Engineer with beard.
Joined January 2018
- Tweets 1,782
- Following 894
- Followers 177
- Likes 441
189 Photos and videos
Jun 10
Has no one verified @telegram iOS reproducible builds since 2023? 😳
They recommend using darwin-containers, but it only supports macOS ≤13.6, while the current Telegram.ipa is built on macOS 26
Also requires patching Xcode to downgrade MetalToolchain to match Telegram’s build
1
47
Jun 10
I've verified it for you: Telegram iOS builds are reproducible ✅
github.com/BarbossHack/repro…
1
31
Jun 3
With the latest update, when @signalapp messages expire, they are immediately deleted from the local database. Previously, this cleanup could be delayed by several days, leaving data temporarily recoverable.
Forensic operations can no longer retrieve expired messages.
1
90
May 18
The F-Droid variant of @olvid_io was verified as reproducible ✔️
github.com/BarbossHack/repro…
1
65
Feb 2
The @ProtonMail android app has been open-sourced again after six months. I still need to check the reproducibility of all the past releases 👌
Jan 31
It's been 6 months since @ProtonMail (android app) stopped being open-source ⏳
1
1
254
BarbossHack retweeted
Mar 26
I finally found the time to check it: the @fdroidorg reproducible builds process is flawed, and currently Element X is not reproducible (neither the Playstore nor the F-Droid variant)
1
120
Mar 8
It looks like no one is actually testing @telegram reproducible builds against Play Store APKs. I found errors in their bundle process, and their apkfrombundle script always returns "APK has difference!"
(don't get me wrong: no backdoors, just a broken bundle process)
107
BarbossHack retweeted
Feb 17
✨ La Quête d’Ewilan débarque en série animée !
Fidèle adaptation du roman de Pierre Bottero, à découvrir dès maintenant sur France.tv et Okoo (France), Auvio (Belgique) et Play RTS (Suisse).
🌀 Propulsée dans le monde de Gwendalavir à seulement 13 ans, Camille voit son destin basculer et apprend la vérité sur ses origines.
Cette sortie marque le tout premier chapitre de la collaboration entre Ankama Animations et Andarta Pictures. ❤
21
150
778
33,783
Jan 31
It's been 6 months since @ProtonMail (android app) stopped being open-source ⏳
31 Dec 2025
It's been 5 months since @ProtonMail stopped being open-source ⏳
1
812
Jan 31
Je vois bcp de gens débattre autour du sujet de contrôle des VPN
J'ai l'impression que ce sujet nous fait avant tout oublier le projet de loi adopté à l’Assemblée nationale, imposant une vérification de l’âge sur les réseaux sociaux.
Habile.
3
12
4,327
Jan 20
If you want to verify @signalapp’s 𝐫𝐞𝐩𝐫𝐨𝐝𝐮𝐜𝐢𝐛𝐢𝐥𝐢𝐭𝐲, don’t just run their apkdiff script. You must also verify 𝐥𝐢𝐛𝐬𝐢𝐠𝐧𝐚𝐥 (not checked by apkdiff).
That’s where all the network & cryptographic operations are implemented❗️
Both are currently reproducible ✅
145
31 Dec 2025
It's been 5 months since @ProtonMail stopped being open-source ⏳
23 Nov 2025
Ok, so @ProtonMail is not open-source anymore?
- No updates in the past 4 months (since July 31).
- They're making it look active on GitHub by publishing fake releases/tags that point to a four-month-old, outdated version.
Is this a big red flag 🚩 @ProtonPrivacy?
1
800
19 Dec 2025
The @signalapp precompiled libsignal-client library has just been moved from maven.org to signal.org
It is still not signed, but at least it’s reproducible, and self-hosting the repository will help prevent backdoors from third parties 👍
233
BarbossHack retweeted
4 Dec 2025
Status of reproductible Builds for open source Messengers (Matrix, Session, Signal, Telegram...) - Project by @BarbossHack #OSS #Infosec
ALT Table with status of reproductible builds for open-source messenger applications
1
2
2
309
BarbossHack retweeted
24 Nov 2025
We are upgrading our #relay encryption algorithm for improved security. In upcoming releases, Arti and #Tor will both support a new encryption algorithm called Counter Galois Onion (CGO). CGO prevents attackers from tampering with encrypted traffic, adds forward secrecy, and brings Tor's encryption up to modern standards. blog.torproject.org/introduc…
10
144
620
31,541
23 Nov 2025
Ok, so @ProtonMail is not open-source anymore?
- No updates in the past 4 months (since July 31).
- They're making it look active on GitHub by publishing fake releases/tags that point to a four-month-old, outdated version.
Is this a big red flag 🚩 @ProtonPrivacy?
1
3
2,882
17 Nov 2025
Is the @mullvadnet Browser still relevant given @firefox’s new anti-fingerprinting features in version 145.0?
1
1
539