logoalt Hacker News

gruez06/16/20252 repliesview on HN

>Like checking out Signlas Open Source code.

What's preventing them from serving a backdoored version? xz was open source as well, that didn't stop the backdoor. There might be reproducible builds on android, but you can't even inspect the executable on iOS without jailbreaking.

Replies

mos_650206/17/2025

Signal designs their systems from the ground up to deliver verifiable trust mechanisms (via remote attestation) along with data minimization/zero-access encryption techniques.

Here’s one such example, which is also an interesting technical deep dive: https://signal.org/blog/building-faster-oram/

cherryteastain06/16/2025

You can instead install a FOSS fork of Signal like Molly [1] built by F-Droid directly from the source code

[1] https://molly.im/

show 2 replies