Molly advertises itself as a “hardened version of Signal,” & its FOSS variant is the same without proprietary dependencies. TwinHelix’s FOSS Signal fork goes further, adding OSM support instead of GMaps. Are these forks trustworthy, & are they worth using for added security compared to mainline?

  • kixik
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    it’s not just osm instead of gmaps for the FOSS version. It’s NOT using google push notificationss neither gapps at all. Using sockets instead of push notifications. It makes molly FOSS being more battery hungry, but at least it’s not using google stuff. Not sure if the dev would be willing to integrate suipport for unified push for the FOSS version, that’d be even better…

    • Skimmer@lemmy.zip
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      The official Signal app can do this too for notifications? This isn’t unique to Signal-FOSS or Molly-FOSS, the base Signal app supports notifications without Google Play as well, which I use myself.

  • Skimmer@lemmy.zip
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    My biggest problem is the delayed updates, which I don’t think they add enough to justify using imo. I think the base Signal itself already has excellent privacy, it can be used for notifications without Google Play Services (which I do myself), which works great. I haven’t used any maps features so not sure how that compares. I’ve never seen it make any connections to Google in my usage. I’d just stick to the main Signal so you’re getting updates as soon as possible. With these apps, you’re just adding another trusted party, and delaying updates, which can decrease security.

  • mtchristo@lemm.ee
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Are they allowed to use signal servers ? last time I heard third party apps or forks were banned from using signals servers.

    • ᗪᗩᗰᑎ
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Yes they are allowed. The devs have nothing against third party clients as long as they’re not abusing the network or pretending to be the official Signal app.

      The issue you’re referring to happened, I believe, around 2016 and it was specific to one developer who was using a similar app name and the lead Signal dev basically told them specifically to not use their network.

      Almost every other Signal client since then even report to Signal’s servers as a third party client - and the signal devs can see this in their logs - and nobody has been kicked/asked to stop anything since.

      I also seem to recall the issue may have been 3rd party clients unintentionally abusing the network at the time, causing issues for other users, so I can see the frustration from a dev perspective to potentially be woken up at midnight for an issue/outage affecting your users, that is caused or at least made worse by clients that are pegging their servers.

      If anyone has more background or corrections, please let me know so I can update/edit my statement.

      • §ɦṛɛɗɗịɛ ßịⱺ𝔩ⱺɠịᵴŧ
        link
        fedilink
        arrow-up
        12
        arrow-down
        1
        ·
        edit-2
        1 year ago

        My reference is regarding signal removing SMS and how ~75% of my messaging is SMS. If signal still offered SMS, it would make having others switch much much easier. I do use a security and privacy based VOIP service for sms and calls currently. But the moves I make are almost always much more than my friends are willing to do.

        • beeng@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          How are they switching if they’re still using SMS? Get them to install signal is getting them to install signal…

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    3
    ·
    1 year ago

    Signal is anti free software. They are extremely hostile to anyone who wants to exersize there rights.

    I would use other encrypted messages instead.

      • chayleaf
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Not really, since Signal servers are still proprietaty and centralized. But this mostly isn’t a privacy issue, it’s a different kind of issue.

  • ashtrix@lemmy.ca
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    For me, it doesn’t add enough to switch from the base Signal and slow down those updates

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Since signal is not on fdroid I’ve been using Molly. Works fine for me. If having a third party developer modify the signal source code is an unacceptable risk for you then it’s unacceptable. So far the Molly developers haven’t done anything worrisome

    • Gianni R
      cake
      OP
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Have you tried Molly FOSS, or are you using the standard one with proprietary dependencies? Is there a meaningful difference in day to day functionality?

  • FarLine99@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I think they can be trusted as their build process is open. I recently learned that the official client supports reproducible builds as well, so I don’t see the point in using those versions for myself. Now I trust the Signal authors’ builds. If you want to use them because of the extra features, it’s probably worth it.

  • merde alors@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    1 year ago

    if you uninstalled GMS, than you have no choice, it’s Molly for you.

    can’t understand people who complain about privacy standards of Signal, yet they have GMS sitting at the core of everything their phone does.

    • Skimmer@lemmy.zip
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      if you uninstalled GMS, than you have no choice, it’s Molly for you.

      No? Signal on their official app works perfectly without any Google apps or Play Services installed, including notifications, I use it daily on my deGoogled phone. I don’t know where this misinformation is coming from.

      • merde alors@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        from experience. i tried to re-register signal after degoogling my phone and couldn’t. I already had Molly in my test list, so i tried and i was back online.

        maybe signal has to be installed without gms for the configuration to work?

        if that’s misinformation (i will trust you), i’m sorry and i’ll keep it to myselves