[codethief]

I'm not sure I understand yet. If tags (and the photos associated to them) are supposed to be shareable with others, how do you control read/write access to the tag if you don't use separate cryptographic keys? If you re-use/share existing keys (e.g. the parent album's collection keys), how do you ensure the recipients cannot read other photos or tag metadata not shared with them? What am I missing?

Once again thank you for taking the time to discuss this here! I appreciate it!

[vishnukvmd]

Happy to share my thoughts!

Current plan is to keep tags as part of an item's metadata, and allow sharing and access control with "smart albums" - that create a collection view over a tag-filter.

For eg. you can create a "smart album" for items that match the tags ["2020", "Holidays"]. Your devices will auto-add any items in your library that match these tags, to this collection. You can then share[0] this album with recipients who can view / add / auto-add items from their library.

Hope this makes sense!

[0]: https://ente.com/architecture/#sharing

[codethief]

Ahhh, now I see! Thanks!

> You can then share[0] this album with recipients who can view / add / auto-add items from their library.

IIUC, when a contributor uploads a photo, the owner of the smart album would need to do some client-side synchronization and 1) add the uploaded photo back to the original album and 2) add the tags ["2020", "Holidays"], so as to control write access to the original album & tag?

Either way, would these smart albums show up next to regular albums, though, or be "hidden"? I'm asking because what I would like to do, e.g., is to have a photo album for all our summer vacation photos and then create a subfolder (tag) for each family member to upload their photos in. If the smart albums all showed up in the top-level (flat) album list, I'd end up with a bunch of albums "2026 Summer vacation", "2026 Summer vacation - Alice's photos", "2026 Summer vacation - Bob's photos" all next to each other, which would kind of defeat the purpose in many ways.

[vishnukvmd]

Smart albums are collections that support rule based additions, as well as one-off additions. So a contributor can add photos directly to the collection, without the owner's clients not having to perform any extra computation. Also, for one-off additions, tags are irrelevant (the metadata of added items will stay unmodified).

Smart albums will show up next to regular albums, unless you hide / archive them. So you will unfortunately end up with multiple albums next to each other. For the workflow you've mentioned, we have plans to make albums where collaborators can only view the items they have added - so you could share "2026 Summer vacation" to collect photos from Bob and Alice, and you will be able to see photos added by everyone, while Bob and Alice will only be able to see theirs.

[codethief]

> Smart albums are collections that support rule based additions, as well as one-off additions. So a contributor can add photos directly to the collection, without the owner's clients not having to perform any extra computation.

What I meant was that if the smart album's purpose is allowing contributions to a tag in some other album, then contributed photos will have to be tagged & added to the original album by the owner, won't they, since only the owner holds the collection key.

> For the workflow you've mentioned, we have plans to make albums where collaborators can only view the items they have added

I'm not sure this would cover my use case. 1) I don't like other people's photos getting mixed up with mine for various reasons, which is why I typically set up one subfolder (or in Ente: a separate album) per contributor. 2) I want different people to have write access to their corresponding subfolder, but they should have read access to a larger set of subfolders (e.g. each others' photos, or maybe even the entire "summer vacation" album, though not necessarily).

All in all, the mechanisms you propose seem rather complex to me (and still inferior) compared to simply allowing albums/collections to be nested. And when I say "complex" I mean this not just from a technical point of view, but also from a conceptual & UX one. In the interview on YouTube you mention that a folder hierarchy might seem foreign to younger users but even if I believe that, is the solution really to come up with a solution that's foreign to everyone?

Besides, the entire industry has settled on nested folders as the primary way to organize files & documents as well as access control, from traditional file systems over Dropbox, M365 / SharePoint / One Drive to Confluence. So I'd say whoever is unfamiliar with that will become familiar fast, don't you think?