Incorporate suggestions (#2414)
This commit is contained in:
Vishnu Mohandas
@@ -1,73 +1,77 @@
|
||||
---
|
||||
title: Security and privacy FAQ
|
||||
description:
|
||||
Frequently asked questions about security and privacy of Ente Photos
|
||||
title: Security and Privacy FAQ
|
||||
description: Comprehensive information about security and privacy measures in Ente Photos
|
||||
---
|
||||
|
||||
# Security and privacy
|
||||
# Security and Privacy FAQ
|
||||
|
||||
## Can Ente see my photos and videos?
|
||||
Welcome to Ente Photos' Security and Privacy FAQ. This document provides
|
||||
detailed information about our security practices, privacy measures, and how we
|
||||
protect your data. We are committed to maintaining the highest standards of data
|
||||
protection and transparency.
|
||||
|
||||
No.
|
||||
## Data Encryption and Storage
|
||||
|
||||
Your files are encrypted with a key before they are uploaded to our servers.
|
||||
### Can Ente see my photos and videos?
|
||||
No. Your files are encrypted on your device before being uploaded to our
|
||||
servers. The encryption keys are derived from your password using advanced key
|
||||
derivation functions. Since only you know your password, only you can decrypt
|
||||
your files. For technical details, please see our [architecture
|
||||
document](https://ente.io/architecture).
|
||||
|
||||
These keys can be accessed only with your password.
|
||||
### How is my data encrypted?
|
||||
We use the following encryption algorithms:
|
||||
- Encryption: `XChaCha20` and `XSalsa20`
|
||||
- Authentication: Poly1305 message authentication code (MAC)
|
||||
- Key derivation: Argon2id with high memory and computation parameters
|
||||
|
||||
Since only you know your password, only you can decrypt your files.
|
||||
These algorithms are implemented using
|
||||
[libsodium](https://libsodium.gitbook.io/doc/), a externally audited
|
||||
cryptographic library. Our [architecture document](https://ente.io/architecture)
|
||||
provides full technical specifications.
|
||||
|
||||
To learn more about our encryption protocol, please read about our
|
||||
[architecture](https://ente.io/architecture).
|
||||
### Where is my data stored?
|
||||
Your encrypted data is stored redundantly across multiple providers in the EU:
|
||||
- Amsterdam, Netherlands
|
||||
- Paris, France
|
||||
- Frankfurt, Germany
|
||||
|
||||
## How is my data encrypted?
|
||||
We use a combination of object storage and distributed databases to ensure high
|
||||
availability and durability. Our [reliability
|
||||
document](https://ente.io/reliability) provides in-depth information about our
|
||||
storage infrastructure and data replication strategies.
|
||||
|
||||
We use [libsodium](https://libsodium.gitbook.io/doc/)'s implementations
|
||||
`XChaCha20` and `XSalsa20` to encrypt your data, along with `Poly1305` MAC for
|
||||
authentication.
|
||||
### How does Ente's encryption compare to industry standards?
|
||||
Our encryption model goes beyond industry standards. While many services use
|
||||
server-side encryption, we implement end-to-end encryption. This means that even
|
||||
in the unlikely event of a server breach, your data remains protected.
|
||||
|
||||
Please refer to the document on our [architecture](https://ente.io/architecture)
|
||||
for more details.
|
||||
## Account Security
|
||||
|
||||
## Where is my data stored?
|
||||
### What happens if I forget my password?
|
||||
You can reset your password using your recovery key. This key is a randomly
|
||||
generated string provided to you during account creation. Store it securely, as
|
||||
it's your lifeline if you forget your password. If you lose both your password
|
||||
and recovery key, we cannot recover your account or data due to our
|
||||
zero-knowledge architecture.
|
||||
|
||||
Your data is replicated to multiple providers in different countries in the EU.
|
||||
|
||||
Currently we have datacenters in the following locations:
|
||||
|
||||
- Amsterdam, Netherlands
|
||||
- Paris, France
|
||||
- Frankfurt, Germany
|
||||
|
||||
Much more details about our replication and reliability are documented
|
||||
[here](https://ente.io/reliability).
|
||||
|
||||
## What happens if I forget my password?
|
||||
|
||||
You can reset your password with your recovery key.
|
||||
|
||||
If you lose both your password and your recovery key, you will not be able to
|
||||
decrypt your data.
|
||||
|
||||
## Can I change my password?
|
||||
|
||||
Yes.
|
||||
|
||||
You can change your password from any of our apps.
|
||||
|
||||
Thanks to our [architecture](https://ente.io/architecture), you can do so
|
||||
without having to re-encrypt any of your files.
|
||||
### Can I change my password?
|
||||
Yes, you can change your password at any time from our apps. Our architecture
|
||||
allows password changes without re-encrypting your entire library.
|
||||
|
||||
The privacy of your account is a function of the strength of your password,
|
||||
please choose a strong one.
|
||||
|
||||
## Do you support 2FA?
|
||||
### Do you support two-factor authentication (2FA)?
|
||||
Yes, we recommend enabling 2FA for an additional layer of security. We support:
|
||||
- Time-based One-Time Passwords (TOTP)
|
||||
- WebAuthn/FIDO2 for hardware security keys
|
||||
|
||||
Yes.
|
||||
You can set up 2FA in the settings of our mobile or desktop apps.
|
||||
|
||||
You can setup two-factor authentication from the settings screen of the mobile
|
||||
app or from the side bar of our desktop app.
|
||||
## Sharing and Collaboration
|
||||
|
||||
## How does sharing work?
|
||||
### How does sharing work?
|
||||
|
||||
The information required to decrypt an album is encrypted with the recipient's
|
||||
public key such that only they can decrypt them.
|
||||
@@ -81,22 +85,31 @@ and is never sent to our servers.
|
||||
Please note that only users on the paid plan are allowed to share albums. The
|
||||
receiver just needs a free Ente account.
|
||||
|
||||
## Has the Ente Photos app been audited by a credible source?
|
||||
## Security Audits
|
||||
|
||||
## Has the Ente Photos app been audited by a credible source?
|
||||
Yes, Ente Photos has undergone a thorough security audit conducted by Cure53, in
|
||||
collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity
|
||||
firm, while Symbolic Software specializes in applied cryptography. Please find
|
||||
the full report here: https://ente.io/blog/cryptography-audit/
|
||||
|
||||
## How can I delete my account?
|
||||
## Account Management
|
||||
|
||||
### How can I delete my account?
|
||||
|
||||
You can delete your account at any time by using the "Delete account" option in
|
||||
the settings. For security reasons, we request you to delete your account on
|
||||
your own instead of contacting support to ask them to delete your account.
|
||||
|
||||
Note that both Ente photos and Ente auth data will be deleted when you delete
|
||||
Note that both Ente Photos and Ente Auth data will be deleted when you delete
|
||||
your account (irrespective of which app you delete it from) since both photos
|
||||
and auth use the same underlying account.
|
||||
|
||||
To know details of how your data is deleted, including when you delete your
|
||||
account, please see https://ente.io/blog/how-ente-deletes-data/.
|
||||
|
||||
## Additional Support
|
||||
|
||||
For any security or privacy questions not covered here, please contact our team
|
||||
at security@ente.io. We're committed to addressing your concerns and
|
||||
continuously improving our security measures.
|
||||
|
||||
Reference in New Issue
Block a user