65
Are private Pixelfed photos encrypted? (lemmy.zip)
submitted 2 days ago by blueskies@lemmy.zip to c/fediverse@lemmy.world
13 comments fedilink hide all child comments

I just closed my Instagram account and was about to start uploading my photos to a private account on Pixelfed.

I was just wandering if the images I upload are stored encrypted or if everything is stored as is on the server.

I couldn't see any mention of it, so I assume an instance owner could just go through everyone's photos on the server even if they're marked as private.

I tried looking through the source code to see if I could answer the question myself, but nothing is jumping out at me.

So hopefully someone with more knowledge than me can answer this question for me, thanks!

all 14 comments
sorted by: hot top controversial new old
[-] drmoose@lemmy.world 35 points 2 days ago

No, the server owner will absolutely see your photos if they want to.

The only way to do encryption you're talking about is to defer the decryption function and keys to the front end so the backend never knows it. Meaning, you'd know it because every time you want to view the encrypted file you'd be prompted for that key (password) to continue.

[-] catloaf@lemm.ee 16 points 2 days ago

That can be done transparently, just by using a key with no password (or using your account password for the key, so that when you log in it decrypts, and keeps the session open on your device).

The bigger problem is key management. You can't allow the server to know your private key else the admin could steal it. So it has to stay on your device, and if you lose your device or accidentally delete the key, your account is gone.

[-] onlinepersona@programming.dev 9 points 2 days ago

Meaning, you’d know it because every time you want to view the encrypted file you’d be prompted for that key (password) to continue.

Not necessarily. If you had a separate password to decrypt private images, you'd just have to enter it once at login or upon viewing the first private, encrypted photo.

Anti Commercial-AI license

[-] blueskies@lemmy.zip 6 points 2 days ago

Thanks for the response, that definitely clears things up!

[-] AllNewTypeFace@leminal.space 19 points 2 days ago

No ActivityPub-based services are really private. There is no mechanism for end-to-end encryption, access-listed posts, or even true DMs. ActivityPub is intended as a microblogging-style publishing service with interaction built in, with privacy not being in the spec’s scope.

Maybe some day they’ll retrofit privacy to the protocol, but that would involve reengineering it to handle key management and end-to-end encryption, which would be a hard problem.

[-] drspod@lemmy.ml 12 points 2 days ago

I'm not sure PixelFed is the best choice for private storage of photos. It's social media more than it is cloud storage.

Would Immich fit your requirements? I don't think it encrypts either, but you can self-host it.

[-] blueskies@lemmy.zip 5 points 2 days ago* (last edited 1 day ago)

I was more looking for social media rather than a private cloud image storage, I'll probably still go ahead with using Pixelfed. I was just hoping it wouldn't be possible for the host, to take everyone's private photos and dump them online if they wanted to.

I guess Instagrams level of privacy would be similar and employees at Meta would be able to look at people's private photos too.

[-] Kichae@lemmy.ca 9 points 1 day ago

Pixelfed isn't private. Mastodon isn't private. Lemmy isn't private. All privacy is account privilege based.

The person who's paying for the hard drive gets to see what's on it.

[-] Ulrich@feddit.org 9 points 2 days ago* (last edited 1 day ago)

PixelFed is not supposed to be for storing private photos. That's what Immich/Ente are for.

[-] kat@orbi.camp 1 points 21 hours ago

and even then, only Ente does actual encryption on your photos.

[-] fxomt@lemm.ee 7 points 2 days ago

No. As drspod said Immich is good. But you may want to check out Ente too. The servers/clients are open source and its encrypted. And for a free plan i'd say its quite good.

Personally use it, no qualms here.

[-] surewhynotlem@lemmy.world 1 points 1 day ago

Didn't the Instagram admins do that too?

[-] poVoq@slrpnk.net 3 points 2 days ago

If you are looking for open-source end to end encrypted photo storage then Ente or Stingle are what you want.

this post was submitted on 28 Jan 2025
65 points (100.0% liked)

Fediverse

29438 readers
965 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world