Discussion
Are the APK files of #Signal messenger provided by https://signal.org/android/apk/ deterministically reproducible builds? If not, why do people trust that they aren't compromised builds? #privacy #security #asknostr #question
Try it. When you did not write a code yourself. How could you trust it? Somwhere comes the trust. Y tend to trust more on free software then propriatery. And more the more download it has. And the more the better I understand how their businessmodel works.
It costs a lot of money to run Signal. Yet the product is free. What measures has Signal put in place to demonstrate that they aren't a honey pot run by the US government? Reproducible builds would prove that the public source code is the exact code that was used to create the binaries, without any backdoors added. Does Signal provide verifiable reproducible builds? #security #signal #privacy #asknostr
They run on donations. Thousands of people, which donate a small amohnt to make sure the product will be free in the future as well. I donate 100chf a year.
What measures have you put in place to demonstrate you're not Russian FSB attempting to spread FUD, so people use less secure options and your spying attempts are easier? I mean, as long as we're asking questions here...
There would be no need for "trust" if Signal provided reproducible builds, because you could verify for yourself that the source code was not tampered with during the build process.
It is not a would. One only needs to search for it and you find it:
https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds
https://signal.org/blog/reproducible-android/
That's great.
Yes, the app is FLOSS yet, despite the extensive scrutiny done by coders there are many that feel they many be a honey pot as you do. SimpleX Chat fixes that, problem is, most people uses messengers openly known as government tools as WhatsApp Viber, Meta Messenger ,etc...
Signal has done some major progress on becoming more private, the latest was removing the mobile number need to use the app.
***What we need to know is, How is it funded:***
(pay attention to the OTF, this, IMO is the reason some feel uneasy):
Signal Messenger operates as a non-profit organization, relying on donations and grants to fund its development and maintenance. Here are some key funding sources:
1. Initial Funding: Brian Acton, co-founder of WhatsApp, donated $50 million to the Signal Foundation in 2017.
2. Donations: Signal relies on public donations from individuals and organizations to sustain its operations. As of 2020, Signal ran entirely on donations.
3. Grants: Signal has received grants from organizations such as the Knight Foundation, the Shuttleworth Foundation, and the Open Technology Fund (OTF), a US government-sponsored initiative.
4. Subsidies: Signal's parent organization, the Signal Technology Foundation, receives subsidies from the Signal Foundation, which is funded by donations and grants.
Signal's non-profit status and open-source nature ensure that the app remains free and accessible to users worldwide, without the need for advertising or data monetization. The organization's commitment to user privacy and security is reflected in its mission to "protect free expression and enable secure global communication through open source privacy technology."
But the OTF funds projects well known in the CyberSecurity world, even Tails, so I wouldn't worry much, if privacy maxi, use SimpleX Chat, or Session App, IMO hands down best
privacy and adoption is growing, even non tech savvy individuals can be on boarded easily
**#What is known of OTF?**#
Open Technology Fund (OTF) funds a variety of projects focused on internet freedom, digital security, and privacy. Some examples of projects funded by OTF include:
Technology development and implementation projects, such as:
+ Secure operating systems (e.g., Qubes and Tails)
+ Anonymizing browsers (e.g., Tor)
+ Encrypted message services (e.g., Signal)
+ VPN and circumvention solutions for users in highly restrictive censorship environments
Research projects, including:
+ Analysis of novel online censorship and surveillance techniques
+ Exploration of solutions to address these threats
Digital security projects, such as:
+ Security audits for open-source projects (e.g., Cryptocat, Commotion Wireless, TextSecure, GlobaLeaks, MediaWiki, OpenPGP.js, Nitrokey, Ricochet, and Signal)
+ Bug bounty programs (e.g., for The Tor Project)
Convenings and community learning initiatives
Support for user costs for open-source projects and communities
Emergency support for journalists, human rights defenders, and civil society organizations facing digital threats and attacks
OTF also provides ongoing project support for activities such as security audits, usability and user safety, translations, and community learning. Additionally, the fund offers matching donations for auditing non-OTF-supported projects that are in use by individuals and organizations under threat of censorship/surveillance.