[EGreg]

I’ve been saying this for years — when people derided me on HN — that we need decentralization and open-source backends, because we are relying on pinky-promises. We need attestation that we can trust.

I have been building it, piece by piece. Some pieces have been recently featured (last week) in trusted security publications:

Safecloud: https://www.helpnetsecurity.com/2026/06/19/safecloud-browser...

Safebox and Safebots are coming too: https://safebots.ai/about

You won’t need to take anyone’s word for it. And in fact, end-to-end encryption will become unnecessary.

[edg5000]

We just need open source clients though right?

What does attestation have to do with this? Attestation means not giving me root to my own device. No thanks.

We need something universal, like email, but better engineered.

[EGreg]

I mean attestation of what’s running on the server. Did you click and read?

As for the client — the app store on iOS doesn’t allow reproducible builds.

Telegram tried something close for years, which is how I know they care: https://core.telegram.org/reproducible-builds

But it doesn’t matter because the metadata is equally important and useful to get you. And anyway, end-to-end encryption can be banned, or compromised by a new app update, or secretly removed via a backdoor for some, if you pressure one guy (eg @durov in France, or his team every time they pass through an airport). Read this article — it was my response to Moxie Marlinspike (of Signal fame) years ago when he was skeptical of decentralization:

https://community.intercoin.app/t/web3-moxie-signal-telegram...