For me personally Immich is a non-starter because its not end-to-end encrypted.

InsideOutSanta · 2025-12-13T07:03:53 1765609433

It runs on your own hardware. There is nobody else who has access to unencrypted data.

subscribed · 2025-12-13T10:46:55 1765622815

Storage vps are cheap. Why would I have to run it in my own house?

:)

snowe2010 · 2025-12-13T07:45:14 1765611914

Why would you need it to be end to end encrypted anyway? You’re running it. Set it to only upload photos when you’re on your home network and you’re fine. Or fork it and make a PR and make it e2e encrypted.

redrove · 2025-12-13T16:01:27 1765641687

You can’t just “fork it and make a PR and make it e2e encrypted”. All the features run serverside, e2ee is fundamentally impossible because of its design, of which you seem to know fuck all.

I’m being dismissed by I run a rather large homelab and I still want my photos iCloud like, where end devices decrypt and run ML. Immich is a Google Photos clone where you give it everything and some server does all the magic.

throwawayffffas · 2025-12-13T18:26:48 1765650408

Hm, you can just run it on an encrypted volume. And put an ngnix in front of it to handle https. There you go end to end encrypted.

snowe2010 · 2025-12-13T16:07:38 1765642058

What are you talking about. It’s literally open source. Here’s the server code https://github.com/immich-app/immich/tree/main/server You run the server. You can make the entire thing e2e encrypted if you want.

You could even set it up so that it could only backup over tailscale or wireguard through a tunneled connection so ALL of your traffic is e2e.