Trusting the Untrustworthy

25 Nov 2017

I've just migrated all of my photos from "Lightroom CC" to "New Lightroom CC”[1]. This was a tough call.

Lightroom CC manipulates photos and metadata via files on local disk. NLCC is entirely cloud-based - the authoritative datastore is "your account", where all photos and metadata are stored. It uses the local disk as a cache only. This has some advantages, but comes with some savage tradeoffs.

I think about my personal data along three axes:

  • Security: How likely is it that an adversary can access this data? (In many cases the psychological threat is more important than the actual risk)

  • Reliability: If things go wrong, or a large amount of time passes, how likely is it that I can still access this data?

  • Convenience: When things aren't going wrong, how easy is it for me to access this data?

My ratings look like this:

Lightroom CC (+Goodsync to Google Drive for backup):

Security: 5/10. The local files are inside OSX's full-disk encryption, but the Google Drive backup is in the clear. The google account has 2FA and google has a good security reputation.

Reliability: 5/10. No versioning (although I could achieve this by also using Time Machine). The backup isn't automated so it's often quite old, but only simultaneous destruction of my local machine and my google account would wipe me out.

Convenience: 3/10. Lightroom CC is big, complex, slow, and a pain to use (as well as very powerful). I can't use it at all without my laptop plus the external drive that houses the photos. My partner could theoretically access the photos and update the metadata by borrowing that drive, installing Lightroom CC, and learning to use it, but in practice she doesn't.


Security: 1/10. Worst-case scenario: all photos and metadata are stored in the clear in the Adobe cloud, which is hosted in the US. There's no 2FA, and Adobe has a poor security reputation.

Reliability: 2/10. Almost worst-case: there's a single copy of the data, and it's on a cloud service with no SLA covering data loss. There's no versioning or rollback, so a single fat-finger can wipe you out. While it's possible to maintain a local cache of the image files, they don't have any metadata, so it's only a partial backup.

Convenience: 10/10. NLCC is fast, streamlined, and a joy to use. It can work without the local cache, so even without the external drive, I can update metadata. I can organise photos while sitting on the tube, using the excellent mobile app. My partner and I can both access and import photos and our changes will sync. This thing is game-changing.


Fundamentally, Lightroom CC wasn't working for me. I'd occasionally batch-import and organise photos, but almost never look at them again. My partner couldn't easily access my photo database at all.

If I can't use the data, it might as well not exist. This changes the calculus around 'reliability' a bit, in the same way that I'm willing to take an expensive camera on dicey trips because, if it sits at home in a drawer, it might as well be broken anyway.

I've got a partial workaround for Reliability; captions and keywords can be preserved, but Album data will be lost.

There's nothing I can do about Security except to apply the Facebook Rules ("don't post anything that you wouldn't be happy to see on the front page of tomorrow's newspaper") to my photo database, which doesn't cost too much Convenience. I can live with it.

Overall NLCC has me actually using and enjoying my photos, so it wins. And I guess this is why, as an industry, security is currently so bad - for most people, most of the time, Convenience is simply more important.

fn1 NLCC is a completely new product, but they've given it the name of an old product, and then renamed the old one to "Classic". Among other problems, this makes googling for answers almost impossible.