What is the solution here? The solution that minimizes damage involves everyone building from source and connecting in a peer to peer fashion that makes it pretty difficult to push a malicious update if you're looking for targeted surveillance.
However, even this requires an understanding government that isn't willing to poison the well in order to get to the target. A government that justifies dragnet (and whose agencies allegedly buy and sit on a stash of zero days) isn't something I'd trust to be bothered by the idea of leaving many people vulnerable in order to catch one bad guy.
I know it sounds trite but technology will not provide a full solution here. We need a lot of lobbying and a lot of PR to have any chance. Co-ordination will be very challenging when our goals very so wildly. But I guess we need to ask ourselves where we stand on this issue. Given we have difficulty getting almost half of the people to even bother registering and showing up to vote, this is an uphill task.
The obvious solutions is a federated protocol. There's no reason for Whisper or Google to be involved in routing messages except to own the system's concept of identity.
Trust in binaries is a harder problem, but reproducible builds is probably an important part of it. If several separate entities vouches for the binary, you have reason to believe what you run corresponds to be published source code.
