Show HN: Secure encrypted vault for photos and videos (opens in new tab)

Looks like an interesting project! But I feel like you are asking your users to put a lot of confidence in you to take everything you’re saying for granted. I’m not implying bad faith here, but privacy conscious people typically like to see a bit more detail and evidence of security, rather than general claims/statements.

For example, some things I’m wondering about and would like to know before considering giving the app a try:

* how exactly are you handling encryption? How do you avoid leakage of encryption keys/pass phrases through iOS device backups or other cases where your iOS account could be compromised?

* what does “end to end encryption” mean in this case? There is no sharing feature as far as I can tell, so it’s not about e2e encrypted communications. I assume in this case e2e means continuous encryption at all times (on device and remote) except when the user actually uses the app.

* how do you handle metadata? What’s the trade-off between ease of use (quickly finding photos or scrolling through my full photo collection) and encryption/security?

* how credible is a business model of €5/year/user for something that seems to require quite a bit of work to keep secure? Even if there’s no storage/server cost because you use iCloud storage, there’s still a substantial developer cost to have feature parity with similar photo storage apps and keep up with ever-changing App Store requirements and security developments.

Hope this helps to find out what your (potential) users care about and whether you could improve communication/marketing on those points :-)

> All your data from Photo Vault is always end-to-end encrypted

Where are the keys?

If they are on your servers then this is dead in the water. If they are in a secure vault on my device then that's a different matter.

> and your media files are never shared with anyone, even with us.

Your app privacy label suggests otherwise: it says that User Content is shared with the developer.

I use PhotoSync on all my devices and all my family members' devices. I've bought it about 10 times and I'm pretty happy with how it works. There are 2 big features:

1. It syncs to my Nextcloud server which I control. No one can take it away from me.

2. It's not subscription based, so buying it for my parents, siblings, etc. is practical since I'm not saddling them with a subscription they don't want or need.

I think a PhotoSync competitor that's more opinionated (ex: Nextcloud only) with a simpler UI could do well. This Photo Vault app isn't it, at least not for me. I'm not going to pay forever (via subscription) to get less control of my data. No thanks.

I've spent hundreds of dollars buying apps for family members, but I won't spend a penny on anything subscription based. For example, I used to buy Enpass for everyone I know. Then they switched to a subscription model and have gotten $0 from me since.

Apple really needs to add SMB support to photos app. Apps like photosync run up against the 3 minute background process limitation in iOS[0].

[0]: > Another common problem may be the fact that an autotransfer is not completing. This has to do with the 3 minute background operation restriction in iOS. PhotoSync can only run - and transfer - in the background for 3 minutes. If the app is still transferring while it is in the background, it sends you a push notification 30 seconds before the background operation time runs out. If you tap on this notification, you bring PhotoSync back to the foreground and it can continue the transfer process. You can even send it to the background again to get another 3 minutes of background operation time.

Thank you for your feedback, you gave us a good idea for the next feature that we can add to our app.

Not everyone who wants to store / backup their media has the experience, time, or ambition to host their own stack. For these people some other service with a better TOS and privacy policy might be the best option they have. Even those that do have the experience might consider it not worth their time.

I liken it to Email. I have the experience to host my own email stack. But I've determined it's not worth the time investment when I can pay someone a few bucks a month to handle it.

You're viewing this app from within the HN bubble. People who use this aren't concerned about Apple's CSAM scanning (no one even knows what that is), but are probably more concerned with not having risky/risqué photos in the Photos app or on iCloud.

Apple will scan. Their App Store has this to say about this app.

Data Not Linked to You The following data may be collected but it is not linked to your identity:

- User Content - Diagnostics

Thank you for your feedback, first of all, I want to mention that our app is ranking lower and have fewer reviews because we are new on the market. Our strengths are that we use true encryption, all the photos and videos saved in our app are really encrypted with the key derivated from your password. We also focus on details, we have developed our product to maximize the best user experience. I think our mass import, is beyond any competitor on the App Store. I want to mention again we don't put a pin to your photos, we encrypt every file. You can be sure that we are focused on values and not on maximizing profit. We decide to go with a subscription model because it helps us to continue working and improving our product. It's not a project that we developed and leave there in App Store.

Ok, ignore my comment: it appears that about 5 minutes ago, all the OP's comments were marked [dead]... but they're fine now.

Thank you for your feedback. We have noted in our To-Do list to add "Mac support" and we will try to implement this feature as fast as we can.