Enlarge
/
Despite the encryption, Stingle Photos is a distinctly minimalist app that comes closer to the simple feel of an analog album than most of its competitors do.
Kohei Hara / Getty Images
reader comments
179
with 98 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
With Google Photos
killing off
its Unlimited photo backup policy last November, the market for photo backup and sync applications opened up considerably. We
reviewed
one strong contender—Amazon Photos—in January, and freelancer Alex Kretzschmar walked us through several self-hosted
alternatives
in June.
Today, we're looking at a new contender—
Stingle Photos
—which splits the difference, offering a FOSS mobile application that syncs to a managed cloud.
Trust no one
Arguably, encryption is Stingle Photos' most important feature. Although the app uploads your photos to Stingle's cloud service, the service's operators can't look at your photos. That's because the app, which runs on your phone or tablet, encrypts them securely using
Sodium
cryptography.
Since the photos are encrypted before ever leaving your phone—using a key that isn't ever available to Stingle's operators—you're safe from attackers getting a photo dump from Stingle's cloud. You're also safe from Stingle's own operators pulling a
LOVEINT
on you or getting socially engineered by someone with a believable voice begging to get your photos back.
Since Stingle can't do anything useful with the encrypted cloud backups of your photos, you also don't need to worry about strange things happening as a result of your photos being fed to machine-learning algorithms—they're just garbage bits to anyone without your private key.
Transparency
Stingle has gone out of its way to make how it works as clear as possible to security- and privacy-focused users. The company put out a detailed
white paper
outlining its security practices and giving an excellent overview as to how the service works. And for the truly paranoid, access to the application's
source code
closes the gap the rest of the way.
Having access to the source code especially helps close potential loopholes in what Stingle can and can't do with your photos. Since the cloud storage is effectively useless to anyone but the user, that leaves the mobile app itself as the only place to get up to any chicanery,
before
the photos are encrypted and sent to the cloud (or after they're downloaded and decrypted).
We did not attempt anything like a full code audit of the Stingle Photos app, but we did walk through the code far enough to have a good idea of what it's doing and how. No glaringly obvious gotchas leapt out at us.
Advertisement
Key backup
By default, Stingle Photos uploads a backup of the user's private key to the Stingle cloud (which is hosted redundantly at Digital Ocean, using redundant
Wasabi
buckets). This allows the app to function on a new device without the user having to manually and cumbersomely back up and restore the private key themselves.
Astute users' eyebrows likely just shot through the roof—if Stingle has my private key, how do I know the company isn't using it? The answer is that the key is also encrypted before bundling it up and sending it to the cloud for backup.
This is an
extremely
simplified overview of how the method works:
User creates a new Stingle account, specifying a password or passphrase
Stingle Photos hashes the password or passphrase locally and uploads the hash to the back end
Stingle Photos generates public and private keys derived from the user's password
Stingle Photos bundles up the pubkey and privkey, then it encrypts the bundle using the user's full password or passphrase
Stingle Photos uploads the encrypted key bundle to the cloud for backup
We're leaving out a fair amount of the hairy details, such as specific algorithms, salts, and so forth—interested and crypto-fluent folks should check out the original
white paper
to see the bits we skipped over in the name of readability.
The key here is that Stingle never has access to the user's real password or passphrase at all—only a hash of it. Since the user authenticates themselves using the hash but needs the full password—not just its hash—to decrypt the key bundle, the key bundle is therefore s
afe to store remotely.If the user elects
not
to back up the key bundle, they instead need to back up their private key themselves—which Stingle delivers in the form of a 24-word Diceware-style passphrase. After installing the Stingle app on a second device, the user would then need to manually import the "backup phrase"—which is really their private key—onto the second device.
On the other hand, if the user allows Stingle Photos to back up the key bundle, they only need their password to access photos on a second device. After logging in, the second device downloads the encrypted key bundle, decrypts it with the user's full password or passphrase (which, remember, never leaves the device) and everything's instantly ready to go.
Stingle Photos also supports optional biometric authentication—if you want access to your backed-up photos and videos without having to type in a passphrase every time, you can enroll your fingerprint and use it to unlock the app more quickly.
Advertisement
Features and platforms
Browsing the Stingle Photos gallery is simple and snappy—although you'll need to organize your photos manually; all Stingle does automatically is organize by date.
Stingle Photos' first login page succinctly gets its raison d'être across—nobody can see your photos but you.
Stingle Photos can automatically import photos from specified folders, or you can disable automatic import and do it manually.
Storage plans are selected within the app itself. The first 1GiB is free—enough to give you a taste of whether the app will work for you.
If you want encrypted local storage without the cloud backup, you can do that. You can also limit backup to Wi-Fi connections only and/or good battery conditions.
We tested Stingle Photos on two Android devices, a Pixel 2XL and a Huawei MediaPad M5 Pro. Support for iPhones and iPads is on the way but has not arrived yet—along with support for Linux, Windows, and Mac PCs.
The app takes a very different approach from those of Google Photos, Amazon Photos, or Apple Photos. All three of the tech giants' apps try to offer everything under the Sun: machine learning to categorize photos and sort them into galleries and albums, print- and swag-creation services, and more.
Stingle Photos is stark and minimalist by comparison. It imports photos (automatically or manually, at the user's discretion), syncs them, and allows you to organize them into albums. That's pretty much it, apart from the typical Android "sharing" options, which dump a (decrypted) photo into another app directly. We shared, for example, one photo via the Textra SMS app by tapping the share icon for that photo and then selecting a Textra contact.
When importing photos either automatically or manually, Stingle offers the option to delete them after successfully importing them. If you turn automatic deletion on, you ensure that a phone thief can't thumb through your photos, even if they unlock the phone itself—but it does mean Stingle is no longer a "backup." Instead, auto-deletion turns Stingle into the sole repository for your photos, with all lost if Stingle is lost.
No web client is available for Stingle Photos. So for right now, you'll need an Android device to view any Stingle-stored photos. Since a web client isn't anywhere on Stingle's published roadmap, we expect that even as Windows, Linux, and Mac clients become available, you'll still need to install an application to view photos—not just log in to a website with your favorite browser.
Although we've referred mostly to photos, Stingle Photos manages videos and photos interchangeably—just like most other mobile camera and backup apps do.
Cloud-storage pricing
The Stingle Photos app is free—as is your first 1GiB of cloud storage. Stingle's business model revolves around those who need more than that first gibibyte of storage—which we're fairly confident means "everyone" now, especially since Stingle stores your photos and videos at full resolution. There isn't even an option to downsample before encryption and uploading—the media you store locally is the media you're backing up, period.
The first paid tier is 100GiB, for which you'll pay $2.99 per month—or you can pay $29.90 for a year up front, saving yourself the cost of two months. 300GiB costs $4.99/mo, 1TiB costs $11.99/mo, and 3TiB costs $35.99/mo, with the same two-months-free savings for upfront annual purchases. (Larger plans are also available for those who need them.)
