Difference between Molly and Signal

2days

I'm about to download one of them and wanted to ask what are the differences/advantages between Molly and Signal?

I also need to convert friends away from other traditional popular communication chat places so if one is more user friendly for the average person, then I'd also like to know that as it's notoriously difficult to get people to change habits

cleanbowtie

I think Signal is easier for people to wrap their heads around (particularly if they are less literate) but you can also use Molly yourself. Molly is just a fork of Signal.

DeletedUser499

I personally prefered Molly, it has extras that Signal does not. I tried both and came to my own conclusion. Molly without G@@gle services connects via mollysocket, and just eats battery. On a P6a my battery dropped from several days to a day at best.
However, getting people to change is your biggest problem. I have left both behind and use something else.

elbert

Molly is just a fork of the Signal client. They both use the same servers so one person can Signal and the other Molly and still be able to write messages to each other without problems. You can't really tell whether the person you're chatting with uses Signal or Molly, they're completely seamless. Also the other person won't notice a difference whether you use one or the other.

The setup process and vast majority of functionality is exactly the same between the two apps. Molly only has a few extra features on top:

more efficient WebSocket-based push implementation (and even support for UnifiedPush) - this is especially relevant if you don't have Google Play Services installed, as it will lead to significantly less battery consumption
allows being used on a secondary device (in case you have more than one smartphone)
Material You theming
some additional hardening/security features like database encryption at rest
a few small additional changes, e.g. sending an OpenStreetMap instead of Google Maps link when sharing a location

For beginners, it would probably be easier to convince them of Signal as it can be installed from the Play Store. Molly must be obtained from Accrescent or their own F-Droid repo.

2days

Thanks

Interesting to know one can use either.

In that case, i'll get them to get signal but for me I'm unsure then.

I read your answers on differences, overall is Molly substantially more secure or both very similar besides the points mentioned?

Edit: spelling

vodka

2days I read your answers on differences, overall is Molly substantially more secure or both very similar besides the points mentioned?

They're both very secure, Molly has some additions that might be desirable based on your threat model.

For the vast majority of privacy conscious people, the actual benefit of Molly is removing Google Firebase messaging, and letting you get notifications via for example UnifiedPush.
While Signal also allows for a websocket for notifications that doesn't go via Google, the code for Google Firebase is still there, which is something some people are not ok with.

This is about converting your friends, so Signal is probably the right client to use for them, it's the most friendly to normal people.

elbert

2days I read your answers on differences, overall is Molly substantially more secure or both very similar besides the points mentioned?

The security of the Signal client isn't really that great, especially against remote exploitation (see here and here). AFAIK Molly doesn't currently do much beyond it neither. IIRC they plan to add a lot more sandboxing but it's not implemented yet. Molly does have the ability to block unknown contacts so that might somewhat help about this.

Apart from that, Molly has a few security featues Signal doesn't, but whether they're really useful to you, depends on your threat model. Taken from their readme:

Data encryption at rest - Protect your app database with passphrase encryption

Secure RAM wiper - Securely shred sensitive data from device memory

Automatic lock - Lock the app automatically under user-defined conditions

vodka For the vast majority of privacy conscious people, the actual benefit of Molly is removing Google Firebase messaging, and letting you get notifications via for example UnifiedPush.
While Signal also allows for a websocket for notifications that doesn't go via Google, the code for Google Firebase is still there, which is something some people are not ok with.

Molly's implementation of WebSockets is also vastly more efficient (i.e. consumes less battery) than Signal's.

dhhdjbd

I personally use molly because the FOSS version is in the accresscant app store, and like i rather have a fully open source version than the non fully open source signal...

i have been wondering for a while tho, how fast molly does apply security patches

vodka

dhhdjbd i have been wondering for a while tho, how fast molly does apply security patches

Molly aims to do feature updates about once a month.

For security patches, they are high priority and implemented asap.
Often within an hour or so of a signal update with a known security fix. (not that these happen that often)

At least that's what I got from reading various issues and discussions on their github, I suggest you go and look at their issues and discussion to find info about it.

dhhdjbd

vodka Thank you

altoids

I prefer Molly as my Signal account is mainly for work.

The only reason I use Molly is for the lockdown feature. It's nice being able to "turn off" notifications when I am outside of working hours. I guess you could disable the Signal app, but Molly auto-lockdown just does it for you.