Recently discovered this. Molly supports link with existing device just like on signal desktop. It even has benefit of getting entire chat history unlike signal desktop. Just restore the signal backup file during setup and then click link with existing device. Then scan with you primary phone. Beauty of open source. Molly: https://molly.im/

  • zShxck
    link
    fedilink
    arrow-up
    10
    arrow-down
    3
    ·
    1 year ago

    I’m using molly for several months now it is really nice but recently I dive myself in XMPP and it is superior to molly/signal just because XMPP servers are auditable amd you can actually see if the server is using encryption or not while signal servers are closed source unfortunately, it’s their only flaw

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      The signal source code is open source, it is hard to prove that the servers are running the source code that’s published, and we know they have admitted to having source code they don’t publish for anti-spam purposes.

      But you could take the signal server source code and stand up your own signal servers today.

      • Free Palestine 🇵🇸@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        The Signal protocol is built in a way where you don’t have to trust the server. The servers could be run by the NSA, it wouldn’t matter. Especially now that the Signal protocol uses post-quantum cryptography.

      • zShxck
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        And how do I tell may client to use only a specific server?

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          If your going to run a independent signal server cluster, you will also need to modify the client applications to connect to your cluster.

          You probably would find the molly developers happy to accept a push request to have some configurable backend selection.

          Session demonstrates this is possible.

    • jack@monero.town
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Your client encrypts and decrypts everything, so it is actually not a privacy concern regarding message content when we don’t know what the server does.

      • zShxck
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        The server could decrypt or could be machines attached to the server that store data

        • jack@monero.town
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Your private key stays at the client, the server doesn’t get it. Verifiable by the source code of your client