Elk9877 I hope that won't mean that Molly users won't be able to talk to Signal users!

No. We would want to make it possible to be able to still talk to signal users but with the possibility to use molly without signal and only random IDs.

hdishs How distant is that future?

It's not a priority right now. We just have a concept.

Monero implemention is the highest priority. Followed by remote attestation. After that text only / sandbox webrtc and audit.

RRZishe Also can signal block people that use Molly from communicating with regular signal users at whim?

Since signal doesn't know what client connects to the server. No

    beammer335d What platform do you suggest to buy into Monero

    beammer335d Sorry and Wallet

    I personally do not discuss my finances and what I use to get things done.
    But I'm sure you can find the answers if you search the forum here. Best of luck.

    Nuttso Molly was started here:

    https://community.signalusers.org/t/signal-with-password-encryption-poc/6159

    Thanks for the link to this early background of the project, it is useful for having more context for how it emerged.

    Nuttso The implementation of Monero as a means of payment is currently being worked on at full speed. The Monero community has provided funding for this purpose.

    https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/252

    I didn't know about the connection between Molly and Monero. The linked thread also provided some useful context for the project in recent years. It is also relevant to know that @valldrac is a "security engineer specializing in offensive security and cryptography, and a former forensic analyst [who] recently [...] became completely focused on mobile security."

    Nuttso Molly is completely open source, as is Foss. The changes to the client are all public. The added features are all well thought out and future proof.

    Yes, though I think it is important to remember that this transparency of open source only provides a basis for trust to the extent that there is examination of the the code in question. A formal audit would be the best version of this, and it is completely understandable that this hasn't been possible yet. An informal review from someone trusted and knowledgeable would still be good. In lieu of either of these, the fact that the code has been open for many years now and no one has noticed anything of concern is better than nothing, though in general I still have doubts that this should be considered sufficient on its own for security-sensitive projects.

    Thank you for providing all of this information, @Nuttso. It will provide some basis for me to have a more nuanced and informed opinion the next time that Molly comes up when discussing options for more secure communications.

    If anyone from the GrapheneOS project have anything to add regarding their choice to recommend use of Molly, that would also be appreciated.

      hdishs I don't trust the signal servers nor do I want to register with a phone number.

      The whole point of e2e is you don't have to trust servers. Your messages/calls are encrypted and the keys are on the two devices communicating. As for phone numbers, nothing to dislike there. It goes to threat model. For lower threat model I really like the fact that Signal is pretty popular and contacts show who is using Signal so I can have e2e communication with them. I am already putting myself out there as a Signal user to my contacts, so I am not implying high threat model. Phone numbers are a truncated hash in a secure enclave on an encrypted Signal server. Could there be a side-channel secure enclave attack revealing your contacts on a centralized server? Sure. That's why I see Signal as secure communications, but otherwise not high threat model as contacts/groups are not so secure. Also not a fan of Signal using SGX for secure enclave, but again, it does not go to my lower threat model for my use of Signal. Now, at some point I might be using a high threat model where I want more anonymity to communicate with a person or two for a specific reason. Session is more appropriate for me. No phone number, decentralized onion routing system, IP hidden from ISP by default, essentially no metadata. Reason it is not my go-to privacy messenger is hardly anyone uses it and Signal serves my purposes with a lot of users for private communication. Signal was never meant for anonymous communication. It has always been meant for secure communication.

      Also, if high threat model, don't get caught up too much on no phone number. You will still (in most cases) have a username attached to your identity. Anonymity is nowhere near as simple as not requiring PII during registration. So I pick a username for Session. That's a permanent connection between my Session identity and my real identity. If I choose another very unique username for another Session account, that username is also attached (anonymously at the time) to people I communicate with on Session and even other unique usernames are for contacts/cross contacts on other forms of communication like regular email, or e2e email, or a Cheo/XMPP username which is an email, VOIP, forums I belong to like this one with a unique username, bill and shopping usernames, etc. Even with all different unique usernames communicating with other people/websites, if you are high threat model and targeted, the NSA via OSINT and correlation will have a pretty good if not very good chance of identifying you - especially over time (and that's assuming you are not doxxed by a contact). Is a username on an e2e messenger better than a phone number for some anonymity? Sure.

      I see Signal as having high threat model encryption, but not good for anonymity. That's the use case. Some people choose a more popular and light canvas bag for groceries. Others might choose a more sturdy but heavier burlap bag. Nobody is wrong with their personal choice. And, some people make well thought out personal choices and others not so much. That's life.

      akc3n I'd like to encourage everyone using Molly to consider supporting the project. Your donations can really help fund and sustain it.

      What is your involvement? Do you have any personal, business or familial interest to declare?

        ve3jlg What is your involvement? Do you have any personal, business or familial interest to declare?

        It seems pretty normal for someone who has clearly put in a lot of their personal time into helping out an open source project to suggest people who benefit from another open source project to show their support.

        @ve3jlg,

        Sounds official, like something a customs agent would ask...?

        ve3jlg What is your involvement? Do you have any personal, business or familial interest to declare?

        Simply wanted to express my gratitude to the developers for the effort that goes into maintaining this app and further elaborate on a point from a previous users comment, suggesting a way other users may help out if they feel the same way.

        Nuttso Like any other open source project, we are dependent on donations. Without them, it will not be possible to carry out a complete audit and implement some features.

        cleeyv An informal review from someone trusted and knowledgeable would still be good.

        The problem with Audits is that they should happen with every commit pushed to the repo. We are friends with https://ivpn.net and highly recommend them as a vpn provider. They do audits. Audit

        Basically, such an audit can also be misleading. It is a snapshot, nothing more. It tells you that the version that has just been checked is secure. The fact that the database cannot be opened without the correct key is easy for anyone to check. That molly does not send data to other servers is also easy to check.

          I have a question regarding push notifications: Molly has 2 versions: FOSS (that is using an alternative push notification service but consumes more battery) and regular (that delivers notifications through Google Play services but consumes less battery). The regular one that relies on Google Services, does it encrypt the messages when in transit - in other words, can Google read the messages in transit? If not, what data can it gather regarding the messages (metadata, etc)?

            • [deleted]

            Volen it probably does the same thing as Signal, it just wakes the app so that it then can connect to the Signal server to retrieve the message

              Nuttso

              Sorry your comment is empty.

              Can you please confirm if GServices just send a wake signal to Molly, without seeing/accessing the message (as Some1 suggested).

              If yes, will the setup (including notifications) work properly if I disable network access to GServices? Thanks a lot!

                • [deleted]

                Volen no, you musn't turn it off. How else it would communicate with Google servers?

                  Nuttso No. We would want to make it possible to be able to still talk to signal users but with the possibility to use molly without signal and only random IDs.

                  When you say "random IDs". Do you mean using Molly without a phone number? When could that happen? Will it be like the upcoming feature "username" Signal will release soon? How fast after Signal released usernames Molly will do same?

                    @Nuttso Thank you for the replies, happy to see Molly is ready to innovate in this space even further.

                    A question regarding UnifiedPush, as of now Molly with UnifiedPush is a standalone, are there plans to merge it into the MollyFOSS and let UnifiedPush be a toggle in the settings? If yes, could some fallback be integrated into the app to fallback to the websocket when the connection to the UnifiedPush MollySocket fails?

                      [deleted]

                      Why should it communicate with Google servers if it uses GServices "just to wake it up" as per your comment above? If it routes through Google servers then they will collect some metadata information nevertheless.

                        • [deleted]

                        Volen because the Firebase backend runs on Google servers and you need internet access to use it. That is why it needs network permission. Unless... You use Molly-FOSS from Github, which uses websockets bypassing further above. My way.

                          [deleted]

                          This is exactly what I use (websocket version from github) and it runs flawlessly without Google services. However, it seems it drains the battery faster too so I am exploring other options too.