Stingle is an open source, privacy-focused photo backup app

With Google Photos ending its unlimited photo backup policy last November, the market for photo backup and sync apps has opened up significantly. We took a look at a serious competitor, Amazon Photos, in January, and freelance writer Alex Kretzschmar presented us with several self-hosted alternatives in June.

Today we take a look at a new competitor, Stingle Photos, which is splitting the difference by offering a FOSS mobile app that syncs with a managed cloud.

Don’t trust anybody

Encryption is arguably the most important feature of Stingle Photos. Although the app uploads your photos to Stingle’s cloud service, service operators cannot view your photos. This is because the app, which runs on your phone or tablet, securely encrypts them using sodium cryptography.

Since photos are encrypted before you leave your phone, using a key that is never available to Stingle carriers, you are safe from attackers who get a cloud photo dump from Stingle. You’re also safe from Stingle’s own operators throwing a LOVEINT at you or being socially manipulated by someone with a believable voice begging to get your photos back.

Since Stingle can’t do anything useful with the encrypted cloud backups of your photos, you also don’t have to worry about the weird things that happen as a result of feeding your photos into algorithms. machine learning – that’s all garbage, to anyone without your private key.

Transparency

Stingle has done everything possible to make its operation as clear as possible for users concerned about security and privacy. The company has published a detailed white paper outlining its security practices and providing excellent insight into how the service works. And for the truly paranoid, access to the app’s source code bridges the gap for the rest of the way.

Having access to the source code especially helps fill in potential gaps in what Stingle can and cannot do with your photos. Since cloud storage is effectively unnecessary for anyone except the user, this leaves the mobile app itself as the only place to stand up to any quarrels, before photos are encrypted and sent to the cloud (or after being uploaded and decrypted).

We haven’t attempted anything quite like a full code audit of the Stingle Photos app, but we’ve gone through the code far enough to get a good idea of ​​what and how it does. No glaring trap has jumped on us.

Key backup

By default, Stingle Photos uploads a backup of the user’s private key to the Stingle cloud (which is redundantly hosted at Digital Ocean, using redundant Wasabi buckets). This allows the app to run on a new device without the user having to manually and heavily back up and restore the private key themselves.

The eyebrows of astute users have probably just jumped through the roof. If Stingle has my private key, how do I know the company isn’t using it? The answer is that the key is also encrypted, before bundling it and sending it to the cloud for backup.

It’s a extremely simplified presentation of how the method works:

• User creates a new Stingle account, specifying a password or passphrase
• Stingle Photos hashes the password or passphrase locally and uploads the hash to the backend
• Stingle Photos generates public and private keys derived from the hash of the user’s password
• Stingle Photos bundles the public key and private key together, then encrypts the set using the user’s full password or passphrase
• Stingle Photos uploads the encrypted key bundle to the cloud for backup

We leave out a lot of the fine details, such as specific algorithms, salts, etc. Those interested and familiar with crypto should check out the original white paper to see what we skipped in the name of readability here.

The key here is that Stingle never has access to the user’s real password or passphrase – only a hash of it. Since the user authenticates using the hash but needs the full password (not just their hash) to decrypt the key packet, therefore the key packet can be safely stored remotely. .

If the user chooses not instead, to back up the set of keys, they need to back up their private key themselves, which Stingle provides in the form of a 24-word Diceware-style passphrase. After installing the Stingle app on a second device, the user will then need to manually import the “backup phrase” – which is actually their private key – onto the second device.

On the other hand, if the user allows Stingle Photos to save the bundle of keys, they only need their password to access the photos on a second device. Once logged in, the second device downloads the encrypted key packet, decrypts it with the user’s full password or passphrase (which, remember, never leaves the device) and everything is instantly ready to go. function.

Stingle Photos also supports optional biometric authentication. If you want to access your saved photos and videos without having to enter a passphrase every time, you can enroll your fingerprint and use it to unlock the app faster.

Features and platforms

We tested Stingle Photos on two Android devices, a Pixel 2XL and a Huawei MediaPad M5 Pro. Support for iPhones and iPads is ongoing but has not yet arrived, as well as support for Linux, Windows, and Mac PCs.

The app takes a very different approach than Google Photos, Amazon Photos, or Apple Photos. The tech giants’ three apps try to offer it all under the sun: machine learning to categorize photos and sort them into galleries and albums, print and swag design services, and more.

Stingle Photos is austere and minimalist in comparison. It imports the photos (automatically or manually, at the user’s discretion), syncs them, and lets you organize them into albums. That’s about it, other than the typical Android “share” options which directly dump a (decrypted) photo into another app. We shared, for example, a photo through the Textra SMS app by tapping the share icon for that photo and then selecting a Textra contact.

When importing photos automatically or manually, Stingle offers the option to delete them after successfully importing them. If you enable automatic deletion, you make sure that a phone thief cannot browse your photos even if they unlock the phone itself, but that means that Stingle is no longer a “backup”. Instead, automatic deletion turns Stingle into the sole repository of your photos, all of which are lost if Stingle is lost.

No web client is available for Stingle Photos. So for now you will need an Android device to view all the photos stored by Stingle. Since a web client isn’t listed anywhere on Stingle’s published roadmap, we anticipate that even when Windows, Linux, and Mac clients become available, you’ll still need to install an app to view photos, and not just you. connect to a website with your favorite. Navigator.

While we’ve mostly referred to photos, Stingle Photos handles videos and photos interchangeably, just like most other mobile camera and backup apps.

Cloud storage pricing

The Stingle Photos app is free, as is your first 1 GiB of cloud storage. Stingle’s business model revolves around those who need more than that first gigabyte of storage, which we’re pretty confident means “everyone” now, especially since Stingle stores your photos and videos. in full resolution. There’s not even a downsampling option before encryption and download – the media you store locally is the media you back up, period.

The first paid tier is 100 GiB, for which you’ll pay $ 2.99 per month, or you can pay $ 29.90 for a year up front, saving you the cost of two months. 300 GiB costs $ 4.99 / month, 1 TiB costs $ 11.99 / month, and 3 TiB costs $ 35.99 / month, with the same free two-month savings for initial annual purchases. (Larger packages are also available for those who need them.)