Yes, but that is why I said that it is actually very useful to people who need the security. Most people don't think they do, but those who actually do can ask help to build from source (which is not that hard).
> that is why I said that it is actually very useful to people who need the security
How is it useful to people who need the security but don't have the skills?
> those who actually do can ask help to build from source (which is not that hard).
It's not hard to people like us, but to the majority of people, it's simply not going to happen. No normal person is even going to consider building from source as a possibility, let alone ask for help to do it.
And who would they ask? A huge number of people don't have a suitable nerd friend, and they're not going to follow online instructions to do it. It's too intimidating and scary.
Besides, don't you think it's a bit much to expect everyone -- regardless of skill level -- to build everything from source just in case the binaries aren't built from the same source?
This is all why OSS does not, all by itself, do much to address security issues.
I think it's good to have open source clients, because it makes it easier to audit them. If you get your Signal client from F-droid, and competent people can compare the F-droid binary with the open, audited sources, then it's easier for you to trust the binary.
Of course competent people can reverse-engineer a proprietary binary, but that seems harder than having fairly reproducible builds.
Of course many people are not competent to make the audit by themselves, and therefore they need to trust someone.
And of course, OSS does not all by itself address security issues.
Still I am convinced that it helps.
> It's useless for people who don't have the ability to build from source, which is most people.
I strongly disagree with that. If you have an open source client and a reproducible build, then many competent people can audit the binary you provide on some store. Then most people can benefit from those third-party audits.