1. 0

As I saw here that it seems closed source projects are not very welcome in the community, so we did release the source of our new project and I’m delighted to show you. It is a free and open-source app that help people store their photos secure and encrypted. Hope you like it. Github repo: https://github.com/arcaneoffice

  1. 12

    You’re also getting heavily flagged because 100% of your actions have been to promote your stuff and none to participate normally in the community.

    1. 1

      Ah, I understand and I will try to change it have more participation. Thanks.

      1. 2

        You also claim it’s open source and encrypted when it doesn’t appear to be so. EDIT: I assume this is because it’s in early stages and not finished? You’re other comment mentions it’s serverless, I see it’s using blockstack. OK, it’s unclear to me upon looking at your code where the encryption and decentralized storage happens, but maybe that’s because I’m not looking hard enough. The word “gaia” doesn’t appear anywhere in the project.

        1. 2

          OK, I’ve played around with it some. It seems that, at least in the version you have online, everything is centrally managed by Blockstack. In the console we see:

          [Log] [DEBUG] uploadToGaiaHub: uploading thumbnails/[hash] to https://hub.blockstack.org (chunk-vendors.js, line 48)

          This seems to be generated by Blockstack, not your code.

          Again, it’s not clear to me from your code where the encryption happens, but at least from a cursory glance, by default the storage provider is defined by whatever the npm blockstack package says it is, and there doesn’t seem to be a way to change it, nor is the user ever prompted to select a storage provider at the very start (as they should be allowed, before they start uploading things to Blockstack’s servers).

          EDIT: for a privacy-focused app, this line seems a bit suspicious?

          <script type="text/javascript" src="https://apis.google.com/js/api.js?onload=onApiLoad"></script>

          EDIT: Woah, and how is it possible that I can still see my photos through your website when Blockstack isn’t running?

          1. 1

            Many many thanks for looking deep ;) Let me try to explain. Blockstack is handle your connection to the blockchain that is the place containing the private key. Gaia is a simple key value storage. You can run it anywhere. It uses bitcoin address to give each user a hub to store data. We will encrypt your photos and get a hub and send them to that hub. When you use our version, it will use the default provider that is free. You can change the address though. And encryption code is in the Blockstack.js that is using bitcoin encryption.

    2. 8

      Another self-hosted alternative is Photoprism.

      1. 5

        Piwigo is another self-hosted FLOSS alternative (but has been around for several years.)

        1. 1

          Photoprism is a very complete project, thanks for sharing that. On the other hand, Arcane provides high encryption abilities and default secure hosting too + you can host it on your own.

          1. 1

            On the other other hand, 10GB of hosting for photographs is not much capacity.

            1. 1

              It is for the free plan, we can add more, contact us if you want.

            2. 1

              + you can host it on your own.

              I looked but couldn’t find anything to support this? The code seems to be for the client only? Or am I mistaken?

              1. 1

                Yes, it is client-side code. It is serverless ;) The storage chosen on sign up can be set to any Gaia storage. https://github.com/blockstack/gaia

                1. 2

                  OK, fyi I edited my other comment. The word “gaia” doesn’t appear anywhere in the project.

                  1. 1

                    It is a very very young project, but I am here and you can contact us, we will be happy to help. We love to try to improve privacy of life of people.

            3. 1

              This looks very interesting!

              Since it’s still pre-release, can I run it on my live Photos.app photo library directories without munging up that (meta)data?

              1. 1

                Thank you very much. Sorry I could not understand your question.

            4. 6

              Maybe offtopic but without JavaScript you cannot see anything except raw text message

              We’re sorry but arcaneofficewebsite doesn’t work properly without JavaScript enabled. Please enable it to continue.

              I cannot see on this page any dynamic content. Why I need Javascript to render it?

              1. 1

                It is heavily dependent on Vue.js, and it may be that as it renders the interface. Asking out of curiosity, how someone like you can browse the web without JS? I like to know more.

                1. 8

                  Asking out of curiosity, how someone like you can browse the web without JS? I like to know more.

                  We just install NoScript :-)

                  Then we assume anyone whos website doesn’t work without JS isn’t worth reading.

                  If we feel like being helpful we might let you know like we did today.

                  We enable js selectively if we need to or really want to use a site that depends on it.

                  After all why should I allow random websites that I didn’t hear about until a few minutes ago to run code on my computer? Especially when there is no good reason?

                  (I am a consultant, sometimes writes frontends/web applications. But I still think web sites should work without JS. Usually they are faster that way as well I think, despite what JS fans like to think.)

                  1. 1

                    Thank you very much. I like the argument. I am a native desktop apps personally, but there is a high need for web apps. Take this project as an example: https://blackhole.run It works completely serverless and native in the Desktop. Windows and mac through.

                  2. 4

                    I am not sure what do you mean by “someone like me”.

                    After fighting bad websites for years, I have started to use https://noscript.net/ again. Now I only enable certain scripts on sites that I value.

                    1. 1

                      Ah, I will check it out, thanks. It may help to have clean browsing. About Arcane though, has not any extra lib so it may be ok to test it. Thanks for the explanations and I meant someone like you who can browse without js.

                      1. 1

                        I prefer using uMatrix instead, which is similar to NoScript (which I’ve used for quite a while too) but allows even more control over what websites are allowed to do. Most importantly, I have set it up to block cookies by default. There’s so much tracking going on nowadays that I feel like I can’t afford to browse the web without it. It just doesn’t feel safe.

                2. 5

                  What exactly is the architecture here? How exactly does it use blockchain tools beyond a marketing line?

                  1. 3

                    I Am Not A License Lawyer but I don’t know if you can mix commercial and GPL clauses like this


                    1. 1

                      I am not either, but I saw that in some projects and we wanted to have that to know what should be done. Thanks for the note, I will look more into it.

                      1. 1

                        Dual licensing, if that is what you mean usually consists of offering:

                        • an Open Source / Free Software license, typically a somewhat restricted one like GPL or AGPL

                        • a commercial license for those who would rather pay than follow the free software license

                        Those who use it under the free software license don’t have to think about the commercial terms and those who use it under the commercial license doesn’t have to consider the free software license.

                        And no, I’m not a lawyer either .

                        PS: I’m often out if something is AGPL. I still have unanswered questions regarding it.

                        1. 1

                          Yes, it is what I mean. Did I do it wrong? Can you please give me an example you think done it right?

                    2. 2

                      Are there mobile apps for both Android and iOS? A big part of the appeal of Google Photos is the automatic upload from mobile.

                      1. 2

                        I would even argue that’s the primary feature.

                        1. 1

                          Not for now, but the site is mobile friendly. We are thinking about a way to do the syncing without hurting user privacy.

                        2. 1

                          From https://docs.blockstack.org/storage/overview.html:

                          Note: Users with existing identities cannot yet migrate their data from one hub to another.


                          Also: Missing cryptographic architecture documentation? At least link to the relevant blockstack docs.

                          So if I trust that an identity is associated with the person it claims to be, I can trust the public key I get handed and send them images using envelope encryption? Sure (if I’m understanding correctly). That doesn’t scale to groups though, right? At least not without a linear number of encrypted copies.

                          I don’t see the advantage of this over, say, signal-messaging an image to people. Sure, the backend becomes signal’s servers, but you know it’s properly encrypted. Plus, it’s not plain ECIES/envelope encryption so you get lovely things like integrity and forward secrecy.

                          Blockchain on its own doesn’t solve the problem of matching keys to humans. If this used some kind of decentralized hierarchical Identity-Based Encryption scheme, it would be interesting.

                          1. 1

                            Blockchain and GDPR compliance…