←back to thread

Google flags Immich sites as dangerous

(immich.app)
742 points janpio | 2 comments | 22 Oct 25 20:53 UTC | HN request time: 0s | source
Show context
NelsonMinar ◴[22 Oct 25 23:29 UTC] No.45676467[source]
Be sure to see the team's whole list of Cursed Knowledge. https://immich.app/cursed-knowledge
replies(5): >>45676661 #>>45677766 #>>45677816 #>>45678252 #>>45679167 #
nemothekid ◴[23 Oct 25 03:08 UTC] No.45677766[source]
Some of these seem less cursed, and more just security design?

>Some phones will silently strip GPS data from images when apps without location permission try to access them.

That strikes me as the right thing to do?

replies(5): >>45677942 #>>45677957 #>>45677969 #>>45678369 #>>45679345 #
1. gausswho ◴[23 Oct 25 03:42 UTC] No.45677942[source]
Huh. Maybe? I don't want that information available to apps to spy on me. But I do want full file contents available to some of them.

And wait. Uh oh. Does this mean my Syncthing-Fork app (which itself would never strike me as needing location services) might have my phone's images' location be stripped before making their way to my backup system?

EDIT: To answer my last question: My images transferred via Syncthing-Fork on a GrapheneOS device to another PC running Fedora Atomic have persisted the GPS data as verified by exiftool. Location permissions have not been granted to Syncthing-Fork.

Happy I didn't lose that data. But it would appear that permission to your photo files may expose your GPS locations regardless of the location permission.

replies(1): >>45678762 #
2. krs_ ◴[23 Oct 25 06:18 UTC] No.45678762[source]
With the Nextcloud app I remember having to enable full file permissions to preserve the GPS data of auto-uploaded photos a couple of years ago. Which I only discovered some months after these security changes went into effect on my phone. That was fun. I think Android 10 or 11 introduced it.

Looking now I can't even find that setting anymore on my current phone. But the photos still does have the GPS data intact.