[defen]

Isn't this an argument against putting any personal information into any app? Signal could turn malevolent tomorrow and start sending all your chats to their servers, which could have life-threatening implications for people vs just potentially being embarrassing.

[travisjungroth]

I put data into Google Docs knowing it lives on their servers. So there’s no problem there.

Signal has an open source client. Big difference for these claims.

[defen]

Do you compile your own open source client for your phone? Or do you install it from an app store? Most people are going to install it from the app store, so I believe my point still stands. What correlation is there between what's in the app store vs what is published in the open source repo? e.g. how do you validate that the app store client was compiled from a specific commit in the open source repo?

[travisjungroth]

The Signal Android app has (had?) reproducible builds. You can see what is on the site and in the App Store is the same as when built from source. One person doing this provides some confidence for everyone else.

Still, I’m less confident in saying any other company fulfill’s Matter’s promise than saying they aren’t.