refalo

Indeed... I was not trying to imply that it was.

Indeed... for example OTF (who is funded by US Congress) has provided funding for several large open source projects like Signal, Tor, F-Droid etc. and some have taken this to mean they might be compromised... but of course there's no actual proof of that to my knowledge. And even in the linked article the author appears to use a bunch of half-truths and just straight up makes things up that don't actually exist in the sources they say contain what he writes (example: OTF/Congress is not the CIA).

Personally I don't have any suspicion or reason to believe they might be compromised, but if such proof ever did come around... I wouldn't be surprised.

Yes, but this is often not an option for non-developers

Do you know of an equivalent to https://reproducible-builds.org/citests/ for Android/F-Droid packages? I'd like to see some public verification of these reproducible builds, especially Signal.

not google

This is not true... play store now requires you to give up your signing keys to google so they can sign the app themselves after injecting whatever they feel like. F-Droid does the same because they also compile your apps for you. Another reason some don't trust F-Droid (or Signal, Tor and a bunch of other free/open source software for that matter) is that they received funding from OTF which is funded by the US government and some people don't like that. And yes I know computers and the internet also came from the government /shrug

I have no skin in this game, I am not intentionally trying to spread any FUD (but I realize some people will still claim so, they are free to do so), just relaying information I have seen elsewhere. Happy to provide sources if anyone likes.

what about DivestOS?

I disagree... I have no problems going without it. Could you give some reasons why you think avoiding snaps is not an option anymore?

As an outsider with no skin in anyone's game, I find it a bit disingenuous to say that one person's interpretation of subjective terms is somehow less "correct" than anyone else's.

https://swift.org/

Swift is a fast, modern, and safe language for iOS, macOS, and other Apple platforms.

Of course if you're not blocking js entirely but using something like port authority, then that can potentially be detected and used against you just like I mentioned, so yeah it's a tradeoff you just have to decide on based on your own individual threat model.

Friendly reminder that Signal on Android contains proprietary code (google play services), and the server software is rumored to be closed now and/or not what they are actually using due to a lack of updates for a prolonged period. Of course it's just a rumor and I have no way to verify that, but thought it was worth mentioning (hope this doesn't count as FUD).

Molly-FOSS seems to be the preferred mobile alternative client.

Here's a counter-argument to yours... disabling javascript can actually make you stand out like a glowing sun. Just like how ad-blockers can be used for fingerprinting, the fact that you're not loading any JS, or any resources it might have fetched, can greatly increase your fingerprint. Along with combining TLS fingerprinting, HTTP headers and HTML/CSS tricks you can still be singled out pretty well without any JS. The fact that you have JS disabled automatically puts you in a very small list of people, so not as many data points are even needed for an accurate fingerprint.