Molly v.s. Signal

FlappyBubble, 10 months ago

What’s your threat model?

Signal as a gold standard for encrypted messaging is based on many factors. Ease of use, UI/UX, protocol, platform support and so on.

Even though I’m a hard core FOSS person I’m also a realist. Sticking to a common platform is worth a lot. Bridging stuff with Matrix is cool but will not take off among most people.

Signal using Google blobs is a problem but let’s face it, the UI will be presented on a Google branded Android phone or a iOS device anyhow. Sure you can use GrapheneOS and Molly or you can switch to another app altogether but heck you’ll have no other to talk to then.

jvrava9, 11 months ago

Matrix

ozoned, 11 months ago

XMPP or Matrix. I’m on Matrix only because I have my family there and I was there before I knew of XMPP and at this point I can’t turn that boat.

Signal was/is (idk if they still are) into crypto, they don’t let you run your own server or client, and they have a proprietary shim in place to combat spam (or so they say, it can’t be audited because it’s proprietary).

I was all in on Signal until the above.

pabloscloud, 11 months ago (edited 10 months ago)

For me Molly works but one can’t use Signal betas (obviously) and backups are currupted for me for months.

baseless_discourse, 11 months ago

I see similar complains in their issues. That unfortunately sounds like a deal breaker…

maroudava, 11 months ago

There’s a FOSS fork of Signal which removes Google dependencies from the software.

Signal-FOSS

A fork of Signal for Android with proprietary Google binary blobs removed. Uses OpenStreetMap for maps and a websocket server connection, instead of Google Maps and Firebase Cloud Messaging.

github.com/tw-hx/Signal-Android

baseless_discourse, 11 months ago

Is there any advantage of using this instead of molly?

zorbse, 10 months ago

Hasn’t been updated in a year and is over 3000 commits behind Signal. I wouldn’t use

jabberati, 11 months ago

@baseless_discourse The gold standard has always been XMPP. It's the IETF Internet Standard for messaging, no walled gardens, ability to self-host, no phone numbers required and modern clients use the same end-to-end encryption protocol as Signal does.

matricaria, 11 months ago

Is there a community for XMPP? I would like to know what clients people use on iOS. So far I found them all to be pretty insufficient.

jabberati, 11 months ago

@matricaria There is a community around XMPP. Of course you will find most of them in public XMPP channels, but many are also active in the Fediverse/Mastodon. I don't have any Apple devices, but a few of my friends use Monal ( @Monal ) which seems to be the most reliable client on iOS currently.

ninchuka, 10 months ago

It’s not the same encryption, it’s based on the same double ratchet design that’s it

Anticorp, 11 months ago

Molly, like Signal, uses Google’s proprietary code to support some features.

Right at the top of the Molly page.

baseless_discourse, 11 months ago (edited 11 months ago)

AFAIK, they have a FOSS variant

To support a 100% free and auditable app, Molly comes in two flavors: one with proprietary blobs like Signal and one without. They are called Molly and Molly-FOSS, respectively. You can install the flavor of your choice at any time, and it will replace any previously installed version. The data and settings will be preserved so that you do not have to re-register.

Also the line right after your quote:

Versions

Molly, like Signal, uses Google’s proprietary code to support some features.

Molly-FOSS is the community effort to make it 100% free and open-source.

rikudou, 11 months ago

I’ve been using it for close to a year because I can’t link Signal to my desktop using QR code, Molly allows to provide the link directly and thus I use it. Everything works great.

an0nym0us, 11 months ago

“prosperity”

Do you mean proprietary?

baseless_discourse, 11 months ago

Sorry, i think it is fixed.

Platform27, 11 months ago (edited 11 months ago)

Should note that their GitHub says:

We update Molly every two weeks to include the latest features and bug fixes from Signal. The exceptions are security issues, which are patched as soon as fixes become available.

I’m not sure on their track record, but if their claims are true, this could be a fine, secure client.

SteleTrovilo, 11 months ago

I love Signal, and I have persuaded people to use it a lot. That said, it is definitely not the gold standard for privacy. It’s a good-enough compromise between actual unbreakable encryption and trivial for anyone to use. It’s always been valuable for that reason, and still is.

Don’t worry about Molly - it uses a variation of the same code that Signal does, so they don’t need “help” to get critical fixes that Signal receives. Use it if you like it!

The actual gold standard for privacy would be logging in through TOR and sending GPG-encrypted messages that way. And there’s an app which does this, too - it’s called Briar. (No phone number needed, either!) It’s not as seamless to set up as Signal is, though.

hoodlem, 11 months ago

And there’s an app which does this, too - it’s called Briar.

Cool I had not heard of this, thanks!

nimbus5000, 11 months ago

@hoodlem

You can also do private groups, forums, and blogs on #Briar.

@SteleTrovilo

hoodlem, 11 months ago

Very nice!

lengsel, 11 months ago

Do you know about SimpleX?

@Nimbus @SteleTrovilo

hoodlem, 11 months ago

@lengsel not.coffee I did not, super interesting.

lengsel, 11 months ago

I gave up Briar for SimpleX, as really good as Briar is, because of only having one ID. On SimpleX, if you enable incognito, it will create a new random ID for each new contact that you message, so no 2 persons will see the same ID for you, they each see you as a different name.

Also SimpleX is on iOS and Android, Briar is only for Android, and SimpleX does calling with contacts.

muhyb, 11 months ago

How do you backup SimpleX? Considering you changed your phone or factory reseted, can a normal person continue to contact their previous list? They don’t have a problem with Signal since it uses the phone number. Can I convince my family / friends on SimpleX, as I barely managed it on Signal? Because SimpleX looks much nicer and I’d love to use it.

lengsel, 11 months ago

In SimpleX app settings, if you have already set a database passphrase, you can do a data backup or export to a file, when SimpleX is installed again, you import database.

muhyb, 10 months ago

I see, thanks for the reply. I guess this is still not so viable for tech-illiterate people, unless the devs find an optional and more streamlined process for this. I barely made people use Signal, they couldn’t managed Matrix for example.

lengsel, 10 months ago

Let them stick with Molly/Signal, that will give them a lot of privacy, and nothing for them to figure out how to use.

Leave SimpleX for people more skilled to handle how to do configurations. SimpleX does have superior privacy over Signal, but mabe they can't do SimpleX. Take it in stages with what they can handle, don't jump to the end.

I'm not willing to Matrix and I don't recommend anyone use it if they wat privacy and anonymity. I'm content only using Molly and SimpleX with everybody I know and no other apps or messaging services.

muhyb, 10 months ago

I agree. Though I think 1v1 on Matrix is fine if encrypted prior, but I mostly use Matrix as tech news/forum. Federated services are not good for privacy anyway, they are not meant to be.

Currently I tell people to install Signal if they want to message me, I guess it would be a couple people for SimpleX. Most of my Signal list came when WhatsApp ToS made it to the news, some of them uninstalled Signal after a while but I’m okay with it. Well, I’m happy with Molly-FOSS for now. I would love to use SimpleX but it’s something.

lengsel, 10 months ago

I wish Mastodon had encrypted DM's. I've been focusing on using Mostodon as my main place for media.

I can't find a Matrix client in F-Droid to use because when I turn off all of the anti-features, it seems Matrix is not an option to install something.

Have you not tried SimpleX yet? If not, I would suggest when the new release for 5.2 is in F-Droid you should install it. I could give you an invite link to message there but I don't want others on here using the link.

muhyb, 10 months ago

That’s a wanted feature I guess but I doubt if they will implement it.

Did you check FluffyChat? Not sure about all the anti-features though.

Well, I installed it some time ago but haven’t really used it. Thanks for the offer but no need to expose your privacy here, even with incognito mode. I must try it with someone I know first anyway.

lengsel, 10 months ago

I'm registered with FluffyChat, it seems fine.

muhyb, 10 months ago

Just wondered by the way, what feature about Element you do not like?

lengsel, 10 months ago

I think my dislike comes from the hype about Matrix being federated so people think it's safe, the fact that a company owns the matrix protocol, seeing the various apos that have non-free dependencies, when I looked before it seemed alk personal Matrix history is permanent, it seemed to be a combination of not the freedom people think it is and no clear sense of what the purpose of matrix is for, but don't now that I had an account previously to validate all of that.

If you want, we could talk on matrix but we both post our ID's here publicly to make sure it matches who we message on there?

muhyb, 10 months ago

I guess that’s a common misconception with the federated services. Yes you can own your data if you join the federation with your own server, but once you write something on a community, it’s federated and on other servers from that moment. This is the best way to keep forums intact as long as possible, so years later someone can check those and find whatever they searched for. Reddit was great as a forum however after the recent incidents people deleted their posts and unless someone recorded that page on web archive before you won’t find anything when someone redirects you there. What people should know here, federated services are meant to be anonymous, not private.

Again, no need to expose anything here, and well, I’m not much of a talker anyway. :)

It’s fine to talk here, as long as it isn’t something personal.

lengsel, 10 months ago

This might be of interest to you https://mastodon.social/@simplex/110776953058906725

muhyb, 10 months ago

There is also a desktop app now? That’s great. Thanks for the info. I’m looking forward to it.

lengsel, 10 months ago

I'm planning to watch it and ask a question.

shortwavesurfer, 11 months ago

I use molly and it seems to be fine. You do make a fair point about a delay like that but i am not personally that concerned. If it were a month or more i would be apprehensive, but not a couple weeks.

jeena, 11 months ago

For some reason I also was able to get most of my friends and family on Signal and just a year later I set up Matrix and now nobody wants no move anymore.

delollipop, 11 months ago

my god, what is your secret to getting people on Signal?

jeena, 11 months ago

I guess I was just persistent and very lucky that WhatsApp did some changes so some of my family members were upset and then a group of friends were looking for something to include people who are not on facebook so I proposed it, etc.

jmp242, 11 months ago

It used to be - this is an improved texting client. Then they removed SMS, and I think people are drifting away which sucks.

Gleddified, 11 months ago

As a “absolutely few apps as possible” person, I would be long gone if there was a working alternative.

I found Element with SMS bridges came close, but was never as reliable as I need.