Welcome to version v1.109.0 of Immich. This release introduces an additional way for you to support Immich financially as well as bug fixes for various issues. Some of the highlights in this release include:

Immich license pricing is $25 per user or $99 per server for a lifetime license.

    • Lem453@lemmy.ca
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      5
      ·
      5 months ago

      Https is end to end encryption and doesn’t need to be on their road map

      Encryption at rest could be an option but seeing as how many other projects have trouble with it (nsxtcloud), its probably best to have this at the fike system level with disc encryption

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        13
        ·
        5 months ago

        Small nit: Https is transport layer encryption, not commonly considered end-to-end encryption.

        For the end-to-end encryption model to work, the data must be encrypted entirely from the sender to the recipient. In the model of immich That’s yourself.

        But you’re right, I should have been clearer, client-side encryption, encryption at rest are better terms. But I don’t want the server to ever see the unencrypted data ideally unless I am physically there requiring it to do so.

    • traches@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      5 months ago

      If Immich can’t analyze the images on the server then its feature set would be quite limited. It’s meant for self hosting anyway, you don’t trust your own hardware?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        you don’t trust your own hardware?

        no, I do not. Thats the whole reason data at rest should be encrypted.

        • traches@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          5 months ago

          So you trust your phone and its closed source OS with your photos, but your Linux server can’t see them?

          I’m having a hard time imagining what Immich could do other than file syncing in this scenario

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            My phone isn’t closed source. And no, I don’t trust it fully either, I limit the amount of trust given to any datastream to the minimum necessary to get the functionality I want.

            If you wanted a client side encrypted image service, yes syncing would be a major benefit, or you do the image tagging/scanning client side before going to the cloud, or after the fact. Just limit where the unencrypted data exists in the system.

            • traches@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              5 months ago

              Ok, that’s totally fair. Your needs are valid, but most of us just want a self-hosted google photos replacement that’s good enough our families won’t complain. Just being self hosted improves security and privacy immensely; E2EE would be an incremental improvement in this regard while having major drawbacks for usability.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                5 months ago

                oh yeah, 100%; I like the focus of immich, I like that it exists, we are all better for the option.

                I was just wishing up thread that client side encryption was in the roadmap, if for no other reason that when they make architectural decisions now they leave some room for a encrypted block pivot.

                not sure about drawbacks though; what does a cloud photo provider do? 99.9999999% of the time its just blocks at rest on disk; Sometimes it does image recognition, face recognition, and photo sharing; All 3 of these can be done in a end to end encrypted way (yes, with a few more hoops, it would add work, no doubt)