this post was submitted on 13 Oct 2023
105 points (99.1% liked)

Open Source

31250 readers
240 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (4 children)

Can I ask what's wrong with the standard Signal app?

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago) (2 children)

From their GitHub:

Molly has unique features compared to Signal:

  • Data encryption at rest - Protect the database with passphrase encryption
  • Secure RAM wiper - Securely shred sensitive data from device memory
  • Automatic lock - Lock the app automatically under certain conditions
  • Multi-device support -- Link multiple devices, including Android tablets, to a single account
  • Block unknown contacts - Block messages and calls from unknown senders for security and anti-spam
  • Contact deletion - Allows you to delete contacts and stop sharing your profile
  • Disappearing call history - Clear call notifications together with expiring messages
  • Debug logs are optional - Android logging can be disabled
  • Custom backup scheduling - Choose between a daily or weekly interval and the number of backups to retain
  • SOCKS proxy and Tor support - Tunnel app network traffic via proxy and Orbot

Besides that, you will find all the features of Signal plus some minor tweaks and improvements. As with Signal, SMS is not supported.


Molly is open-source just like Signal. But Signal uses Google's proprietary software to provide some key features.

To support a 100% free and auditable app, Molly comes in two flavors: one with proprietary blobs like Signal and one without. They are called Molly and Molly-FOSS, respectively.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Contact deletion - Allows you to delete contacts

Wow, what a groundbreaking feature! 🤣

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (3 children)
  • Data encryption at rest - Protect the database with passphrase encryption

I tried Molly once, and doing that meant I wasn't getting notifications. Is that how it's supposed to be?

[–] [email protected] 6 points 1 year ago

Idk, when I tried it, I just kept hugging people and grinding my teeth

[–] [email protected] 5 points 1 year ago (2 children)

It is pretty common when starting to use apps that don't depend on Google services to not get notifications. Many struggle with inconsistent and sub-optimal notification strategies such as background sync via polling or a custom notifications service and need battery optimizations turned off. UnifiedPush allows for push notifications from a server or your choosing so those other methods don't need to be used.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

The app was generally able to send notifications just fine, through whatever way they used back when I tried it. Probably a websocket, since UnifiedPush is only now being introduced.

Just when I used the database encryption specifically, the app was fully locked down, and wouldn't send notifications out, then.

I'm just wondering if that is by design, or if I maybe just missed a crucial setting.

[–] [email protected] 1 points 1 year ago

Often apps in the background will be killed aggressively, so check this website out to see how to turn off battery optimization on the apps you need always running https://dontkillmyapp.com/

Soon you'll be able to turn it on again and use a UnifiedPush app instead

[–] [email protected] 17 points 1 year ago (4 children)

It depends on non-free Google Play Services for push notifications, which puts you into a requirement to use an unmodified Google Android, which is potentially dangerous for a privacy app like this.

Anyways, when it comes to E2EE IMs, Matrix ecosystem is much better.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

They distribute an apk that uses a websocket for notifications. It's very hidden, which I do not understand in the slightest, but it exists.

https://signal.org/android/apk/

They make it seem dangerous to use, and don't even explain why someone would need it. That needs improvement imo.

[–] [email protected] 2 points 1 year ago

They used to have it on the normal Download page ages ago but they seem to only provide it to avoid a shitstorm tbh! :/

[–] [email protected] 2 points 1 year ago

an interesting oddity: on my non-rooted xperia, signal thinks that i don't have play services and so it falls back to… polling. every five minutes. killing my battery and my logs.

i had to put signal into the restricted battery group, which means no notifications. i anxiously await the new molly, as i already have a unified push environment. it looks like the migration will be a bit delicate.

[–] [email protected] 2 points 1 year ago

Thank you. At the moment only two of my friends use Signal, but it's nice to know.

[–] [email protected] 1 points 1 year ago

I find mstrix's E2E encryption design cumbersome and unintuitive to a point where id just prefer it off.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

Nothing is wrong with the main signal client but it's open source so it's healthy to have options. One of the benefits of a robust open source ecosystem.

Molly has lots of neat quality of life features, and let's you use the old signal local encryption.

Back in 2018, Signal allowed the user to set a passphrase to secure the local message database. But this option was removed with the introduction of file-based encryption on Android. Molly brings it back again with additional security features.

Molly connects to the Signal server, so you can chat with your Signal contacts seamlessly. Please remember to review the Signal Terms & Privacy Policy before signing up.

We update Molly every two weeks to include the latest features and bug fixes from Signal. The exceptions are security issues, which are patched as soon as fixes become available.

https://github.com/mollyim/mollyim-android#features

Data encryption at rest - Protect the database with passphrase encryption

Secure RAM wiper - Securely shred sensitive data from device memory

Automatic lock - Lock the app automatically under certain conditions

Multi-device support -- Link multiple devices, including Android tablets, to a single account

Block unknown contacts - Block messages and calls from unknown senders for security and anti-spam

Contact deletion - Allows you to delete contacts and stop sharing your profile

Disappearing call history - Clear call notifications together with expiring messages

Debug logs are optional - Android logging can be disabled

Custom backup scheduling - Choose between a daily or weekly interval and the number of backups to retain

SOCKS proxy and Tor support - Tunnel app network traffic via proxy and Orbot
[–] [email protected] 7 points 1 year ago (3 children)

No multi-device support on Android.

If you want to more than one Android device tied to your account, install Molly insead.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

From their support page:

'Other Devices

Multiple mobile devices and Android tablets are not currently supported.'

From Molly GitHub:

'v6.31.2-1

[…]

Introducing Multi-Device Support!

Now, you can install Molly on multiple devices, including Android tablets, and link them to a single account, just like Signal Desktop. […]'