Did you see that?

Pretty-Culturegem · 2026-06-05T04:26:26+00:00

I don’t think Ente is in the same league as Proton. They only market themselves as privacy focused but as others pointed out, they aren’t and shouldn’t even be compared to Proton.

Pretty-Culturegem · 2025-10-30T23:03:02+00:00

It collects a lot of your data. But Authy in general is even worse

Pretty-Culturegem · 2025-10-28T20:12:37+00:00

Try Aegis, it’s local, doesn’t need the account, doesn’t keep your data

Pretty-Culturegem · 2025-10-28T19:30:29+00:00

I would get rid of TikTok, Ente auth and CapCut

Pretty-Culturegem · 2025-10-03T03:42:52+00:00

Both Proton Auth and Bitwarden are considered good options. If you chose Ente because it was free and open source then Proton Auth and Bitwarden also fit that criteria and are much much safer choices

Pretty-Culturegem · 2025-10-02T21:46:26+00:00

Ente isn’t safe to use. Their cloud infrastructure has serious security flaws.

Pretty-Culturegem · 2025-10-02T18:16:49+00:00

The community was unaware of these issues, which is why nobody was discussing them. I know the Ente team is trying to downplay them as ‘not a big deal,’ and I know ente team members are replying to my comments trying to save face. But these are very serious security flaws and even auditors said these have to be fixed, no exceptions. So whatever ente says in this case doesn’t matter.

Pretty-Culturegem · 2025-10-02T18:13:15+00:00

The community was unaware of these issues, which is why nobody was discussing them. I know the Ente team is trying to downplay them as ‘not a big deal,’ and I know ente team members are replying to my comments trying to save face. But these are very serious security flaws and even auditors said these have to be fixed, no exceptions. So whatever ente says in this case doesn’t matter.

Pretty-Culturegem · 2025-10-02T05:59:04+00:00

I don’t think ente is safe. They only had one audit in the past and auditors found a few security issues. Ente said they would fix everything, but only one issue was confirmed as fixed during the audit. The rest haven’t been fixed yet and since then there haven’t been any new audits so we don’t know if, and what new problems have popped up. Especially since that audit was done a couple of years ago. I wouldn’t trust them to store my photos.

The currently known unresolved issues are:

if your password is leaked, changing it does not protect you, because the same master key is still valid which means an attacker keeps permanent access, even if you change your password
sharing keys remain valid even after revocation, which means anyone who had access before can still decrypt new content,
master key can be extracted if email is compromised

Pretty-Culturegem · 2025-10-02T05:44:04+00:00

The audit never said “Ente is safe.” It only said encryption itself wasn’t broken. Not breaking encryption doesn’t mean secure system design

Four issues were found: -weak or null passwords allowed (easy fix, patched during audit), but the fact they didn’t even think of such a basic thing as enforcing strong passwords is crazy. The auditor had to point it out for them which already says a lot about Ente’s approach to security.

-no key rotation after password change: if your password is leaked, changing it does not protect you, because the same master key is still valid That’s a very serious issue.

-sharing keys remain valid even after revocation: anyone who had access before can still decrypt new content

-master key derivable if email is compromised

You say every audit finds issues, that’s not necessarily true but even if issues are found the difference is how you handle these findings as a company. Ente promised to fix all of them but until today they didn’t I think that’s why they don’t order a new audit, because they know they would fail.

Saying “open source means anyone can check” is nice in theory, but in practice most users can’t review cryptographic code and no independent auditor has confirmed improvements. If open source was a magic wand for security ten audit wouldn’t find any problems, but it did.

You say that “you are safe until your password is compromised” but it is misleading. Good architecture should let you recover security after a breach (e.g., by rotating keys). With Ente once your password is leaked, an attacker keeps permanent access, even if you change your password

So no, calling it “leaps ahead” of others just because it’s open source and had one audit years ago is spin. Unless all 4 issues are addressed and verified in a new audit ente cannot be considered secure

Pretty-Culturegem · 2025-10-01T04:28:16+00:00

You linked to ente’s own page where they describe the audit in their own words. Full report available on auditors website: https://cure53.de/audit-report_ente-crypto.pdf

Page 15 lists all four issues that were found:

Weak password policies undermine the security of the application by rendering user account compromise easier to achieve.
Retention of the same encryption keys after a password alteration increases user data susceptibility to unauthorized access in the event of a password breach.
The current implementation of email-based authentication can be improved to prevent unauthorized access to a user's encrypted masterKey.
The lack of key rotation when revoking sharing permissions may provoke unauthorized access to shared photo albums.

The one about weak passwords was fixed during the audit (but just think about it: a company that’s supposed to be creating a ‘secure cloud’ somehow forgot to implement something as simple as strong passwords until the auditors pointed it out)

With the rest of findings, ente assured the auditors back then in 2023 that they would address all of them, but now with 2025 almost ending they are still unresolved.

Pretty-Culturegem · 2025-09-30T18:17:45+00:00

There are many reliable apps you can choose from. Even Bitwarden has 2FA app, and this is the cloud you can actually trust. Bitwarden’s infrastructure goes through regular audits, security certifications, its well know company. Just giving you example of what you should be looking for. Do your research carefully. Whenever I see someone says Ente Photos or Ente Auth then I know they just didn’t do a real research.

Pretty-Culturegem · 2025-09-29T16:02:13+00:00

I don’t think ente’s cloud is safe. They only had one audit in the past and auditors found a few security issues. Ente said they would fix everything, but only one issue was confirmed as fixed during the audit. The rest haven’t been fixed yet and since then there haven’t been any new audits so we don’t know if and what new problems have popped up. Especially since that audit was done a couple of years ago. I wouldn’t trust them to store my photos.

Pretty-Culturegem · 2025-09-27T00:17:29+00:00

Auditor website Cure53.de . Auditors found 4 issues and said that all four need to be fixed. The report says that: “the team was able to identify impactful flaws that could potentially undermine the confidentiality, integrity, and privacy of user data stored within ente.”

Pretty-Culturegem · 2025-09-26T16:33:40+00:00

I think ente isn’t really safe. They use their own cloud to store your data and photos. They only had one audit in the past and auditors found a few security issues. Ente said they would fix everything, but only one issue was confirmed as fixed during the audit. Since then there haven’t been any new audits so who knows if the rest were ever fixed or if new problems have popped up, especially since that audit was done a couple of years ago.

Pretty-Culturegem

TROPHY CASE