I agree it’s not provable that what’s running matches what’s in the repo. It’s pretty hard to prove that something isn’t happening, you’re right. You can always use a burner email, or a dedicated email for SN. Good call being skeptical. Practice good opsec everyone 

It is not provable that the software actually running the SN website is the one in the repository. It is not provable that they don't do any hidden data logging.

Do not trust, do not input email address, use Tor. 

0xIlmari

I made the changes myself :) you can review the source code, too! 