Ask Lemmy

I use immich with a public proxy as my forward facing solution.

The public proxy helps when I share photos behind a password.

I have a 3 2 1 backup policy with roughly 200tb of total storage. Then I backup in a remote location (6 timezones away) that I also own. The only time I'll lose access to my photos is if the entire world blows up.

Everything is secured using VPN tunnels. Data isn't encrypted at rest for me though, I'd rather assume the risk of someone getting my photos (physical and technical access) than having my encryption mess up. Both are equally low risk, but ones more disastrous.

On one hand, if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it), I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse.

Use symmetric encryption.

AES 256 should be safe until you die (edit: actually, it'll probably be safe for a long time after you die)

I mean, the most vulerable part is probably the device you encrypt/decrypt. If your adversary can compromise that and obtain the decryption keys, you're fucked anyways (they can just grab your files from the device at that point and skip the part of getting access to the cloud).

TLDR: Use an encryption program with AES 256 to encrypt the files, and upload to cloud, you're fine. Just don't piss off the NSA/FSB and have they come for your family photos.

[email protected]

if you absolutely don't want them online, then your 'offsite' part of 3-2-1 backup scheme is going to be something in a different city.. far enough away that the same 'disaster' wouldn't hit both there and your home. either a bank safe deposit box, or family member, or trusted friend.

if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it) ... there’s always the potential for a very near future breaches or compromises

Does this matter? Say you upload your encrypted photo backup to Mega Upload (or whatever) and some unauthorized person gets a copy of your encrypted data. So? It's encrypted? They can't read or see the data?

Are you worried about state actors breaking the encryption?

How can I effectively balance these privacy, security, and physical risks to ensure the long-term safety and integrity of the FAMILY’S PERSONAL MEMORIES?

Imho you can't and you can. Let me explain:

You need to consider the value of your data for a stranger to steal. I mean, to break encryption one would first need to want to get your specific files and then have the time and money to do that. Unless you're some kind of personality or a criminal of some sort it is unlikely they would be worth the effort.

But what if there is a back door or if encryption stops working tomorrow?

That's a good question, even more so for us Europeans seeing our representatives pushing the idea of putting back doors in encrypted message apps... What will be their next target? Requiring every EU citizen to give some central bureau a copy of passwords and encryption keys even for offline storage and hard drives at home—because, you know, think of all the children! We would be allowed to scan every single file in the country so we can spot any pervert and punish them!

I store all my files encrypted (cloud and local as well) because I worry about unauthorized access (thieves, mostly edit: and data breaches obviously). But I also know here in my country, France, I'm required by the law to give a judge my password if they ask for it. That's fine (a judge needs to ask for it, and then I would obey) and that does not render encryption useless for me... at least for now.

So,

• Encryption does work. That doesn't put anyone above the law but it still is a great protection layer we should all be using.
• If one day politicians make it illegal to use encryption, or install backdoors, or if quantum computing happens, or AI take over our computers, or if aliens arrive from Planet Zyrklump with tech that make our encryption as useful as a pair of sneakers to an oyster... Well, that day, my personal data will stop being digital. It's already one of the reasons I stopped reading ebooks. I want privacy when I read—something I instantly get when I read a printed book. Up until the day it becomes illegal to read in print, I will read in print ;)

If you don’t mind having to take an extra step to access them and probably not having the convenience of online sharing, you can encrypt your photos/videos before uploading them to online cloud storage.