For most: yes, there is a risk that the vendor has included a backdoor. There is also the risk that they are straight-up lying about how their service operates.

For Signal in particular: You can verify that their claims are true because you can audit the source code.

The Signal client is open-source, so any interested parties can verify that it is A) not sending the user’s private keys to any server, and B) not transmitting any messages that are not encrypted with those keys.

Even if you choose to obtain Signal from the Google Play Store (which comes with its own set of problems), you can verify its integrity because Signal uses reproducible builds. That means it is possible for you to download the public source code, compile it yourself, and verify that the published binary is identical. See: https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

You might not have the skills or patience to do that yourself, but Signal has undergone professional audits if anyone ever discovers a backdoor, it will be major news.

You are more likely to be compromised at the OS level (e.g. screen recorders, key loggers, Microsoft Recall, etc.) than from Signal itself.

Last I checked, there is still no way for developers to use RCS on Android, so it’s a non-starter for me. I do not and will not limit myself to first-party apps.

Please correct me if I’m wrong. If there’s an open-source RCS-compatible messaging app out there, I’d love to try it.

One reason is that Python is not built-in on macOS anymore, so it’s hard to justify using it for management scripts. Particularly when you do not have control of the execution environment to begin with. I’ve written some obnoxiously complicated bash (or zsh) scripts because I want to make sure it will run on a vanilla Mac with no additional dependencies. 10 years ago I would’ve done all that stuff in Python, but not anymore. Thanks, Apple!

From a technical perspective, sure, I could push out a portable python environment and it wouldn’t affect the rest of the system. But that comes at a cost. I don’t want to fight for it, and I don’t want to be responsible for maintaining it. It’s easier to just use bash/zsh.

Python is also too heavy for some embedded devices. Not sure if I can count on Amber scripts to run in a busybox environment but maybe?

That said, if the question is “is it worth learning a whole new thing when I already know bash/zsh”, I am not so sure. But in principle, I dig it, regardless of how practical it is with my specific background and needs. I mean, if I learned about this 20 years ago I feel like I might still be reaping rewards.

Kagi actually does have an anonymous authentication option. https://blog.kagi.com/kagi-privacy-pass

I get that they don’t want to deal with Google Play

Was that the reason? Shame they didn’t just leave it on F-Droid and GitHub then. Nobody needs to use Google Play (at least not yet…)

I used to use Filen for this, but it never worked very well. The file provider path it returned to Keepass2android was only temporary, so it would break periodically. Did Filen change how that works?

I eventually started using Syncthing instead. I connect to my home wi-fi often enough that it’s never too far out of sync with my home PC. And since it’s a local file, there’s no issue with using absolute paths.

You should probably report that to the browser developer. Sounds like their tracker filter has a bug causing false positives.

Thanks for the info. I have not really tested Seedvault myself so this is all good to know.

Ironically, one of the main reasons I switched to GrapheneOS was because Google’s backups were so frustrating and I was hoping Seedvault would be more comprehensive.

What’s wrong with Seedvault?

I jumped on a lifetime deal they had a few years back. I mostly use it via the web UI and Android app, so I cannot comment on desktop or CLI client functionality.

The Android app is “okay”, but not great. Background photo sync doesn’t work consistently; I need to manually launch the app periodically to jog it. I know Android is kind of aggressive about background services, but other apps do this better so I think this is on Filen. Perhaps they should run a permanent notification to stay alive 24/7, like Syncthing does?

As with pretty much every other cloud storage app, it does not let me sync arbitrary folders/files, only photos and videos. *sigh*

It uses Android’s file provider API, so you can open and save files in most apps directly from/to Filen. However, this only seems to work for one-time use, not for apps that need to regularly open/save the same file. For example, when using Keepass2Android, you can have it store your password database on a cloud storage service. This works pretty well with Google Drive, but with Filen it loses the connection frequently because the pseudopaths the API returns are not stable over time (which makes sense, I guess, and is one more reason I want arbitrary local file sync instead). Personally, I went back to storing my Keepass database locally and then periodically backing it up rather than keeping it on live cloud storage.

It’s one of the cheapest E2EE cloud storage services I’ve seen (definitely the cheapest for me with the lifetime promo I got), and the core functionality of uploading and downloading files (and folders) works. That’s good enough for me to give it the thumbs-up.

But here’s the really funky bit. If you ask Claude how it got the correct answer of 95, it will apparently tell you, “I added the ones (6+9=15), carried the 1, then added the 10s (3+5+1=9), resulting in 95.” But that actually only reflects common answers in its training data as to how the sum might be completed, as opposed to what it actually did.

This is not surprising. LLMs are not designed to have any introspection capabilities.

Introspection could probably be tacked onto existing architectures in a few different ways, but as far as I know nobody’s done it yet. It will be interesting to see how that might change LLM behavior.

There are a handful on non-default apps I’ve used across my last 3-4 distros at least:

• mpv - the best video player, period. Minimalist UI, maximalist configuration options. I’ve been using it for many years across many OSes and at this point everything else feels wrong.

• Geany - My favorite GUI text editor on Linux.

• Foliate - the simplest eBook reader I’ve found.

• Strawberry - It’s “fine”. Honestly, I’ve never found a music player on Linux that I really liked. I keep falling back to Strawberry because it’s familiar and generally works as expected.