backbone-python
photos-app
backbone-python | photos-app | |
---|---|---|
3 | 120 | |
5 | 547 | |
- | - | |
2.0 | 9.9 | |
about 1 year ago | 2 months ago | |
Python | Dart | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
backbone-python
-
Encrypt. Now
It's only impractical if you actually require end users to understand and apply all of these technologies. It's a lot more tractable if they're abstracted away.
The fact is that developers very (very) rarely have to interface directly with TLS or the Signal protocol, yet billions of non-technical users implicitly use them in our browsers and via Signal or WhatsApp.
In my view, the challenge in the adoption of secure/private-by-design tech is the simplicity and usability of the interfaces and the capabilities these tools provide.
We need secure tools to compete on capability in order to garner mass usage. Without (significant) feature superiority there's little reason for users to make the switch. I'm actively trying to solve some of these problems at Backbone [0]; aiming to build a usable, secure experience for end users and a simple, robust end-to-end-encryption interface for developers.
[0] https://backbone.dev/
-
Launch HN: Idemeum (YC S21) – Passwordless access to apps and infrastructure
> Data in our cloud is end to end encrypted so your credentials are never exposed to anyone but you.
A few comments:
1. You might want to avoid calling this zero-knowledge. While your docs suggest some use of E2EE, there seems to be a significant amount of metadata that remains both unencrypted and unauthenticated.
2. Having read your white paper, it appears your E2EE setup is vulnerable to various forms of forgery. In a simple case, an attacker that has compromised your infrastructure can easily substitute the credentials of arbitrary users in a way that is NOT tamper-evident.
3. There seems to be no post-compromise security. If your user private key is compromised (e.g. extracted from the extension's local storage), there seems to be no way to reset it.
4. The recovery flow is questionable. Do you really want to store critical cryptographic material in plaintext and in a third-party cloud?
When rolling out E2EE from scratch, it's very easy to give rise to issues like #2. At Backbone[1], we've built a framework for building end-to-end encrypted applications with building blocks designed to preserve confidentiality, integrity and nonrepudiatiability under a strict threat model.
Feel free to reach out if you might like to discuss how we're solving issues the above.
[1] https://backbone.dev/
-
Backbone: End-to-end-encryption as a service
Backbone is designed to reduce the need to trust third parties — it operates under a strict threat model, providing confidentiality, integrity and nonrepudiatiability even under the assumption that Backbone itself is pwned. We’re dedicated to operating transparently, leading us to build our open-source client on top of libsodium.
photos-app
-
⟳ 4 apps added, 121 updated at f-droid.org
ente - encrypted photo storage (version 0.7.92): ente is an end-to-end encrypted photo storage app
-
Does ente support AVIF images
The format isn't natively supported on mobile, but we can transcode and render them. We have created an issue to track this: github.com/ente-io/photos-app/issues/1269
-
Android app lock screen
Hey, we've added an item to our roadmap to configure a lockscreen different from the system lockscreen: github.com/ente-io/photos-app/issues/1240
-
Support for YubiKey's ?
Hey, this is already on our radar: github.com/ente-io/photos-app/issues/1226
- Other than self hosting, what is the best privacy based and secure alternative to Google Photos?
-
Suggestion
Hey, not sure how popular this feature will be, since all your metadata is end-to-end encrypted and only accessible to you, but have added this to our roadmap anyway: github.com/ente-io/photos-app/issues/1219
-
Resync moved Media to new album when it also has been moved on the phone gallery
We don't automatically sync media movement from the device to ente, as users might have already organized their media on ente, possibly on a different device. However, we understand that this could be a valuable feature, perhaps as an album-level configuration. We've added this to our roadmap.
-
How to detect Android motion photos in Flutter
Hey, we recently added support to playback Motion Photos to our Flutter app.
-
Localizations in Flutter
We also wrote a guide to set it up. Our code is open source, so you can easily refer to the crowdin config and GitHub action config.
-
⟳ 2 apps added, 49 updated at f-droid.org
ente - encrypted photo storage (version 0.7.43): ente is an end-to-end encrypted photo storage app