Oddbean new post about | logout

Notes by J6 | export

J6 | 1 months ago (raw) | full thread | reply | flag 
 Are the copies of #Signal messenger provided by the #Google #PlayStore or #iOS #AppStore deterministically reproducible builds? If not, why do people trust that they aren't compromised builds? #privacy #security #asknostr #question
J6 | 1 months ago (raw) | root | parent | reply | flag 
 Are the APK files of #Signal messenger provided by https://signal.org/android/apk/ deterministically reproducible builds? If not, why do people trust that they aren't compromised builds? #privacy #security #asknostr #question
J6 | 1 months ago (raw) | root | parent | reply | flag 
 It costs a lot of money to run Signal. Yet the product is free. What measures has Signal put in place to demonstrate that they aren't a honey pot run by the US government? Reproducible builds would prove that the public source code is the exact code that was used to create the binaries, without any backdoors added. Does Signal provide verifiable reproducible builds? #security #signal #privacy #asknostr
J6 | 1 months ago (raw) | root | parent | reply | flag 
 There would be no need for "trust" if Signal provided reproducible builds, because you could verify for yourself that the source code was not tampered with during the build process.
J6 | 1 months ago (raw) | root | parent | reply | flag 
 https://signal.org/blog/reproducible-android/

That's great.