Exploring Ente's Architecture and Features

This talk explores the architecture of Ente Photos, the end-to-end encrypted self-hostable photos application, an alternative to proprietary, privacy-invasive and locked-in solutions such as Google Photos and Apple Photos.

What sets Ente's flagship product apart from other free and open-source photos applications such as Immich is its zero-knowledge architecture (for photos, videos and stream data), focus on redundancy, S3-compatible storage and generic backend which can be used for development of further products (one such being Ente Auth)

Architecture

Client-side encryption

1. The beauty of Ente Photos lies in the fact the encryption process happens on the client side in such a manner that the encryption keys does not leave the device in an unencrypted format not retrievable without knowing the password or recovery key.

2. This extends to its files, as a part of collection, allowing encryption at file level for enhanced safety

3. High performance is achieved by usage of stream based ciphers such as XChaCha20 and XSalsa for prevention of nonce reusage without requiring specialized hardware as is the case with AES-256

   This talk goes through the proof of zero-knowledge implementation for ensuring privacy.

Storage and redundancy

• Ente Photos leverages multiple backups by using 3 storage locations: 2 hot storage and 1 cold storage hosted in EU for its flagship instance to ensure compliance and redundancy.

• It is capable of leveraging S3-compatible object storage software such as MinIO and supports Backblaze, Scaleway and Wasabi, which helps in reducing reliance on AWS S3.

• Museum is used for pre-signing URLs for validation during processing of the object in the object store allowing direct upload with encryption.

Client-side ML for AI Search

• To combat lack of performance with homomorphic encryption that can be done to perform indexing using AI to enable search based on the photo's content, including people, Ente Photos has resorted to usage of performing ML on client's device (Edge AI).

• Its successful implementation due to efficiency makes it a highly valuable product and contender to other proprietary alternatives.

Recent developments

The talk also covers the recent developments in Ente Photos such as end-to-encrypted video streaming in brief and touches on modularity of Museum, allowing development of future products based on the monolithic server

1. Understanding the zero-knowledge architecture of Ente Photos and generic architecture of Museum

2. Importance of end-to-encryption for preservation of privacy and improving its security

3. Realizing the necessity for redundancy and cold storage for disaster recovery and business continuity

4. Usage of client side ML to preserve privacy without sacrificing utility, something that is generally not done in an optimal manner or done using cloud computing my major service providers

5. Future of development of privacy-oriented products based on Ente's Museum