My son was just born, and while a few photos will go on the likes of Facebook and Instagram, overall my partner and I are wanting to keep our shared photos private from the EULA abuses that we all know and hate.
Does anyone here have any good suggestions? I would create my own front end, but I can’t swing hosting or a static IP to do it from my local box. Are there any companies out there who aren’t total shit bags who claim immediate irrevocable license to all of my photos to do with whatever the fuck they please?
Immich if you selfhost
This is the way, immich is insanely fast and performant
Does it support SSO with OIDC?
Yes, have it running right now!
Nice. I’ve heard good things about it previously and it seems like it’ll check all my boxes. I’ve just been trying to figure out what to do for monthly backups to the cloud. I don’t wanna risk losing all my extended family’s photos in a hurricane or house fire.
I think this is very close to what you are looking for. Recently they have open sourced all their server side code also. Means currently they are completely open source.
Seems too expensive. Most people that owned a phone with a camera for the last few years would easily be in the $200/yr plan. I know I am.
That’s the cost of Amazon and Walmart subscriptions combined just to get one benefit of Amazon subscription.
I realize people here tend to shit on Amazon, but they never leaked anyone’s photos so unless you share them yourself, they are perfectly safe in AWS cloud with unlimited storage.
Proton offers a cloud photo storage similar to Googles but its all E2EE. A bit clunky compared to google but much more privacy friendly.
Mega is e2ee and much cheaper
Mega doesn’t come with VPN, encrypted email and PW manager with integrated simplemail that ties in to your proton mail.
Different levels of service of course costs different amounts. If you don’t want or need any of the other things, then yeah Mega could be the best option for you.
Does come with vpn though https://mega.io/vpn
Pw manager bitwarden works great.
Proton mail is great but doesn’t really come with much usable cloud storage
Ah fair enough, didn’t know they also had a VPN service.
Does bitwarden integrate with something like simplemail to create unique addresses on the fly for accounts you create? That’s the feature I like the most about protons PW manager. I can easily just create a new mail address for an account somewhere that automatically forwards to my proton mail, but I can also answer with that unique mail from my proton mail.
I don’t use my mail for storage, and santiize content often, so I only need a few mb.
The 500gb on the drive is more than enough for my photo backup. There’s almost 10 years worth of photos on mine and I still have plenty space left.
Does bitwarden integrate with something like simplemail to create unique addresses on the fly for accounts you create?
I have bitwarden self-hosted, so I have no idea if they offer that with their cloud service (maybe look into the paid option, I think it’s just around 10 dollars a year), but the self-hosted does not have that option.
Bitwarden has email alias integration on free accounts
Wonder if it’s worth upgrading a proton mail subscription for cloud storage or having a separate mega is better, I already get 50gb on free tier
Proton
What is this photo storage thing? All I can find is proton drive.
Its part of proton drive. Drive has a section for photos.
it’s small though.
Haven’t tried it myself but https://ente.io/ seems to be pretty decent
Been a customer for half a year here now and it is such a good service! Easily worth the cost. Highly recommend checking out there website to go through their feature set, their level of transparency is beyond good 🙌
I self-host Photoprism, and use it to share albums privately with people.
The flow goes:
- I take pictures with my phone
- Those get synced via Syncthing to my photos folder.
- Photoprism is set up via docker, with my photos folder added.
This has potential in many ways. I will have to set it up and see how it feels.
Syncthing
It can become really messy if one family member deletes a picture by accident and everyone complains. I’d use Syncthing for machines I personally manage.
You can control which devices can make and propagate changes to shared folders.
Maybe don’t share online?
We have a printing center in my area that prints high quality full color photos for 75 cents a page.
Photo development booths, printing centres and later phone repair shops (before phones regularly got encrypted) used to be the number one avenue for getting photos leaked.
As true as that is, we’re talking about photos of a newborn infant. Like for real, who would intentionally leak photos of a newborn?
Oh yeah, that’s right, artificial intelligence!
Don’t feed the online machine, take the photos into a print shop via USB flash drive, and I’m pretty sure anyone with a soul will have respect for family privacy.
Not so with online cloud services though ☹️
Best guess would be a privacy focused chat app like Signal or Matrix.
Otherwise you may want to look at crypto bases file storage ala Filecoin or potentially even Pixelfed
To send them directly to someone perhaps but it looks like OP wants to store them
Seafile?
This could be a good option. I will have to look into it. I know some of our family is not the most savvy (lucky to be able to use FB) so I may have to look into building a front end on top of it for them, but this is a solid start.
Good luck mate…
Google Photos works well except it is exactly what you don’t want.
I use DokuWiki for this type of thing. With a few add-ons it is nicely configurable (galleries, discussions etc), could be run from any webspace, and doesn’t need a database. You can have ACLs that make sure that only registered users get access. But it is a bit of a DIY solution, and takes a bit of work to set up.
I’m not above getting my hands dirty and this sounds like it could have promise. Thank you.
If you and your partner both have iphones then iCloud should be sufficient for keeping the photos to yourselves if you turn on Advanced Data Protection. I think it requires you and your partner to have two yubikeys at a minimum though.
https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f
Photos encrypted at rest, only you and your partner will have access to the keys. If you want the convenience of icloud backup then the government would be able to subpoena your decryption keys from your phone backups, but it’s not going to be available for casual employee access. Automated tagging/face matching is done by your iPhone when it’s plugged in so there’s some organization. Nothing close to Google’s AI organization.
I know Apple is a shit company. But they’ve learned a thing or two after the Fappening.
Advanced Data Protection should be the minimum setting for you to consider Apple as your photo storage. Your photos will auto upload from your phones, apple has partner sharing so photo libraries will automatically be shared between you and your partner, and they recently implemented a system similar to “signal key verification”, but again limited to ADP turned on.
Otherwise you’re looking at Proton or Tresorit.
I will happily look at the alternatives. We avoid Apple like it carries the plague, mostly on my objections to their licensing policies alone. Also, I love that you linked to something about The Fappening, have a 💯 and my heartiest appreciation for you as a scholar and a gentleman.
Look into Pixelfed.
If you want to keep the metadata on the photos, well GG since it and the color profiles will all be stripped
Synology + Docker + Pixelfed is doable
Synology has QuickConnect which makes external access easy without dyndns/static ip. I haven’t used it myself.
https://kb.synology.com/en-global/DSM/tutorial/share_File_Station_files_without_DSM_accountAnother option is to create a Microsoft 365 Business tenant, with a single Business Basic license you get 1TB OneDrive storage and 1TB Sharepoint storage - their ToS says not to use customer data in AI training.
Unless you already know how to manage it this is probably as cumbersome as selfhosting though.
I have no idea about their ToS against non business licenses, so this assumes spending for a business basic license.If you aren’t behind CGNAT you can use dyndns to get around not having a static ip if you want to get into selfhosting with proper external access. I doubt you’ll have the time with a newborn though. :)
I will look at QuickConnect as that sounds potentially ideal.
I honestly don’t trust MS as far as I could throw them. The amount of ads they are forcing into the OS level is evidence enough for me to believe that they are willing to abuse customers. And if DropBox is any indication of how ToS and EULAs can change in the blink of an eye to include all files, past and present, to be used for AI training with no recourse to opt-out, then MS’s current ToS doesn’t really give any fuzzy feelings.
I will definitely have to look at dyndns as I need to find a way to provide a static endpoint to gain access to ethically sourced AI training materials for my own works and that sounds like it might work.
And yes, I do work in AI, which is why I am so focused on not allowing the megacorps to ignore even the most basic regimes of ethics or customer respect.
I would pair a Synology NAS with at least one, preferably two, usb disks to make local backups to with the built in Hyper Backup - losing the whole family picture archive hurts and usb disks are cheap. It doesn’t seem possible to make a read only QuickConnect connection so beware of that if there’s to be non techie users connecting.
Personally I use dyndns and openvpn (if I rebuilt today I would look at Wireguard instead of openvpn as a vpn solution) as I prefer not relaying my traffic through services outside my self hosting. That would require you to aid your non techie family members with the initial configuration on their end though.
I know you said you can’t do your local box, but there’s no necessity for a static IP to do that. Dynamic DNS is relatively easy to set up, I suppose provided you have a domain name you own (which you can find for very reasonable prices).
Or setup Tailscale and enable the Funnel feature for whatever service you want to expose.
This way it’s a bit more secure, since the exposed endpoint is hosted by Tailscale and routed to your device via your Tailscale (encrypted) network.
Using Funnel, no one needs to have the Tailscale client.
Dynamic DNS only works if your IP is publicly routable. My ISP (not sure about OP) puts us behind NAT, so the only way to expose services on my network is through a tunnel, like a VPN.
But many ISPs do provide a routable IP. My last ISP did, so it’s not uncommon.
And you don’t necessarily need to own an IP, services like FreeDNS let you use a subdomain from someone else, but a domain can be as little as $1/year (for TLDs like .site and .store), so it’s probably better to just get one. I have like 10 domains, and they only cost $10/year each or so. But if you just want to try out hosting something, using someone else’s isn’t a bad way to go.