When I was switching to GrapheneOS from iOS, I decided to self host my photos. I considered Immich, but I settled on Ente because of the encryption. Ente Photos is extremely polished and it's comparable quality to Apple photos.

It's cool they keep the server open and selfhostable instead of only open clients like many e2ee projects do.

I like how you can share an album and anyone can contribute to it without an account. Another cool feature is that you can select photos to lock when you hand your phone to somebody so they can only see the ones you selected without your device unlock.

for people wondering:

"Ente Photos is a paid service, but we offer 10GB of free storage. You can also >>clone this repository and choose to self-host<<."

So both forms...

https://github.com/ente/ente

I've been bitten too many times - is Ente a commercial product that pays lip service to self hosting as form of marketing, but with friction to guide you towards the hosted version (e.g. rocketchat and many others) or does it genuinely support self hosting as a first class product?

The latter, it works quite well

> Ente Photos is extremely polished and it's comparable quality to Apple photos.

If only. It can’t even upload photos any reliably (I self-host). I had it simply fail to upload anything for days (it doesn’t provide any diagnostics, gotta figure out how to build and debug it myself), with no apparent reason. That’s despite keeping app in the foreground, on a charger, for hours, with video uploads and ML features all disabled so it was supposed to focus on just the photos. Server side is fine, web-based uploads work without any issues, app just doesn’t. I haven’t figured it out yet.

Well I'm a complete newb, self-hosted it completely by just following instructions from GLM 4.7 (didn't log in) and it works reliably.

Did you try it with the free 10GB on their hosted servers?

I'm using Android so maybe it's different on iOS.

Ente Auth is also the best, because it works on any device, including the one you're trying to access (maybe it defeats the purpose of 2FA but sometimes I don't care).

I use and like Ente Photos a lot but I’ve never understood the appeal of their other products.

Ente Auth and Locker both seem like limited feature subsets of solutions like 1Password.

Ente auth is a really nice secure and private cloud authenticator.

It's completely free and there's no lock in, so I suppose it's for getting more people hearing the name.

Haven't tried locker but I agree it seemed rather pointless.

People say not to use your pw manager for authenticator for security, so that's something for using a separate app. Depends if your using auth for just getting through or actually want the benefits.

I guess the free-ness of auth and I think locker is included with any photos subscription so maybe that’s the appeal.

Maybe it’s bad practice but I don’t mind 2FA being in 1Password because the secret key is the second form of authentication. Nobody can login to my 1Password without the secret key or access to a logged-in device. My credentials can be compromised and it wouldn’t matter.

The secret key is not technically “something you have” but it’s close enough for me.

Ente is a cool company, all their products feel polished and I like their marketing mascots.

I got into Ente because I wanted to create photo upload links on a per-even basis - I can tell all my friends, if you take pics or video tonight, upload it at this URL - and it just works. No app necessary, very simple, very cheap. Then from there, I got the photo backup / archive service because why not.

They really are pretty much just what they appear to be. Im a fan.

For what it's worth, Immich supports this too. You can create an album (for each event), create a shared link, allow public anonymous uploads for the shared link, and then give the link to everyone at the event, and ask them to upload their photos. It can be done from any web browser.

I would love to know if there's a way to secure this though. I'm not prepared to have people constantly trying to login to my immich instance so it's only accessible via VPN

You can use something like Immich Public Proxy to only expose the /share path of your server and keep the main /api path that has everything else behind VPN