I found this:

https://github.com/signalapp/Signal-Desktop/blob/main/reproducible-builds/README.md

Looks like they’re working on reproducibility, at least in the desktop app. That’s a little disappointing but i guess I’m happy they’re working on it.

Neat! And can this been done with signal or proton?

In the end i have to choose between some shady company or some guy with a homelab. I guess I’ll choose the one who isn’t financially incentivized to screw me over.

By this logic, can we trust any open source software, even if they claim to use some third party encryption? They could say they’re using a super secure encryption, even show it implemented in their open source code base, then just put the other, secret evil backdoor code base in production? Is there a way for any open source project to prove that the code in their open source repo is the code in production?

Okay Old Fashioned, but doesn’t open source encryption audited by a third party solve this problem? Signal protocol for example? Also proton, I’m guessing, but I’m too lazy to check