[riedel]

Open source would not help without the reproducible builds of Signal (I wonder who check them on each release?). And only builds like Molly include no binary blobs of Google [1], which could IMHO at least be used to extract some metadata. Leaving the OS still as a risk, even for Molly or Matrix clients. Even with transparency around linked devices, I would believe that few people would notice silently linked devices. Simplest thing is I guess social engineering which happened in a coordinated attack on Signal messagers of German politicians recently (I guess there should be an official signal app version not supporting linked devices for such people) [2].

[1] https://news.ycombinator.com/item?id=46081855 [2] https://www.politico.eu/article/hackers-attack-phone-of-germ...

[adrianN]

Politicians should probably not use Signal but something that is controlled by the government and for example doesn’t allow „accidentally“ deleting incriminating messages.

[rurban]

If politicians would be effectively controlled by the government and not by some independent party those mysterious, oops, accidentally deleted it problems would increase.

[librasteve]

oh dear, my phone was stolen - Morgan McSweeney

[ranger_danger]

> controlled by the government

So they can spy on them directly?