PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
20.10.2025 08:00
π 951
π 243
π¬ 43
π 63
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
Bluharmonishing
Haptishing
Jpgishing
:)
Just want these to exist outside my phone, amazing concert!
- This example covers image file formats, so other file formats will have other nuances. For instance, the "Convert Image" approach on macOS won't work for a PDF document.
- The image itself might contain personal information that is not related to the metadata (photos, specific signs, etc.)
Please keep in mind that:
- There are many edge cases, but if you create the images, it should be ok with the information on this thread.
- In Windows/Linux, removing metadata reliably might require extra tools if you want a Graphical User Interface (GUI)
Screenshot of a macOS computer when the example image is right-clicked and the option "Quick Actions", "Convert Image" is highlighted
The window of "Convert Image" on macOS with the option "Preserve Metadata" unchecked and enclosed in a box added after the screenshot was taken
A screenshot of a file explorer in macOS showing two files: "not_made_by_me clean.png" and "not_made_by_me.png"
Output of exiftool for the new created file without personal data
However, if using exiftool is difficult (or just annoying), there are other ways. For instance, in macOS, you can right-click the file, go to "Quick Actions", and select "Convert Image" to create a new version of the file; just uncheck the option "Preserve Metadata" and you should be good to go :)
A screenshot of a file explorer in Linux showing two files: "not_made_by_me.png_original" and "not_made_by_me.png"
Output of exiftool for the updated file without personal data
Ok, so back to the original file: if you are comfortable enough to run tools on the command line, exiftool, the one we used to check the existing metadata, can also remove it in a new version of the image. In this case by running "exiftool -all= not_made_by_me.png"
Output of exiftool for the file after downloading it from Signal without personal data
PAUSE! Before we get too stressed, let's say something actually good and helpful: if we send the picture over Signal or WhatsApp, this data will be deleted (mostly because the platform creates its own version of the picture, hopefully optimized). This example is for the same image on Signal
Output of the exiftool tool for the example image showing clear personal information, like the name of the author and a field called "Creator Tool" that has text describing that the author used Canva to create the image, alongside other information that seems like document and user id in Canva. The personal or identifiable information is redacted, and a surprised face emoji was added to that part of the output. Also, there are some fields that seem to have identification information, but their purpose is not clear: "Ads Ext Id" and "Ads Fb Id". A question mark emoji was added to that part of the output.
Now, if we use a tool for extracting the metadata in a more professional way (exiftool for the curious), we get this on the file (spoiler: π You can see my name, that I used Canva to create the image with documents and user id, and some other weird fields that I couldn't find much about π€)
The properties panel on Windows for the example image file, showing no evident metadata with personal information, except for a field called "Program name" with long text that can't be scrolled to check thoroughly. This field has a question mark added later to emphasize the lack of access to the metadata field.
Properties panel for the example image file on Linux showing a field called "Creator" with the name of the author of the thread. An emoji with a surprised face to the side, and a box enclosing the field for emphasis.
Properties panel for the example file on macOS showing no evident personal data in the metadata list, but a long text in a field called "Where from" that is redacted, over the redacted text, there is another text that says: Gibberish that could mean something when deobfuscated, like the username of the sender, recipient, etc. (For context, I sent this over Gmail to a Mac computer, so please, also consider that)
Let's take this image above (not_made_by_me.png), usual guidance says to right-click and then select Properties/Get Info to check the available metadata. Here is what it looks like for Windows, Mac, and Linux (Ubuntu in this case):
An example image that we will use over the thread
Let's talk metadata: Today, a friend of mine in a risky environment asked me how to make sure an image they designed is not traceable back to them, since it's been a while since the last time I checked "deeply", it was time for a refresh!!
- This example covers image file formats, so other file formats will have other nuances. For instance, the "Convert Image" approach on macOS won't work for a PDF document.
- The image itself might contain personal information that is not related to the metadata (photos, specific signs, etc.)
Please keep in mind that:
- There are many edge cases, but if you create the images, it should be ok with the information on this thread.
- In Windows/Linux, removing metadata reliably might require extra tools if you want a Graphical User Interface (GUI)
Screenshot of a macOS computer when the example image is right-clicked and the option "Quick Actions", "Convert Image" is highlighted
The window of "Convert Image" on macOS with the option "Preserve Metadata" unchecked and enclosed in a box added after the screenshot was taken
A screenshot of a file explorer in macOS showing two files: "not_made_by_me clean.png" and "not_made_by_me.png"
Output of exiftool for the new created file without personal data
However, if using exiftool is difficult (or just annoying), there are other ways. For instance, in macOS, you can right-click the file, go to "Quick Actions", and select "Convert Image" to create a new version of the file; just uncheck the option "Preserve Metadata" and you should be good to go :)
A screenshot of a file explorer in Linux showing two files: "not_made_by_me.png_original" and "not_made_by_me.png"
Output of exiftool for the updated file without personal data
Ok, so back to the original file: if you are comfortable enough to run tools on the command line, exiftool, the one we used to check the existing metadata, can also remove it in a new version of the image. In this case by running "exiftool -all= not_made_by_me.png"
Output of exiftool for the file after downloading it from Signal without personal data
PAUSE! Before we get too stressed, let's say something actually good and helpful: if we send the picture over Signal or WhatsApp, this data will be deleted (mostly because the platform creates its own version of the picture, hopefully optimized). This example is for the same image on Signal
Output of the exiftool tool for the example image showing clear personal information, like the name of the author and a field called "Creator Tool" that has text describing that the author used Canva to create the image, alongside other information that seems like document and user id in Canva. The personal or identifiable information is redacted, and a surprised face emoji was added to that part of the output. Also, there are some fields that seem to have identification informationm but their purpose is not clear: "Ads Ext Id" and "Ads Fb Id". A question mark emoji was added to that part of the output.
Now, if we use a tool for extracting the metadata in a more professional way (exiftool for the curious), we get this on the file (spoiler: π You can see my name, that I used Canva to create the image with documents and user id, and some other weird fields that I couldn't find much about π€)
The properties panel on Windows for the example image file, showing no evident metadata with personal information, except for a field called "Program name" with long text that can't be scrolled to check thoroughly. This field has a question mark added later to emphasize the lack of access to the metadata field
Properties panel for the example image file on Linux showing a field called "Creator" with the name of the author of the thread. An emoji with a surprised face to the side, and a box enclosing the field for emphasis.
Properties panel for the example file on macOS showing no evident personal data in the metadata list, but a long text in a field called "Where from" that is redacted, over the redacted text, there is another text that says: Gibberish that could mean something when deobfuscated, like the username of the sender, recipient, etc. (For context, I sent this over Gmail to a Mac computer, so please, also consider that)
Let's take this image above (not_made_by_me.png), usual guidance says to right-click and then select Properties/Get Info to check the available metadata. Here how it looks like for Windows, Mac, and Linux (Ubuntu in this case):
Android setting screen for Advanced Protection, after tapping the control to disable it and introducing biometric information, there is an overlay message saying "Restart your device? Device protection is now off. However, some features require a restart to turn them off." And two buttons: Restart and Restart later.
That said, when you try to disable any of these things, it offers you to disable the Advanced Protection mode altogether and it is not hard: biometrics and a restart that can be done later if you want. So it is promising for sure, but as it is implemented not bulletproof for physical access cases.
Android security settings screen for Play Protect, it shows the option "Scan apps with Play Protect" enabled in a way that is imposible to disable, and a message at the end stating "Advanced Protection requires that app scanning stays on to check for malware."
Android setting screen for Network Connectivity, in it the option 2G network protection is enabled, and the control to change the configuration is not usable. When tapping, there is an overlay image saying "Restricted by Advanced Protection. For your security, Advanced Protection requires this setting to remain on"
Enabling Android Advanced Protection on a Pixel from the stable update: very easy to activate, and I haven't noticed any usage problems or incompatibilities. The intrusion logging isn't there yet (so alert on that one), and I couldn't disable Play Protect or enable 2G networks as advertised.
IIRC they work but with currents that are below specification, so they do the job but can break easier or they need to be put in gentler settings (not too cold) for them to work
According to some of my electrical engineering teachers, it was known that people in my home country tied one cable to the tower's structure and another to a metal bar stuck in the ground some meters away to power refrigerators and lights effectively stealing power without major issues.
βThe truth is that a tattoo identifying Tren de Aragua does not exist,β she told me. βTren de Aragua does not use any tattoos as a form of gang identification; no Venezuelan gang does.β
Starting today, our chapter in Venezuela will be operating in exile. The growing threat to its members has made the situation too dangerous to remain in the country.
Our statement here β¬οΈ
Iβve posted a detailed explanation of why the claimed ESP32 Bluetooth chip βbackdoorβ is not a backdoor. Itβs just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/
Yea this would be physical
