webext-signed-pages
photos-desktop
webext-signed-pages | photos-desktop | |
---|---|---|
16 | 15 | |
180 | 85 | |
- | - | |
0.0 | 9.7 | |
over 1 year ago | 2 months ago | |
JavaScript | TypeScript | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webext-signed-pages
-
E2EE on the web: is the web that bad?
There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages
-
Cloudflare and CDNs - call for community opinions
EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users.
- Is there any tool to verify client-side website code you get served is the same as the open source version?
-
Truly safe?
There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used.
- A browser that verifies Javascript
-
Security experts declare all Proton apps secure after security audit
> The server can at any time start serving malicious payloads
True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different).
In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers don't natively have a nice way of pinning specific versions of a web app, but there is the clever hack of SecureBookmarks[0] (if you're prepared to sacrifice the UX), or, more realistically, you can pin the web app version using some sort of browser extension.
Examples of the latter include the Signed Pages extension[1], and Code Verify[2], which is the result of a collaboration between Meta and Cloudflare (for securing the WhatsApp Web code, currently, but should eventually support other sites like Proton's too). Of course, it would be much better if this capability was natively included in browsers themselves, but hopefully adoption of this technology will pressure browsers and standards bodies to take ownership of this.
[0] https://coins.github.io/secure-bookmark/
[1] https://github.com/tasn/webext-signed-pages
[2] https://github.com/facebookincubator/meta-code-verify
-
ProtonMail Is Inherently Insecure, Your Emails Are Likely Compromised
Something like a browser extension for this does already exist, fortunately:
https://github.com/tasn/webext-signed-pages
-
"Were you able to subpoena ProtonMail?"
In regards to untrusted webapp, yes, that is a reasonable attack vector. That said, I've heard from ProtonMail they have been considering to implement Signed Pages to help mitigate (at least some of the) issues with this attack vector.
-
Proton’s priorities
Which is why it is important to get proper E2E encryption on e-mail, where the source is open source and can be audited. And then that there are verify mechanisms to verify that the source code has not been manipulated. For web services there are signed-pages which is quite interesting.
photos-desktop
-
Other than self hosting, what is the best privacy based and secure alternative to Google Photos?
No, we don't have a CLI yet, but it's on our roadmap. You could follow the issue here: https://github.com/ente-io/photos-desktop/issues/189
-
Observations and ideas from a returning user
We have recently introduced the concept of Uncategorized photos. We will introduce this within the upload dialog as well, so that you can skip picking / creating an album. Thanks for bringing this up, I've created an issue to track this.
-
iphone strategy, advice needed
Have created a Github issue to track this: github.com/ente-io/photos-desktop/issues/172
-
[AMA] I'm Vishnu, CEO of ente.io - e2ee alternative to Google Photos -- Ask Me Anything
Your files (and their metadata) are stored end-to-end encrypted on ente. This by definition means that only you can access them. Now in addition to the documents on our architecture and reliability, we also live publish the source code to all our apps (mobile, web, desktop). Our releases are available on F-Droid as well as Github, where the apps are built straight from the source. So in the off-chance that you don't wish to blindly trust us, you can still verify that your data is end-to-end encrypted by either building the app from it's source or simpler still, grabbing the app from one of these stores. We intend to publish reproducible builds to other stores as well (they unfortunately don't make it as simple as Github or F-Droid), so that it's technically impossible for us to deviate from our claims.
-
web.ente.io load issues
In the meanwhile, we have a desktop app for Linux (RPM / DEB), that you could check out.
-
Advice for someone who is heavily dependant on Google
Windows
-
Is there any Photo cloud storage thats better than Cryptee?
Hey, we've been building ente.io as an alternative to Google / Apple Photos that provides a simple way to encrypt and back up your photos and videos. We've apps across Android, iOS, web and desktop.
-
Show HN: We built an end-to-end encrypted alternative to Google Photos
Our pricing model is such that the product can self sustain itself. Also, we have a desktop app[1] that syncs your uploaded data to a local drive, so you don't have to worry about a lock-in.
But even if we do have to sunset the service due to unforeseeable reasons, our cold storage is relatively inexpensive and we will give our customers ample time to migrate out.
Also, in such a scenario we would want to publish our entire system in an easily deployable way so that all our efforts would not be in vain.
[1]: https://github.com/ente-io/bhari-frame/releases/latest
-
Stingle is a privacy-focused, open source photo backup application
Unlike other providers, we also have a desktop app that lets you easily sync the uploaded files to a local disk drive. Mentioning this since in your particular backup strategy, this might help you replicate data from your phone to Backblaze wirelessly (phone -> ente -> hdd -> b2).
-
Implementing requested features, getting banned from PlayStore and more...
A desktop app that lets you keep a local copy of all the items you've backed up on ente
What are some alternatives?
photos-app - ➡️ Moved to https://github.com/ente-io/ente
PhotoPrism - AI-Powered Photos App for the Decentralized Web 🌈💎✨
mailvelope - Browser extension for OpenPGP encryption with Webmail
frame - System-wide Web3 for macOS, Windows and Linux
pacman-bintrans - Experimental binary transparency for pacman with sigstore and rekor
photoprism - Personal Photo Management powered by Go and Google TensorFlow
leCrypt-web-extension - leCrypt is a decentralised password manager which is cross-platform, free and secure.
AWSPics - An AWS CloudFormation stack to run a serverless password-protected photo gallery
proton-mail - React web application to manage ProtonMail
photos-web - ➡️ Moved to https://github.com/ente-io/ente