zlacker

>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?

>>red_tr+G1
I think the argument would be that with end-to-end encryption this is unnecessary, which is good because it's impossible.

There's a counter-argument that there is still useful metadata a server can glean from its users, but it's certainly minimised with a good protocol... like the Signal protocol.