in some circumstances. Worse, it is completely useless. For example, the query "fat" returns nothing, despite the fact that my gallery is filled with drawing reference photos that includes plus-sized people. "Black people" returns photos of non-black people, and (infamously, and perhaps for related reasons re: the shortcomings of Google's image recognition and tagging algorithm) "gorilla" returns 0 results. "Red shirt" returns an image of a blue decorative screen; "comic" returns anime and webpage screenshots; "woman" returns multiple photos consisting entirely of groups of men.

The situation is dire.

Think of it from Google's POV. Imagine if the tabloids found out about a situation of someone searching for 'fat' in the search bar and then it coming back with pictures of themselves or their friends - that could cause some serious controversy.
Well, this gets to the heart of one of the issues with the current approach to AI. Statistical consensus doesn't always align with a user's personal view or desires. I don't know how you solve the problem; my issue is that Google doesn't seem to know, either, but they insist that they do.
Besides search another feature of Google Photos that I would need is automatically inclusion of photos in shared albums based upon who is in them. Some examples:

I have an album shared with my parents which photos of my daughter are automatically added to.

I have an album shared with my daughter which photos of our dog is automatically added to.

I also like the collages, slideshows, movies and this day x years ago photos which Google Photos automatically creates and notifies me of.

Personally I'd find the pure storage and basic categories suitable. I dislike almost all the algorithms. Especially "memories" and shit like that.

Simple and reliable backup and reasonably speedy browsing is what I need.

For me the features that make Google photo, Google photo are:

* it's free and comes by default with an Android phone.

* it just works.

If you can make an effortless way to get online backups of my photos at a reasonable price while regaining privacy, then I'll switch in a heartbeat without a single thought about any of those ML-based moat features Google has crammed in their service.

>So you're going to implement algorithms then?

Jeesh, that's easy.

You encrypt the algorithms too.

Looks great, but based on my limited time with it:

- when registering via the Android application I got no 1Password prompt to fill in the fields; this is usually the case with other applications - there doesn't seem to be an option to back-up single photos, only whole directories; why is this?

Hey, sorry that the 1Password prompt did now pop up. We'll look into this.

Regarding the lack of option for backing up individual files, currently that option exists only on iOS since the OS provides users with an option to grant permission to a few files instead of their entire gallery.

There are two ways to work around this on Android right now:

1. Share a file from outside the app to ente.

2. Skip the folder selection, choose the file you want to backup from your device folder, and add it to an album (you will be prompted to create an album if none exist).

Is there a way to “one click” move from google photos?
Currently no. You have to manually export your data from takeout.google.com.

We are optimistic that with the Data Transfer Project[1], Google will eventually expose APIs for us to perform this migration programmatically.

[1]: https://datatransferproject.dev

Sidenote: are you aware that "Ente" is German for "duck"? :)
If I recall correctly "ente" has a pleasant meaning in Portuguese. Google Translate says it means "loved" but I feel like my paperback dictionary said something else...

Edit: I think it's similar to "being"

Since OP seems to be from Kerala it might be in Malayalam."ente" in Malayalam(Language of Kerala) means "mine".
This!

Also, I've a thing for rubber ducks.

Also, the domain was available. :)

hey, fellow keralite here.. good domain and good luck!
Re: Shared Albums

>the receiver just needs a free ente account.

I feel like there should be an even more frictionless option to make it easy for family to access photos. For example, if there were a way to just trigger a mailing list when an album is added to, that would be perfect. “Here is an update on our trip: [link]” I love that you mention you are security and privacy focused, and I see how this could conflict with that mission. Perhaps a tradeoff here could be allowing one viewing via link and future viewings require account?

> if there were a way to just trigger a mailing list when an album is added to, that would be perfect

We can do this if all of the participants are already on ente.

> allowing one viewing via link and future viewings require account

We are hoping to come up with an implementation similar to this where in a link to an album can be shared with N devices. We will persist an accessToken on the viewer's localstorage so that they can re-view the album multiple times without having to sign up.

It's funny, I see this being the first feature they kill off unfortunately when it becomes the new super easy way of sharing CSAM on shady forums.
Why does this app need to link my identifiers and contact info to my identity?

I would feel a lot more comfortable with this if it didn't collect any data of mine, and you were just storing ciphertext.

I don't want an account, and I don't want to give you my name or email.

Hey, we do need some information to get the product to work well. You can see the bits of information we collect, along with the reasoning here: https://ente.io/privacy/#account-data
> Browser type and operating system of the devices from which you have logged in to ente to ensure account security.

I can't imagine how that information could be used to stop an attack that otherwise would succeed. Is this just so that you can say "Your last login was from Safari on an iPhone" to the user to reassure them their password hasn't been stolen (or the attacker has correctly guessed the most popular browser on the most popular platform)?

If so, this seems like a string that could be generated client-side, and stored encrypted on your server, so that you never have to log this data in plaintext.

In addition to ensuring account security, we were collecting the user-agent to transform API responses depending on the client.

But your point is valid. Just the operating system and app version is enough to derive this information. We will make this change and update our privacy policy.

Thanks for bringing this up!

Collecting my data is a nonstarter for me. The point of e2e is so that the provider doesn't have useful information.

If I have to trust you with my information, you didn't need to bother with the crypto stuff.

is there a way to automatically migrate from google photos?
Yes! You can go to takeout.google.com, export your photos and drag them into https://web.ente.io. We will preserve all of the metadata Google generated.

If at all the upload flow breaks in between, just drag and drop the exported folder again, we will skip already uploaded files and resume from where we left off.

The monthly storage costs are too high. For the price of 1TB from you (15€), I can buy more than 2 TB just about anywhere else.

Commercially, Apple and Google are both 2TB for 10 CHF and Amazon gives you unlimited as part of a Prime membership. Storage providers like Backblaze and Wasabi both charge around $5/TB and that's really the table-stakes price. For the more DIY-inclined, Hetzner sells a 2TB OwnCloud instance for 9.90€/month.

I'd prefer to buy software from you than storage. It's out of the question for me to pay you per TB but I'd consider paying a flat rate for software I then host myself.

I fully agree. It's a hard sell getting people to switch from an evil but known cloud provider to an unknown cloud provider that claims to not be evil.

What we do not need is more cloud offerings that can change, vanish or lock us out at the blink of an algorithm's eye.

What we need, rather, are reliable and easy-to-use solutions that allow us to retain full control of our data (i.e. self-hosted and offline) while having feature parity with the big cloud-only solutions.

I for one am convinced that there is plenty of money to be made that way. Perhaps not as much on autopilot as with the quasi-scam that is cloud computing, but people willingly paid hundreds or thousands for software before clouds and subscriptions. People will do so again, if you bring a convincing, unique or competitive product to market.

That being said, I like, appreciate and support this project for its impetus, even though I think its distribution strategy is misguided and fad-driven (re-selling cloud space instead of selling software). It's not too late to change that...

Hey, so the project had initially started off as a self-hostable software (with an option to buy a pre-configured device). We realized soon that it's hard to monetize such a product in the consumer space to the point where it can become self-sustaining.

We don't have a problem with offering a self-hosted variant. But given our limited engineering bandwidth we had to take a call on who our target market should be, and we felt that it was more important to make privacy accessible to people like my mom and dad. Hence this direction.

I get the decision but I think it misses part of the problem: how do you convince people like your mum and dad to start paying for backups and how do you convince them to pay extra for privacy?

I suspect the way it usually happens is that somebody your parents trust (like you) tells them to sign up for a privacy-preserving backup service.

But who's going to tell them to do that? Do you have the money to pay for advertising?

Normally, I'd suspect it's the tech-savvy younger folks who'd tell them to buy something like this but with your pricing and lack of self-hosted options, I suspect you've alienated a large portion of the tech-savvy audience you need to advocate for your product.

If their service works well and is convenient to use, I’ll be recommending it by word of mouth. In the case of my parents, if I can finally consolidate and de-duplicate the photos from our 3+ Apple Photos collections by pointing the service at “library” folders from a few computers and devices, I’ll be a big fan.
> how do you convince them to pay extra for privacy?

We are hopeful that we will be able to reduce the pricing as we scale up and hit a critical mass.

> who's going to tell them to do that?

We plan to implement a referral program, similar to what Dropbox did, to incentivize existing customers to spread the word.

That said, you do bring up interesting points. To repeat, we aren't averse to the idea of maintaining a self-hosted variant. Just that due to our limited bandwidth we had to choose one direction over another. Having advocates is important and I suppose with time we will have clarity on how to best do this without stretching ourselves too thin.

I really hope the self-hosted option becomes a thing, but unfortunately "we are not averse to the idea" means especially little in the tech world these days.

That being said, really really hoping for your success! It finally fills a MUCH needed gap in 2021 consumer image viewing software.

There are many many gaps in it right now. Synology is basically the only self-hosted photo solution that grandma could use. Honestly surprised that more people aren't taking advantage of the opportunity.

For our (nascent) product went the other way and prioritised self-hosting at the expense of stretching ourselves too thin, as that's always been #1 ask from folks looking for "consumer-first" alternatives.

Time will tell if it was the right way forward, but I just went with "you can't fight gravity" and built it the way folks expect it to be (ex: supabase / posthog / gitlab).

I think that's a bit apocalyptic. Plenty of time to observe and adjust.
> We realized soon that it's hard to monetize such [self-hosted product]

Spot on. We iterated on a similar product in this space: "privacy preserving", "self-hosted", "open source" etc. But focused on local AI indexing & search of personal videos and photos [0], rather than backups.

We ultimately shelved VideoNinja because we weren't able to find a sustainable business angle:

* Non-technical people simply don't care (happy locked into Apple / Google).

* Technical people understood the proposition, but are super stingy. Case in point, see the responses in this very thread: "$10 per year max; I can buy a HDD for less!". That's one (cheap) restaurant meal per year.

So I fully understand your decision to go "cloud". Although that immediately takes your product off the table for me personally. I want nothing of mine (of value) in the cloud.

I feel there must be a way to square that circle, the market exists.

[0] https://video-ninja.com/

Just put a price on it, ffs! Make it extensible with plugins. To gain 100% trust make it open source. I am happy to pay good money of a local, non-leaking AI based tagging software for video and photos.
Very surprised no one has mentioned Synology yet. This has been done. And it's awesome!

I currently have a self-hosted google photos clone and I only paid for the hardware. Highly recommend.

Synology's Moments is ok, but it has issues. Not mobile friendly at all, can only create one shareable link per album, and others can't contribute their pictures to your album. Those are the biggest issues in my experience.
> To gain 100% trust make it open source.

I think until they've got a customer base and a proven model a happy median is to put the code in escrow and agree to give the source to paid licensees should the project be abandoned/more than x months without updates/whatever.

I'm still not satisfied, but photoprism seems to move into the right direction here. Digikam os great of you want everything on a single machine. Shot well has other advantages. None of them have a good solution to immediately and automatically import any photo taken on your phone.
Use apps like PhotoSync and it will upload automatically when photos are taken.
I’d pay for this if it could run locally. Not sure what it would take to be sustainable but solving this problem is worth at least $20/month to me.
I think too many technical people have too much of a distrust of the cloud. I, for one, am happy to offload as much as possible to the cloud (except latency-sensitive things like games) and not carry around drives and drives at home.
> I want nothing of mine (of value) in the cloud.

What's the issue with the cloud if you encrypt client-side? It's off-site backup. Isn't it too risky to have your life's work on a few drives in the same location?

And then after a year of usage it hits the news that they botched the encryption, or that they helpfully back up the encryption key in the cloud too.
While it unfortunately didn't work in the consumer market, there's a space for video recognition in the business space:

- Scene finding for directors/news channels. AP and other sources have a lot of material but you pretty much literally have to watch the entire video in order to find a good scene.

- Scene finding for the XXX crowd. Very underserved market.

- Scene finding for police/lawyers. While it may seem like the opposite of 'privacy preserving', defense attorneys are literally just swamped with video evidence in an attempt to make them give up. Similarly if you're suing a big company for something as simple as an on the job injury or harassment, and need to prove there's a pattern of harm... they'll give you everything and let you do the work of finding out that there was a pattern of bad behavior.

It's the kind of thing that'd be useful as an open source solution... or failing that having a company which is 100% neutral in operation is also good.

I'm currently using Microsoft for something like this because they're absolution massive and apart from their OpenAI division, they only care that what you process is legal.

Can I suggest adding pricing tier(s) between 100GB and 1000GB? I have between 100gb and 200gb of photos, and £14.99/month seems like a lot considering I only pay £2.49/month for google storage. I'd definitely consider paying a premium for this service, but not 6x.
Drawing a direct parallel with Google will make this difficult, since they own their storage and network infrastructure and have ways to monetize your data. But here's an explanation on why there are large gaps between plans:

- Our 1TB plan costs only 3x the 100GB plan. This model works under the assumption that the average utilization of a 1TB plan (across all customers) will be ~30%.

- If we were to bring in an intermediary plan (say 500GB), we would have to increase the pricing of the 1TB plan (since at least 50% will now be utilized), and also set the price of the 500GB plan to at least 2x of the 100GB plan. Both plans now appear unattractive.

- Since Apple and Google don't support per GB billing yet (which IMO would have been the fairest way to go), we had to pick buckets, and the current ones seemed like the fairest possible.

I hope this makes sense.

>If we were to bring in an intermediary plan (say 500GB), we would have to increase the pricing of the 1TB plan (since at least 50% will now be utilized), and also set the price of the 500GB plan to at least 2x of the 100GB plan

What happens if you start by pricing all tiers "honestly" (i.e. reasonably profitable even at 100% utilization)? Have you determined that the market won't bear that pricing? If so, is there any way to meet in the middle?

In general, you may be erring a little too much on the side of asking some customers to grossly overpay for their actual utilization and, in practical terms, 100GB to 1TB is just an extremely wide gap, as evidenced by your parent's comment.

So, it seems that most who tip over into the 100GB - 1TB plan will be there, overpaying, for a long time. And, obviously, most people who make it to 1TB will pass through that range. So, if you do see a higher concentration of users in that range than at 1TB (as intuituon would suggest), then you're essentially "punishing" a plurality of your customers by asking them to subsidize a smaller group's pricing.

Failing other options, it may be better to do the inverse: raise the pricing of 1TB to accomodate a "friendlier" 500GB plan.

Curious about alternatives. GB to GB, other services will always be cheaper. How do you help frame pricing What about charging per picture? Likely a non-starter, but you get where I'm going with this. iPod = 1,000 songs in your pocket.

If not you, someone will figure this out. Charging by the GB seems hard. What if instead your levels were: 1,000 photos 10,000 photos 100,000 photos

You might get people who store super high res files, but work that into the pricing.

I had thought about this a year ago when I was pitching the product to my parents who had no idea what a GB was. But I was put off by the possibility of abuse once I extended the framework to videos.
Appreciate your reply! It gets to the core of your value proposition though. Surely you could add in some limitations if needed. If it worked, maybe the biz would grow so fast you don't care about a little abuse.

Do you have any marketers to help you? Will be hard to navigate the messaging alone.

My phone photos are 2.2 MB each. 1,000 GB's is 1M MB's which equates to approximately 450,000 photos. At $18.99/TB/year, 1,000 photos would cost ~$0.42 a year.

Photos can easily be 30 MB each or more, especially from dedicated cameras. If all photos were 30 MB it would cost $5.69 per year for 1,000 photos.

Not making any point, just calculated it for myself and thought to share.

I like this line of thinking.

You know it really gets me thinking about packages rather than GB for this service. Maybe there's a "family plan" opportunity here. Do families value anti-surveillance in general, or is it simply lone actors?

Just the idea of archetypes flashed through my mind. An opportunity to sell to difference audiences. What kind of algos do individuals need, pro photographers, families?

I definitely empathise with the difficult in competing with the big cloud providers on price. Your service is inevitably going to end up more expensive. Having said that, I'd be interested to know how you're hosting the content.

When I was looking at setting up a similar service, it seemed like you Backblaze B2+Cloudflare might well be the best combination. B2 will sell you storage at $5/TB, and you can get free bandwidth out to Cloudflare's network. It's against Cloudflare's terms to use free plan for image hosting that isn't just images as part of webpages. However, one of their staff members commented on a thread that they'd likely to be willing to set up a custom plan for a business who wanted to do this. And I'd bet that Cloudflare's bandwidth would be a lot cheaper than B2's.

Pre-signed URLs generated with B2's S3 APIs are incompatible with Cloudflare at the moment. We are working around this by using a Cloudflare Worker to proxy data from B2 to the client. This is currently free if you're on the Bundled plan and Cloudflare's support has promised that when they decide to start charging, they will alert us in advance.

Interestingly, Workers Unbound charges 0.045/GB which is more than B2's 0.01/GB.

A viable long term alternative could be Wasabi that offers free egress in return for a $6/TB plan. But we're waiting to see how things pan out before executing an expensive migration.

When you say incompatible, are you talking about the cache not working or something else? How are you working around this using workers?
B2 documentation suggests that after adding a CNAME (eg. cdn.ente.io) for their bucket endpoint (eg. bucket.s3.eu-central-003.backblazeb2.com), you will be able to replace the latter with the former. This breaks with the native B2 APIs with the following error:

```

{

  "code": "not_found",

  "message": "/api/top_level_url_mapping",

  "status": 404
}

```

The last I checked was a few months ago, not sure if things have been fixed now.

With Workers, we simply fetch the remote resource from B2 and return it back to the client, acting as a thin proxy.

What about Google photos is evil? I don't get it.
Okay it's easy to downvote, but I'll elaborate instead. First of all Google is trainihg AI models on your data and also able to create shadow profiles for people including those who decide against using Google services.

They also used dark pattern on Android for years by enabling cloud sync by default for everything. So a lot of people got all their photos uploaded while they had no idea about feature.

So it's not any different from Facebook that constantly tried to collect as much data on you as possible. Do you know what is evil about facebook?

I don't really get what's evil about AI models and cloud sync.

And I don't think anything is wrong about Facebook's business model. I think most people are uninformed about it and believe that they sell personal data, but if you understand the way they make money, it's very difficult to say that there is any particular issue with it.

Ah, what you really meant was "what's evil about selling my data?" which is a much larger question. And it sounds like you already have your answer.
They actually don't "sell".
They take your data and turn it into something that has value to them. With actual selling, that something is money. In this case it could be something else, but saying it that way will not help the general discourse of this problem at all. Much like being pedantic over terminology.
The other day I sent out a link made with Google Photos' "create link" function. That's not a share to another user, just a link that anyone can open, no Google account required. But one person showed me that hitting that link on her phone, Google wanted to authenticate her before showing the picture.

That is utterly unacceptable.

Genuinely curious - could you elaborate on why that is so unacceptable? What does requiring authentication imply, or lead to in the future?
Prevents sharing with friends who don't have a Google account. It breaks what could be a general purpose sharing mechanism.
This sounds like mild inconvenience.

What's evil about that?

Mild inconveniences can become problematic at scale. One person taking a crap in a lake is typically not a big deal. 1,000,000 people doing the same is a serious health risk. Scale matters.
Yeah, if you are client-side encrypted, where you choose to host doesn't really matter because even with a warrant there is nothing you could do to recover data, so why not go for something like Wasabi?
I can pay for a terabyte of Amazon Glacier for $50/year. Amazon Deep Glacier is $12 per month.

$300/year for 2TB isn't happening. I can buy a 12TB HDD for less, if I shop around.

I'd like a service like this to keep small, well-compressed 1080p or 4k photos available for instant access, and original files in archival storage of some kind.

I'm totally glad to pay the $10/year for the baseline service, and another $12 for deep glacier costs. I'm not glad to pay thousands of dollars for a service like this over the lifetime of my photos. I'm not quite sure where the line between that is.

I'll also mention: open-source, data export, and the option of self-hosting is helpful. I don't want to spin up an EC2 instance for this when I can buy $12, but if you go out-of-business, I'd like to have the option. Could also be an option you only guarantee if the service is discontinued or has substantially different costs/terms.

> I can pay for a terabyte of Amazon Glacier for $50/year. Amazon Deep Glacier is $12 per month.

You can pay even less to store that data in /dev/null. To make a more realistic comparison you should also include data retrieval & data transfer costs. Reading a terabyte from those services costs around $100.

I can think of close to zero times when I would need my full photo collection, in full resolution, all at once. In most cases, for showing photos, even 1080p highly-compressed is fine. In rare cases, I want to edit an old photo, and I want the original RAW file in full color depth and resolution.
With Amazon and Google you’re paying half in monthly fees and half with your mineable data. This service seems geared towards people who don’t want that.

Rolling your own on top of a cloud storage provider is great too but for an incremental $100-$200/year some people would pay for something that “just works”.

I’ve been using ente for a while now. The user experience has potential for improvement but overall I’ve found it worth the tradeoff. The client app itself is super clean and it feels great to not be thinking about giving more of my money and data to google or amazon or fb. Take my money!
Ouch! This is costly. I'm still shopping for a Backup or a parallel solution to Apple Photos.

At $14.99 /mo for a 1TB storage or even the discounted Indian pricing of ₹999 /mo; I would put it at a high price point for a Photo Service/Tool.

Just a thought. I'd priced it similar to Google Photos but sell the encrypted/privacy part as a prominent feature.

Love the idea, sounds like a lot of hard work has gone into it already. I have been looking for this kind of thing to replace Google Photos. I checked out the website and couldn't find enough about the app's usability. So, I downloaded the (android) app hoping for some kind of demo or further insight into the UX but it's asking me to sign up or login. I guess I'll sign up anyway because I'm curious, but I'd have preferred a demo of the app first, especially since I really love the UX of Google Photos which is one of the main reasons prolonging my desire to replace it
Hey, we know that we should have a demo video of sorts so that you don't have to sign up to experience the product. It's due to a lack of resources that we don't have one yet. But we will prioritize this. Sorry for the trouble, I hope it's worth it.
From what I have seen, I like Photoprism [1] better. Yes, they are a different kind of product, but feature wise they should be considered a competitor.

Yes, ente.io is easier to setup, but there are many things lacking or unpolished (e.g. the image sizes that are being loaded while going through the fotos fullscreen in the browser).

[1] https://photoprism.app

I just set up PhotoPrism myself this week! With it being completely self-hosted, this isn't something I'd be comfortable asking someone non-technical to do.

I like that it is self hosted, it also uses TensorFlow to classify images so you can perform keyword searches e.g "museum". It doesnt appear to be as good as Google Photos though, e.g in GP you can search "vaccination card" and it does what you expect which is very impressive.

Face detection is currently under heavy development also, which is very exciting: https://github.com/photoprism/photoprism/issues/22

There are certainly things that are missing, but I'm okay with the tradeoffs for now in the hope that it will eventually improve.

That service doesn't look like it's encrypted and not really equal then.
So far, there isn't even a service. It is only software, which you can use to self-host your pictures, which can serve the same purpose. Both are certainly GP alternatives.

Equal: no. Comparable: sure.

"We built a defacto repository of CSAM"

Cloud services have entire departments of people constantly combatting this stuff for a reason. It's the single hardest part about providing an image service.