What Ente Does
Ente Photos
- E2E Encrypted Backup: All photos and videos encrypted before leaving your device
- Cross-Platform: Native apps for iOS, Android, macOS, Windows, Linux, and web
- AI Search: On-device ML for face recognition and object search (runs locally, not on server)
- Shared Albums: Share albums with family with E2E encryption maintained
- Memories: "On this day" flashbacks
- Archive & Trash: 30-day trash with recovery
- Map View: View photos by location
- Deduplication: Automatic duplicate detection
Ente Auth (2FA)
- E2E Encrypted 2FA: TOTP tokens encrypted and synced across devices
- Import: From Google Authenticator, Authy, Bitwarden, and more
- Offline Access: Works without internet once synced
- Cross-Platform: iOS, Android, macOS, Windows, Linux, web
Architecture
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Client Apps │────▶│ Ente Server │────▶│ PostgreSQL │
│ (Flutter/Web)│ │ (Go) │ │ (Metadata) │
│ E2E Encrypt │ └──────┬───────┘ └──────────────┘
│ on device │ │
└──────────────┘ ┌──────┴───────┐
│ MinIO / S3 │
│ (Encrypted │
│ Blobs) │
└──────────────┘Key: Encryption/decryption happens entirely on the client. The server only stores encrypted blobs it cannot read.
Self-Hosting
Docker Compose
services:
museum:
image: ghcr.io/ente-io/server:latest
ports:
- "8080:8080"
environment:
ENTE_DB_HOST: postgres
ENTE_DB_PORT: 5432
ENTE_DB_NAME: ente
ENTE_DB_USER: ente
ENTE_DB_PASSWORD: ente
depends_on:
- postgres
- minio
volumes:
- ./museum.yaml:/museum.yaml:ro
postgres:
image: postgres:16-alpine
environment:
POSTGRES_USER: ente
POSTGRES_PASSWORD: ente
POSTGRES_DB: ente
volumes:
- pg-data:/var/lib/postgresql/data
minio:
image: minio/minio
command: server /data --console-address ":9001"
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
volumes:
- minio-data:/data
volumes:
pg-data:
minio-data:Zero-Knowledge Encryption
Your Device Server
───────── ──────
Generate key from password
│
Encrypt photos with key
│
Upload encrypted blob ──────▶ Store encrypted blob
(cannot decrypt)
│
Download encrypted blob ◀────── Send encrypted blob
│
Decrypt with key
│
View photos- Master key derived from your password (never transmitted)
- Each file encrypted with unique key
- File keys encrypted with master key
- Server stores only ciphertext
Ente vs Alternatives
| Feature | Ente | Google Photos | iCloud | Immich |
|---|---|---|---|---|
| E2E Encrypted | Yes (zero-knowledge) | No | Advanced Data Protection | No |
| Open Source | Yes (AGPL-3.0) | No | No | Yes (AGPL) |
| Self-hosted | Yes | No | No | Yes |
| 2FA App | Built-in (Ente Auth) | No | No | No |
| On-device ML | Yes | Server-side | Server-side | Server-side |
| Cross-platform | All platforms | All platforms | Apple only | All platforms |
常见问题
Q: Ente 和 Immich 怎么选? A: 如果你最关心隐私和加密,选 Ente(端到端加密,即使服务器被入侵也看不到照片)。如果你更关心功能丰富度和 AI 搜索,选 Immich(服务端 ML 搜索更强大但需要信任服务器)。
Q: 自托管的 Ente Auth 可以替代 Google Authenticator 吗? A: 完全可以。Ente Auth 支持从 Google Authenticator 导入,提供加密云备份和多设备同步——这是 Google Authenticator 不具备的关键功能。
Q: 自托管存储费用? A: 自托管版本的存储空间取决于你的 MinIO/S3 配置。可以使用本地硬盘或任何 S3 兼容的对象存储。官方云服务从 $1.99/月 10GB 起。
来源与致谢
- GitHub: ente-io/ente — 25.9K+ ⭐ | AGPL-3.0
- 官网: ente.io