In open source projects handling user data in a secure manner can be managed, for example through encryption and password protected functionality. What I’d like to create is a way for the user to publish content, which can be read by other users, but not manipulated.
In case a program has some safeguards against tempering with user data, but is open source, there is the possibility for anyone with access to the source code to create a custom version of it without the safeguards. As a result a modified version of the code can be used maliciously.
I thought of a way to compare a checksum (generated by the published source code) with an internal checksum shipped with the program binary. Unfortunately this still can be bypassed the same way I was describing above; It seems I am thinking inside the box here.
Is there any way data of an open-source software can be protected from the usage of malicious versions like this?