Try it. When you did not write a code yourself. How could you trust it? Somwhere comes the trust. Y tend to trust more on free software then propriatery. And more the more download it has. And the more the better I understand how their businessmodel works.
Are the APK files of #Signal messenger provided by https://signal.org/android/apk/ deterministically reproducible builds? If not, why do people trust that they aren't compromised builds? #privacy #security #asknostr #question
Discussion
It costs a lot of money to run Signal. Yet the product is free. What measures has Signal put in place to demonstrate that they aren't a honey pot run by the US government? Reproducible builds would prove that the public source code is the exact code that was used to create the binaries, without any backdoors added. Does Signal provide verifiable reproducible builds? #security #signal #privacy #asknostr
They run on donations. Thousands of people, which donate a small amohnt to make sure the product will be free in the future as well. I donate 100chf a year.
What measures have you put in place to demonstrate you're not Russian FSB attempting to spread FUD, so people use less secure options and your spying attempts are easier? I mean, as long as we're asking questions here...
There would be no need for "trust" if Signal provided reproducible builds, because you could verify for yourself that the source code was not tampered with during the build process.
It is not a would. One only needs to search for it and you find it:
https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds
https://signal.org/blog/reproducible-android/
That's great.