Hi @Nuttso! Are you one of the people behind Molly?

Even if you are not, you probably know more about the project than me, so I guess I'll start the thread off with a couple of questions:

1) Does it make sense for the average user to use Molly instead of Signal? Are the security benefits it offers significant enough to extend trust to a third party maintainer?

2) It is my understanding that non-security updates are delayed and are on a set schedule. Is there a particular reason for that?

3) Is the Signal team okay with Molly? Does it play well with their server? I recall reading that Moxie wasn't too fond about 3rd party apps connecting to the official Signal servers.

    Nuttso One of the first things I install. Molly is a super lean signal that offers compartmentalization by default.

    I've used pretty much every popular fork of signal, with various numbers and various phones. Molly offers the lowest background battery drain of any option available. It also can be lowered even more by enabling the encrypted protection option, which prevents any notifications and the like from coming in until you unlock it. I'm super anal about idle-drain. So this is a huge plus and weight in my own rankings.

    I personally have it set to an autolock of 3H (without a device unlock) and it sorta manages itself. Honestly thinking about cutting it even shorter. Combo'd with KPDX, unlocking it is a breeze.

    matchboxbananasynergy

    1) This is pretty subjective. The improvements are listed on their Molly's site and GitHub so you can decide whether it's worth trusting another party.

    2) Oscar is the only dev and Signal makes point releases fairly often, so I imagine this is because rebasing onto every Signal release would be an unnecessary maintenance burden.

    3) You're right that Moxie wasn't very fond of third-party clients to Signal servers, but leadership has changed since then and so Signal's position may or may not have changed as well. In any case, Signal can't detect whether a user is using the official client (at least not without implementing attestation for that purpose, which has undesirable implications for them) so there's not much they can do about it. Molly also has plans to run its own server network and it doesn't violate the Signal trademark unlike some other forks, so Signal has less of a problem with Molly than other forks for the latter point at least.

      lberrymage Molly also has plans to run its own server network

      Does this mean that Molly intends to be its own thing, and won't be interoperable with the official Signal app/server? Where can I read about this?

      Thank you for the reply, by the way!

      Hey guys,

      Thx for the feedback. I'll answer everything later because I'm traveling right now. But let me just tell you something. Valldrac and me are working out a concept how to make use of remote attestation for molly. Similar to SN in signal you will be notified of a change in attestation or old patch level. Also biometrics will be included. Very interesting stuff. I'm working hard on finding a donator for valldrac and made some progress already.

      Rnd3sB3g13rng I might be wrong, but I don't think that's possible. When you connect the same number on a second Signal (or Signal adjacent) app, the first phone will be disconnected. This seems to be the case with Molly as well.

      That said, my understanding is that you could have two different Signal accounts/numbers on the same phone by using the official Signal app for one number, and Molly for another.

      (Someone can correct me if I'm wrong about that last point)

      • [deleted]

      Rnd3sB3g13rng That isn't possible and it's a serious security and privacy issue if you're able to do that right now. Unless you mean having multiple accounts with different phone numbers.

        [deleted] yeah they mean multiple accounts with different numbers, 1 number used with Signal and another with Molly on the same device.
        That is indeed possible say eSIM number with Molly and Physical SIM on Signal.

        2 months later

        How do you confirm Hashes match via android? I've tried twice on my PC and it says it doesn't match.

          • [deleted]

          • Edited

          Molly is not updated as a signal...

            trying Molly now, looks promising
            any plan for a Joe version?