Oddbean new post about login | logout I've heard of Molly for a couple years now but have never bothered to try it out. What is there to harden in Signal? Losing Gighy?
https://molly.im/ https://image.nostr.build/21b917fcc6d0c38450f35bdb942ca2c1ed4a03d559cbd2ee11f8e6f84a69c3af.jpg
#molly is a fully foss hardened fork of signal. i both use and recommend it. it's more signal than signal™ #foss #floss #opensource #commsec #cybersecgirl nostr:nevent1qqs8jurc7rts9jqzt6kg2xf3knr90ngslzpgy39qmck7gdyy89xre7cpzemhxue69uhkzarvv9ejumn0wd68ytnvv9hxgq3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqz8ymw5e
Have you looked into XMPP? https://takebackourtech.org/xmpp-comeback/
yes, i love jmp.chat https://jmp.chat/faq
I had hoped that Molly would continue supporting SMS so I could have possibly gotten some family members to use Signal for "texting" (plus I'd know my SMS were encrypted at rest). It was really great to have conversations opportunistically use an e2ee protocol when possible, without the user having to think about anything. Sadly, Molly also abandoned that feature, just like Signal. I would have switched clients in a heartbeat, too. Missed opportunity. Seems unlikely that they'll switch the code back at this point. 😐
i hear you. it was a polarizing decision. still, signal is good for normies, and for privacy folks, i recommend molly over signal
Sadly all the family members that I converted to Signal over the years went back to SMS. It was years of effort and making small improvements down the drain. If I go through all that level of effort again, I am going to do it with something where there's not a monoculture of clients. I've learned my lesson there. No matter how much I think a developer has my back, it's just not worth the risk. 😞
I can't trust myself on these things but the normies I talked to found the SMS integration confusing. I think it's for the best there's a clear distinction that "this messaging app is different". People are used to use different communication channels all the time, not that hard.
That may be true for privacy advocates, but many people are not used to different apps for what they see as the same thing (texting). They don't get why they have to use a different app to talk to me when this other one works fine for everyone else. "Why can't I just enter Dr. Hax's phone number and send him a text with the texting app that I use for everyone else?", they wonder. So, to them, it's more confusing to have different apps. They don't see any difference between Signal and Messaging. And that was the beauty of the old Signal: they didn't have to know about these underlying security features.
Tbf sms is not that popular iny region, people mostly use whastapp. That may explain the different experience
How would you compare this to SimpleX?
simplex is more private. signal and molly need a phone number, but simplex is less likely to have your family and friends sign up atm
Molly is looking to defentralize too which should be interesting
My choice is also Molly, but I am happy that I already got a lot of people talking to me on Signal, because I stopped using whatscrap years ago. Would love to see more people on Simplex, but that is near impossible. People already forget me on Signal because I am the only one they are talking to on it 🙈.
Im going to give it a shot. Is there an Import option to bring my Signal data in?
awesome. yes, there is.
get it on accrescent for greater security and unattended updates 🤙🏻 also, note, the migration should be done when the available Molly version is equal to or later than the currently installed Signal app version. https://github.com/mollyim/mollyim-android/wiki/Migrating-From-Signal#migrating-from-signal
GrapheneOS as a project entirely doesn't make recommendations, but Molly is one app that absolutely would be. Universally recommended and has little to no significant shortcomings when replacing Signal. One of the best.
I have 450-500 contacts, and I constantly contact 30-40 of them. Molly/Signal users from my phone book is just 5, and those 5 users are out of my daily contacts.
it is sad that most people still don't know that their calls and sms's are unencrypted and should be treated as public record
i find it funny that even after all this time, there is nothing to keep people safe but to tell people to go get a vpn and even then you are still monitored because everything is tracking you ... i want to throw all my tech stuff out and move to nature. i am over it.
i hear you. still, it's important to understand that vpns are a good opsec tool, but they are not a set-it-and-forget-it panacea.
i understand
I've started testing Molly, a "hardened" fork of Signal. So far I liked the Database Passphrase feature only that's important to me. Why don't Signal offer this feature? Is Molly audited by any third party? molly.im Thanks to @Ava. nostr:nevent1qqsyxzmkj9rgsac2l8d267r6wyh5hs3dj8k9qrcgs90q7d0qgu5lv8qpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzqn4csvgddd8djhrdv63etv7nea2ehp06aj8hdyw6l4q94yhq2htdqvzqqqqqqynh922n
Awesome. Signal used to have the database passphrase feature, then they removed it. RAM shredding and user set "automatic lock-down" timer are pretty damn cool too. OFC Signal is audited, But Molly has not yet been 3rd party audited, but lot's of very smart privacy-security folks who work for and with GrapheneOS use it. It's coming. Here's Molly's lead dev speaking on that in Dec '23 https://image.nostr.build/198eaee5c8434b5bb6cc33810db3b83ed6b1f621007b3199bd267013cebff910.jpg
I don't understand. Is there already a foss version or is it just their goal? "Versions Molly, like Signal, uses Google’s proprietary code to support some features. Molly-FOSS is the community effort to make it 100% free and open-source."
two versions. i recommend molly-foss
cool stufd. you can read up on the differences here: https://github.com/mollyim/mollyim-android
Thanks, I didn't see anything about being able to send/receive SMS on the project website, but I'll download it and give it a spin.
Ah, I don't think it has it anymore either..
Ah, I don't think it has it anymore either..
Why use Signal when you can use Molly? nostr:nevent1qqsyxzmkj9rgsac2l8d267r6wyh5hs3dj8k9qrcgs90q7d0qgu5lv8qs7sv04 nostr:nevent1qqswapn322pfjrgmfvsr6gtp4ssle9h2k7hz4h6c2kupp8fea23arqsjgyz63
It looks like they have a non-free version with the same proprietary Google stuff as Signal. Confusing, and makes me wonder why they wouldn't just have the FOSS version since that seems to be the selling point. I only point this out so people realize that before installing.
What? "Molly is open-source just like Signal. But Signal uses Google's proprietary software to provide some key features. To support a 100% free and auditable app, Molly comes in two flavors: one with proprietary blobs like Signal and one without. They are called Molly and Molly-FOSS, respectively. You can install the flavor of your choice at any time, and it will replace any previously installed version. The data and settings will be preserved so that you do not have to re-register."
Why use anything that requires giving away your phone number when you can use just about any Tox or Matrix client?
Adoption, usavility, better privacy and security for the masses. Use SimpleX for a more robust, albeit, future forward solution.
Can I use SimpleX on my 15-year-old Macbook Air with bare-console Alpine Linux? Because I can use SIP+ZRTP and XMPP/OMEMO clients there. And they provide thr same level of security while not tying us to modern hardware. Can I even use simplex on an old Android 4.4, to start with?
You could do that, or you could upgrade if privacy and security is important to you.
More consumption is never a viable answer. Privacy and security is important to me. But it can be achieved without the elevated NIH syndrome. Even without Tox (although why not?). Just adopt XMPP+OTR and SIP+ZRTP. Plenty of clients and servers out there. Proven track record. Works everywhere. Gonna do some Linphone-to-Linphone test (Arch Linux to Android) to see if ZRTP is still properly supported on both.
It looks like they have a non-free version with the same proprietary Google stuff as Signal. Confusing, and makes me wonder why they wouldn't just have the FOSS version since that seems to be the selling point. I only point this out so people realize that before installing.
What? "Molly is open-source just like Signal. But Signal uses Google's proprietary software to provide some key features. To support a 100% free and auditable app, Molly comes in two flavors: one with proprietary blobs like Signal and one without. They are called Molly and Molly-FOSS, respectively. You can install the flavor of your choice at any time, and it will replace any previously installed version. The data and settings will be preserved so that you do not have to re-register."
Can I use SimpleX on my 15-year-old Macbook Air with bare-console Alpine Linux? Because I can use SIP+ZRTP and XMPP/OMEMO clients there. And they provide thr same level of security while not tying us to modern hardware. Can I even use simplex on an old Android 4.4, to start with?
You could do that, or you could upgrade if privacy and security is important to you.
More consumption is never a viable answer. Privacy and security is important to me. But it can be achieved without the elevated NIH syndrome. Even without Tox (although why not?). Just adopt XMPP+OTR and SIP+ZRTP. Plenty of clients and servers out there. Proven track record. Works everywhere. Gonna do some Linphone-to-Linphone test (Arch Linux to Android) to see if ZRTP is still properly supported on both.
