Tickets

Loading…

Sasank Chilamkurthy

Sasank Chilamkurthy

@chsasank Reviewer

Karthik Balakrishnan

Karthik Balakrishnan

@karthikb351 Reviewer

mangesh

mangesh

@mngsh Presenter

Review of Ente - an Open Source, E2EE, self-hosted alternative to Google Photos

Submitted Jan 30, 2025

Review format & notes

Ente’s review was unique in that the feedback focused on what Mangesh has built on top of Ente, as well as Ente’s technology and design, rather than the typical talk feedback.

🖍️ In case you missed it, here is the mindmap Mangesh shared.

Sasank Chilamkurty, founder of JOHNAIC, provided feedback on both Ente and Mangesh’s presentation. Sasank, with a strong focus on self-hosting and security practices, offers valuable insights, which should be considered in that context. His feedback is available in both the video and the feedback summary.


Review date and time - 28 January 2025, 6 PM - 7 PM
Presenter - Mangesh (Student & Engineer at Ente)
Reviewers - Sasank Chilamkurthy, Karthik Balakrishnan


Summary of Mangesh Mane’s Presentation

Introduction

  • Mangesh introduced Museum, a Golang-based server that serves as the backbone of the Ente web and mobile apps.
  • What makes Ente different from other open-source image providers is its end-to-end encryption (E2EE) using Libsodium, ensuring user data remains encrypted from the moment it leaves the device.
  • Ente underwent a security audit by Cure53, led by Dr. Nadim Kobeissi.
  • Detailed architecture documentation is available at ente.io/architecture.

Encryption model

  • A strong master key is generated on the user’s device and it never leaves the device unencrypted.
  • A keyEncryptionKey is created at the base level which encrypted your masterKey. Then a particular file is encrypted as fileKey, which is then encrypted with the collectionKey of the Collection (Album/Folder), The collectionkey is then encrypted with the masterKey.
  • Since Ente is open-source, developers can build on top of it, e.g., creating an E2EE chat application using Museum as the core program if they’re properly familiar with programming and building complex apps.

Open Source transition

  • Initially, Ente was a consumer-focused product, but in March 2024, they open-sourced its main server (previously, only the web and mobile clients were open source).
  • This move was aimed at building a community-focused ecosystem and enabling self-hosting.

Motivation behind Ente

  • Ente was born out of the frustration of Vishnu’s concerns about big tech surveillance on personal photos.
  • To demonstrate how Google Vision API extracts metadata from images (e.g., income range, religion, emotions, clothing details), the team built a web app experiment —a marketing stunt to raise awareness about data privacy.

Challenges in self-hosting Ente

  • Unlike other self-hosted platforms, Ente doesn’t yet have a single Docker file due to its separated architecture.
  • The team is working on a single Docker image to simplify deployment.
  • Common issues in self-hosting:
    • Misconfiguration of reverse proxies and S3 buckets.
    • Lack of clear documentation for engineers.
    • Complex architecture due to multiple web apps (e.g., Photos, Authenticator, Family Accounts).
  • Ente shifted to a monorepo structure, integrating all components (server, mobile, Flutter, and web apps) into a single repository.

Technical considerations

Storage and reliability

  • Uses Amazon S3 protocol with three backups (hot storage, cold storage, and Glacier Storage being in Paris).
  • Bypasses Cloudflare’s 100MB proxy limit by directly sending encrypted data from client to S3.

Reasons why Encryption is important even if you’re the Server Admin

  • Even server admins cannot access user photos due to full encryption.
  • Misconfigurations (e.g., open ports) can still lead to data loss risks.

Future roadmap

  • Improvements in documentation for better community adoption.
  • Development of a dashboard for server admins to manage user storage limits.
  • Release of a single Docker image for easier self-hosting sooner.

Conclusion

  • Ente aims to bridge the gap between self-hosting and consumer ease-of-use.
  • Self-hosting adoption is still low, but the team is committed to simplifying deployment and improving community support.
  • Open for questions and feedback on making Ente more accessible.

Sasank’s feedback

1. Docker Compose considerations

  • When evaluating a self-hosted solution, the first thing to check is the Docker Compose configuration.
  • The complexity of the Dockerfile is not a concern; Docker Compose matters more.
  • Requested access to the GitHub repository for easier review.

2. Security concerns

  • Port 5432 (PostgreSQL) is exposed with a default password (PG_PASS), which is a serious security risk.
  • Exposing this port means anyone knowing the password could access the database, leading to major security vulnerabilities.
  • Recommended removing the exposed PostgreSQL port and enforcing better password management in the documentation.

3. Documentation improvements

  • Users should be instructed to regenerate passwords for MinIO and PostgreSQL during deployment.
  • The deployment steps should explicitly mention security best practices.

4. Network & architecture Issues

  • Too many ports are open, which is unnecessary and complicates security.
  • Suggested using a proxy server (Nginx or Caddy) to expose only a single port (80/443).
  • Multiple open ports lead to CORS issues, making deployment harder for users.
  • The architecture follows microservices principles, but certain elements are shoehorned, making it harder to manage.

5. Suggested improvements

  • Instead of exposing multiple services directly, containerized apps should communicate via Docker’s internal network.
  • A single Docker Compose file should be created for easier deployment.
  • Implement a structured approach to container networking rather than exposing unnecessary ports.

6. General observations

  • The current approach makes self-hosting unnecessarily difficult.
  • The suggested changes would significantly improve security, ease of deployment, and maintainability.
  • These fixes would take only half a day of development work but would greatly improve the experience for self-hosting users.

Karthik’s feedback

Karthik is an open-source enthusiast with experience in self-hosting and home lab setups. He has nine years of experience in product and technology. Karthik previously worked at Hasgeek and has insights into how to curate conference presentations.

Presentation Feedback

  • The mind map was a useful tool for the talk but should not replace a proper structured presentation.
  • The talk was clear and easy to follow.
  • Suggested defining a clear agenda at the beginning to clarify the primary focus of the talk.

Self-hosting challenges & documentation

  • Recommended showing real-world issues that users face when setting up the project.
  • Suggested including screenshots from GitHub issues to highlight common pain points.
  • Highlighted the importance of understanding the target users — many are:
    • College students or newcomers to programming.
    • Users relying on Docker Compose for deployment.

Learning from other open-source projects

  • Encouraged looking at successful open-source projects for best practices.
  • Example projects include TrueNAS or Frappe, which have structured self-hosting guides.
  • Suggested referencing documentation strategies from similar large-scale home lab projects.

General Observations

  • Appreciated the effort in building an open-source project from India.
  • Compared it to Frappe, highlighting the uniqueness of a consumer-focused open-source product.
  • Overall, the talk was well-structured and effective, with minor improvements suggested in presentation clarity and real-world issue demonstration.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hybrid access (members only)

Hosted by

We care about site reliability, cloud costs, security and data privacy