Like 99% of users, I install Ubuntu from ready-made binaries.
How can I verify myself that those binaries are in fact from the original source code from Ubuntu?
It would be good to verify that NSA/someone has not collaborated with either Ubuntu or Linode (my VPS provider) to mess with the binaries. If we could verify the binaries, they would also be unlikely to attempt this in the first place as it would be easy to call them out on it.
Best Answer
You can download the sourcecode and compile it yourself. But wait - first you have to check that sourcecode, because if Canonical collaborated with the NSA, they probably have entered some code somewhere to allow for a keylogger or something that can be activated remotely.
So...
But wait - can you trust the compiler?