Heard the first time about them (ente) yesterday in a discussion about "which 2FA are u using?". Directly switched to https://ente.com/auth/ on Android and Linux Desktop and very happy with it.
You presumably had a working 2fa app already, but off the cuff decide to switch to new unvetted variant X; basically unknown auth system after reading a few paragraphs of text in an afternoon?
Ente is extremely well known in the privacy circles, so this is not just some random company with a random app out of nowhere.
Check PrivacyGuides for example.
Here’s where it was added to PrivacyGuides - https://github.com/privacyguides/privacyguides.org/issues/36.... The person opening the issue is the CEO of ente. So the CEO of ente gets his company mentioned in PrivacyGuides back when it was new and that makes it more legit?
PrivacyGuides goes through their own process of vetting (whether you would agree with their process or not that’s another topic) so I think the discussion to add Ente Photos is the more relevant link
https://discuss.privacyguides.net/t/ente-photo-management/11...
> PrivacyGuides goes through their own process of vetting ... so I think the discussion
The discussion is not all that relevant as PrivacyGuides does not rely solely on community input. The core team pretty much generates content and lists recommendations based on (what they claim is) their own research (which isn't saying much).
The forum and community really give us a lot of external insights, with the voting system letting us poll how popular something is.
While we put a very heavy importance on the community consensus, it is mostly up to the team to decide what comes and goes, where more heavy decisions require more votes...
A reason why it has never really been written out is that policies can be gamed, and the team really wants to be able to veto decisions...
As far as "evaluating"/reviewing tools the methods to do so are not documented...
While I would have the same reaction, in this case I think it is a sane decision. Ente is cornering the privacy market and I think they're doing a great job. They have a lot to lose (trust) and it would be stupid if they did something shady with the data entered in the 2FA app.
Not knowing them, how could OP trust them instantly? Whether they really have that trust or not, you have to know them for a while and from many different trustable sources. The story is a bit strange.
> new unvetted variant X; basically unknown auth system
Valid concerns. In the case of Ente Auth though, it is used by folks working at CERN [0], who also sponsored a recent security audit: https://ente.com/blog/cern-audit/
They just store tokens, without other FA at "worst" you get locked of your account but nobody else has access either. You're also supposed to, as good practice, not be limited to token generation and typically have a dozen or so of recovery tokens. Also if they were somewhat not working at doing the 1 task they should do, namely generate tokens, then you won't be able to use them so it won't even be added.
So... I might be missing something, can you please explain what worries you and why I should thus worry too?
Not saying they’re a paid promoter. But if I paid someone to speak about my newly launched product, they’d say something exactly like that. “Never heard of these guys before, but I loved their other product you’ve never heard of. I’m super excited to try this one!”
I'm very happy syncing between KeepassXC on Debian and Keepass2Android on mobile. It handles TOTP accoss devices.
What I'm missing is a way to create and use Passkeys across devices. My use case does not support creating a new Passkey on every device, I need to sync them via servers I control. The system that supports that will be the system that I migrate to.
Oh, wow, thanks for posting that. I switched to Ente for my photos recently, had no idea they also have a 2FA app. I was looking for a replacement for Aegis (after a switch to iOS), and this can even import from Aegis backup files. Neat. This means I can finally ditch my old phone I still had to have around just for 2FA :)
I was just thinking their end goal seems to be to harvest creds by putting their own rebadged distribution of local models. That’s the only “business” model that makes sense.
Expressly harvesting creds through a 2FA app seems a little more direct.
Ente offers E2EE photo hosting, the storage they sell through subscriptions to that is their business model. Their main selling point is that all machine learning to cluster faces is done on your devices. I would assume that they want more users to train their models on to improve their core offering
The credit card thing is only since 2018, forgot about that. Regarding PayPal, maybe it is in their TOS, but here [0] is a Screenshot from Airberlin (from an article about the new CC rules [1]) from before 2018. 7€ extra for both PayPal and CC, 5€ for SEPA and no extra cost for GiroPay.
>Also theres a german law which forbids additional fees for paying with CC.
Interesting, because lots of brick-and-mortar German businesses (especially restaurants) simply don't take credit cards, because of the processor fees. You'll go very hungry in Germany if you go there with a credit card and no way of getting any cash.
I don't use ublock. Anyway I request that Chrome as a first party allow me to select "I agree to all cookies" and then have it sent that as a header or something else. This really is something that only Chrome and Firefox etc can do. Preferably in the same way :)
Got that one too. Endless-spinners are one the most annoying stuff in the web. Please check for responses. I got a 403 (checked the network debug tag), probably session/csrf-token timeout...
It sure was entertaining to see them run on a brand new engine, gearbox and electrics on full race power (they probably have even more for qualifying) instead of the usual economy mode to reduce wear and tear. And the Interlagos track is a phenomenal race track despite the lack of overtaking opportunities.
Some race tracks just don't provide good racing and some are downright boring to watch despite being fun for the drivers. This is even more of a problem with Formula E, which usually runs on street circuits with mostly 90 degree corners.
A lot of F1 fans complain about grid penalties, but watching guys like Vettel, Hamilton, and even Ricciardo - guys with a legitimate shot at a place on the podium - make up time and set fastest laps to move up in position has been a lot of fun this season. For better or worse, the very front of the pack tends to be more quiet. If you're in front and your position is safe, you won't generally set fastest laps, you'll preserve the car.
Going to give this a try...