With reproducible builds like Signal does you can be sure the app you've downloaded matches the source code that's been audited:

https://github.com/signalapp/Signal-Android/blob/main/reprod...

While I agree reproducible builds are a huge part of the answer, if you get your builds from Google Play or the App Store you have no idea if anyone has reproduced the particular build that was served to your device.

A solution to this would be independent reproducible builds like F-Droid does, but Moxie rejected this citing it would cause them to lose control of the platform and install metrics Google and Apple provide. Always thought that was a weird position for a privacy tool.

Personally I would be more concerned about a vulnerability or backdoor in Intel SGX

there's no guarantee, but if the build is mass served - it's at least possible to find out. For closed source apps you may even not know

Do you check?

So what? The centralized owner owns the code repo too, so such a restriction doesn't stop anything.

Even if Instagram was open source, Meta could remove the E2E chat feature.

If it was open source people could fork.

But a fork wouldn't be installed on billions of people's devices.

Any community that cares could then at least make the right choice of client for their community. The masses never care, but what matters is that privacy is actually a choice.

FOSS is however a prerequisite to Kerckhoff's principle https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

At the risk of being pedantic, that's not exactly what the principle says. It's claim is that a cryptosystem should be secure even if everything about the system except the private key is public knowledge. It doesn't require that the system be public, only that the security of a non-public system shouldn't rely on it's non-public nature. A closed source cryptosystem designed to still be secure even if someone discovers how it works satisfies the principle just fine.

Those two claims are independent. Centralized FOSS software cannot do this, since you can audit the source, compile it, and use it that way.

Open source is not a requirement for security, sure, but it's much easier to secure OSS.

Having your own version of a chat program that supports E2EE doesn't mean much if everyone else's version of the app can handle it.

Unlike the proprietary stuff there isn't a strong built incentive to remove it.

One incentive is that it makes for a simpler user experience.

It's an even simpler user experience to just publicly publish all private information.

Can you imaging, I wouldn't even need to give my social security number to another org manually again. Anyone could just look it up. It would make things so easy for everyone.

It's a trade off. If someone wanted they could keep reducing security to improve the user experience, but a product having bad security will be problematic.

>Anyone could just look it up.

Most people's SSNs have already been leaked or stolen so it's just security theater to pretend they are still private information.

It's absurd that you're actually taking the position you are

The existence of security vs convenience trade offs is not absurd. Security isn't free to add to a product.

e2ee in Instagram would be absurd