After Google Photos' November 2011 decision to end its Unlimited photo backup policy, the market for photo backups and sync apps has expanded significantly. In January, we reviewed Amazon Photos. Alex Kretzschmar, a freelancer, walked us through several other self-hosted options in June.Today we are looking at a new contenderStingle Photoswhich splits this difference and offers a FOSS mobile app which syncs with a managed cloud.Do not trust anyoneStingle Photos' best feature is, perhaps, encryption. The app uploads your photos directly to Stingle's cloud storage service. However, service operators cannot view your photos. The app runs on your tablet or phone and encrypts your photos using Sodium cryptography.Stingle's operators can't access your photos, so attackers won't be able to get a photo dump of your phone's cloud. Stingle's operators can also pull a love on you, or socially engineer your phone by using a convincing voice asking for your photos.Stingle cannot do anything with encrypted cloud backups, so you don't have to worry about strange happenings. Your photos are just garbage bits to any machine-learning algorithms.TransparencyStingle has made every effort to explain how it works to privacy- and security-conscious users. A detailed whitepaper was published by the company outlining its security policies and providing an overview of how the service works. Access to the source code of the application is available for paranoid customers.Access to the source code is a great way to close any loopholes in Stingle's ability or inability to do certain things with your photos. The cloud storage is ineffective to everyone except the user. That leaves the mobile app as the only place where you can do any chicanery before or after the photos have been encrypted and sent to cloud.Although we didn't attempt to do a complete code audit of Stingle Photos, we did walk through enough code to get a general idea of how it works. We didn't see any obvious flaws.AdvertisementBackup keyStingle Photos automatically uploads a backup to the Stingle cloud of the user's private keys. This backup is stored redundantly at Digital Ocean using redundant Wasabi buckets. This allows the app's functionality to be used on a new device, without the user needing to manually back up or restore their private key.Users with a keen eye may have noticed that their eyebrows are now raised. If Stingle has my private keys, how can I be sure the company isn’t using them? Answer: The key is encrypted before being sent to the cloud.This is a very simplified explanation of how the process works.The user creates a new Stingle Account, and specifies a password or passphrase.Stingle Photos hashes your password or passphrase locally, and then uploads it to the back end.Stingle Photos generates private and public keys from the password of the userStingle Photos bundles the pubkey/prikey, then it encrypts that bundle with the user's password or passphrase.Stingle Photos saves encrypted key bundles to the cloud as a backupThe original white paper contains many of the details we left out.Stingle does not have access to the password or passphrase of the user. It only has a hash. The key bundle can be stored remotely because the user authenticates using the hash, but only the password.If the user does not wish to backup the key bundle, they will need to back it up themselves. Stingle provides a 24-word Diceware passphrase. The user will need to import the "backupphrase" which is their private key, onto a second device after installing the Stingle App.If the user authorizes Stingle Photos to backup the key bundle, then they will only need their password in order to access photos on another device. After signing in, the second device downloads encrypted key bundle and decrypts it using the user's password or passphrase. Everything is then ready for use.Optional biometric authentication is available in Stingle Photos. If you would like to have access to your backup photos and videos without needing to enter a passphrase each time, you can enroll with your fingerprint to unlock the app faster.AdvertisementPlatforms and FeaturesJim SalterJim SalterJim SalterJim SalterJim SalterStingle Photos was tested on two Android devices: a Pixel 2XL, and a Huawei MediaPad M5 Pro. Although support for iPhones, iPads, and Linux, Windows, Mac PCs are in the works, it has yet to be available.This app is very different from Google Photos, Amazon Photos, and Apple Photos. The apps of all three tech giants try to offer everything: machine learning to classify photos, sort them into albums and galleries, print- and swag-creation, and many other features.Stingle Photos looks stark and minimalist in comparison. It can import photos manually or automatically, sync them and allow you to organize them in albums. This is all. There are no other options than the standard Android "sharing" options that dump encrypted photos into another app. One photo was shared via Textra SMS by clicking the share icon and selecting a Textra Contact.Stingle allows you to delete photos after they have been successfully imported. Automatic deletion will prevent a phone thief from looking through your photos even if the phone is locked. However, it will mean that Stingle no longer serves as a backup. Instead, auto-deletion makes Stingle the only repository for all your photos. All else being equal, Stingle will be lost.Stingle Photos does not have a web client. To view any Stingle photos, you will need an Android phone. We expect that a web client will not be available on Stingle’s published roadmap. However, it is possible to still install an app to view photos.Although we have mainly spoken about photos, Stingle Photos can manage videos and photos just like other backup and mobile camera apps.Pricing for cloud-storageStingle Photos is available for free, as is the first 1GiB cloud storage. Stingle's business model is based on those who require more storage than the first gibibyte. We're pretty confident that this means everyone now, since Stingle stores all your photos and videos in full resolution. You can't downsample prior to encryption and uploading. The media you store locally is what you are backing up.The 100GiB paid tier will cost you $2.99 per month. You can also pay $29.90 upfront for a year, which saves you the cost of two months. 300GiB is $4.99/month, 1TiB is $11.99/mo and 3TiB is $35.99/mo. There are also two-months-free savings on upfront annual purchases. For those who require them, larger plans are available.
