I am not comfortable that signal depends proprietary google library. However, I find that Molly lags significantly behind signal (around 1 to 2 weeks, so maybe not as significant as I thought), but I am just concerned that if there is a security fix in signal, molly will not be able to react as fast.
I am also quite frustrated with the general lack of communication from the signal team (for example the lack of communication regarding username). I doubt they will have the good will to help molly when there is a critical security fix.
It is frustrating that signal no longer seems like the gold standard for privacy any more; unfortunately, all my friends are on there (ironic, isn’t it…).
I love Signal, and I have persuaded people to use it a lot. That said, it is definitely not the gold standard for privacy. It’s a good-enough compromise between actual unbreakable encryption and trivial for anyone to use. It’s always been valuable for that reason, and still is.
Don’t worry about Molly - it uses a variation of the same code that Signal does, so they don’t need “help” to get critical fixes that Signal receives. Use it if you like it!
The actual gold standard for privacy would be logging in through TOR and sending GPG-encrypted messages that way. And there’s an app which does this, too - it’s called Briar. (No phone number needed, either!) It’s not as seamless to set up as Signal is, though.
And there’s an app which does this, too - it’s called Briar.
Cool I had not heard of this, thanks!
Very nice!
Should note that their GitHub says:
We update Molly every two weeks to include the latest features and bug fixes from Signal. The exceptions are security issues, which are patched as soon as fixes become available.
I’m not sure on their track record, but if their claims are true, this could be a fine, secure client.
Molly, like Signal, uses Google’s proprietary code to support some features.
Right at the top of the Molly page.
AFAIK, they have a FOSS variant
To support a 100% free and auditable app, Molly comes in two flavors: one with proprietary blobs like Signal and one without. They are called Molly and Molly-FOSS, respectively. You can install the flavor of your choice at any time, and it will replace any previously installed version. The data and settings will be preserved so that you do not have to re-register.
Also the line right after your quote:
Versions
Molly, like Signal, uses Google’s proprietary code to support some features.
Molly-FOSS is the community effort to make it 100% free and open-source.
For some reason I also was able to get most of my friends and family on Signal and just a year later I set up Matrix and now nobody wants no move anymore.
my god, what is your secret to getting people on Signal?
It used to be - this is an improved texting client. Then they removed SMS, and I think people are drifting away which sucks.
As a “absolutely few apps as possible” person, I would be long gone if there was a working alternative.
I found Element with SMS bridges came close, but was never as reliable as I need.
I guess I was just persistent and very lucky that WhatsApp did some changes so some of my family members were upset and then a group of friends were looking for something to include people who are not on facebook so I proposed it, etc.
XMPP or Matrix. I’m on Matrix only because I have my family there and I was there before I knew of XMPP and at this point I can’t turn that boat.
Signal was/is (idk if they still are) into crypto, they don’t let you run your own server or client, and they have a proprietary shim in place to combat spam (or so they say, it can’t be audited because it’s proprietary).
I was all in on Signal until the above.
@baseless_discourse The gold standard has always been XMPP. It’s the IETF Internet Standard for messaging, no walled gardens, ability to self-host, no phone numbers required and modern clients use the same end-to-end encryption protocol as Signal does.
Is there a community for XMPP? I would like to know what clients people use on iOS. So far I found them all to be pretty insufficient.
@matricaria There is a community around XMPP. Of course you will find most of them in public XMPP channels, but many are also active in the Fediverse/Mastodon. I don’t have any Apple devices, but a few of my friends use Monal ( @Monal ) which seems to be the most reliable client on iOS currently.
It’s not the same encryption, it’s based on the same double ratchet design that’s it
What’s your threat model?
Signal as a gold standard for encrypted messaging is based on many factors. Ease of use, UI/UX, protocol, platform support and so on.
Even though I’m a hard core FOSS person I’m also a realist. Sticking to a common platform is worth a lot. Bridging stuff with Matrix is cool but will not take off among most people.
Signal using Google blobs is a problem but let’s face it, the UI will be presented on a Google branded Android phone or a iOS device anyhow. Sure you can use GrapheneOS and Molly or you can switch to another app altogether but heck you’ll have no other to talk to then.
- Rikudou_Sage ( @rikudou@lemmings.world ) English2•11 months ago
I’ve been using it for close to a year because I can’t link Signal to my desktop using QR code, Molly allows to provide the link directly and thus I use it. Everything works great.
I use molly and it seems to be fine. You do make a fair point about a delay like that but i am not personally that concerned. If it were a month or more i would be apprehensive, but not a couple weeks.