Back to Blog
team@tinypod.app

Self-Hosting Ente Photos: End-to-End Encrypted Photo Storage

Ente is an end-to-end encrypted photo storage platform. Your photos are encrypted before upload — not even the server admin can see them.

entephotosencryptionprivacy

Why Ente?


vs Google Photos

Google Photos scans every image with AI. Your photos train their models.


vs Immich

Immich is great but doesn't encrypt photos at rest by default. Ente encrypts everything.


End-to-End Encryption

Photos are encrypted on your device BEFORE upload. The server stores encrypted blobs. Without your key, photos are unreadable — even to a server admin.


Features


Encryption

  • Client-side encryption (AES-256)
  • Zero-knowledge architecture
  • Key derivation from your password
  • Sharable albums (with shared keys)

    • Mobile Apps

  • iOS and Android
  • Automatic background backup
  • Face recognition (runs on-device)
  • Search (by date, location, face)

    • Web App

    Browse and manage photos from any browser.


    Sharing

  • Shared albums with specific people
  • Public links with optional expiry
  • Collaborative albums

    • Organization

  • Albums
  • Timeline view
  • Location-based grouping
  • Face grouping (on-device)

    • Self-Hosting


    Ente's server component can be self-hosted:

    1. Deploy Ente server on TinyPod

    2. Configure S3-compatible storage (MinIO or B2) for encrypted photo data

    3. Install mobile and desktop apps

    4. Point apps to your server

    5. Enable automatic backup


    Resources: 1 CPU, 1 GB RAM for the server. Storage depends on library size.


    The Privacy Tradeoff


    End-to-end encryption means:

  • Server-side features (AI tagging, face detection) run on-device, not server
  • Slower search (client-side processing)
  • No web-based ML features

    • But: absolute privacy. Your photos are yours and only yours.