TIL: timeout in Bash scripts
Article, Comments

No deleted account found from 55 scanned users from this group 🚫👻

Signal’s privacy claims exposed! Mark37 dives into “SignalGate,” revealing cracks in the app’s “gold standard” narrative. From closed-source anti-spam systems to leadership ties with Big Tech and government, plus vulnerabilities flagged by the Pentagon, is Signal truly secure? Learn the truth and explore safer alternatives.

https://mark37.com/signal/

The board includes additional members with deep establishment ties:
Amba Kak: Rhodes Scholar (British Pilgrims Society), Oxford graduate, senior advisor to the U.S. Federal Trade Commission, and executive director of AI Now Institute (founded during Obama Administration)
Jay Sullivan: Yale graduate, worked at Twitter, Facebook, Mozilla, Microsoft, and Oracle
Katherine R. Maher: CEO of NPR, executive director of Wikimedia Foundation, Council on Foreign Relations member, UNICEF officer, World Bank advisor, and connected to multiple NGOs funded by USAID and the British Pilgrims Society
This leadership structure raises serious questions about Signal’s true allegiances and priorities. Can an organization led by figures so deeply embedded in establishment institutions and ideologies truly be committed to challenging government surveillance and corporate data collection?

The Closed-Source Anti-Spam System: A Necessary Evil or Concerning Vulnerability?
Signal’s messaging protocol and client apps (Android, iOS, desktop) are open-source and subject to regular security audits. However, there’s a critical component that isn’t: Signal’s anti-spam system.
To be fair, Signal’s justification for keeping this component closed-source is legitimate – preventing spammers from studying and circumventing it makes practical sense. The amount of data this specific component can theoretically access is also more limited than, for example, the core messaging infrastructure.
However, this closed-source element creates a blind spot that inherently weakens Signal’s security model and contradicts its promise of complete transparency. Without independent verification, users must simply trust Signal’s claims about what this system does and doesn’t do. When examining potential concerns, several scenarios emerge:
Metadata Collection: While likely limited in scope, the anti-spam system could still collect certain metadata (IP addresses, phone numbers, patterns of communication) and potentially retain it longer than communicated to users.
Account Flagging: The system could include mechanisms to flag specific accounts for additional monitoring or data collection, possibly at the request of government agencies. Since this component isn’t subject to public scrutiny, there’s no way to verify what criteria might trigger such flagging.
Infrastructure Vulnerabilities: Even if the anti-spam system itself doesn’t have malicious intent, its closed nature means vulnerabilities might go undetected, potentially allowing sophisticated attackers to compromise it.
The recent Pentagon warning about Russian hackers exploiting Signal vulnerabilities demonstrates that even supposedly secure systems can have unexpected weak points. The fundamental question becomes: can a system be truly secure when parts of it remain hidden from independent security researchers?

Font Gallery

Font Gallery app showcases how different Font Families with their different variations (Style, Weight and Size) look. You could switch between light and dark modes and also compare different font families.

🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: Aditya (adeeteya)

❤️ Support the Project

If this project makes your life easier, here are a few quick ways to show some love:

⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests

🏷 Tags: #Android #Linux #Windows #Website #Utilities

#xmpp #im criticisms:

You can follow any advise on the client XMPP setup but the main issue with the protocol is not your endpoint. The issue is the is the XMPP protocol and related infrastructure.

There are two things you wana do

1. content of the message (privacy setup),
2. identity (anonymity setup)

Don't mistake those two things!!

Privacy
is ensured on XMPP with the OTR or OMEMO encryption. The issue is that the key exchange in between the communication parties is not foolproof. You both *MUST* check the fingerprints through a separate secure channel. This is in large scale not practiced. If you don't check it right, the underlying infrastructure of the XMPP allows the adversary to MITM you and read your messages.

2 Anonymity
is ensured with Tor here. Tor tries to conceal you IP only and nothing more. But Tor, as a low latency network, cannot protect you from revealing your behavioral patterns, your social graph, your login and log out time, the number of messages sent and received at any time, the sender and receiver of the messages, their precise volume and so on *from the XMPP server* and any adversary that can monitor that server.

Our advice is - don't use XMPP! if possible at all and use something more resistant like SimpleX, Briar, CWTCH... and similar solutions that mitigate those leaks and diminish or even make impossible those related attacks from the active as well as passive adversaries.

Various windows apps don't like being run as admin as well for the same reason: security. I think that various parts of play integrity are anti competitive and pointless from a security point of view, but checking if administrator/superuser/root/jailbreak is applied is a pretty common practice. Google chrome will check on windows for example if its being run as admin: https://www.ghacks.net/2025/05/16/google-chrome-will-not-launch-with-admin-rights-anymore-to-reduce-security-risks/
root/jailbreak checks are also a lot about anti piracy measures. Which has to be anti competitive as that's how copyright works. Competition with the samr movie cant legal
and windows has the same unlocked bootloader kind of checks with structures like denuvo. Only difference is naming