I've used signal to buy molly
this post was submitted on 02 Nov 2023
143 points (95.0% liked)
Privacy
31263 readers
871 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Oh, that Molly
Glad it wasn't just me...
Getcher tin ass over here, now. Please.
Compared to the other molly...
100% Molly is amazing
Also you can run the normal signal client, and Molly on the same phone. To have two different signal accounts. If you use work profiles this could be four accounts etc
100% Molly is amazing
Heh
50:50 with Pedro ain't nothin' to laugh at.
Molly should integrate Monero, the way signal has integrated their shitty Monero fork. Then I can finally buy molly on molly on Molly.
that's great to hear, thank you for sharing. seems like it is at least in semi-active development
Instructions unclear, am now rolling face and signal needs a phone number.
Is there any real security-minimizing reason why it's not wanted by the official app to have multiple mobile devices linked to one Signal account? (I'm not even talking about a second phone with another SIM card, I just wanna use it on my tablet).
I would appreciate a simple/ELI5 style explanation if there is one, I don't work in IT.
No, there's no security benefit to this.
One goal of the signal foundation, has been making end-to-end encryption accessible for normal people. Keeping things simple one phone number per account is one method they used to do this. It does diminish an anonymity, it's using phone numbers as a form of global ID. Which isn't great.
So people could argue, that well having multiple signal accounts on the same device aren't against the philosophy, they're not going to spend any engineering effort making it happen.
Element as a client with a Matrix server bridged to Signal works great, too. Centralizes your history on your own secure server, too.
More complex, though.
Also worth noting that communication between signal and matrix through most bridges requires the message to be decrypted and reencrypted, thereby breaking E2EE which kinda defeats the point.
Unless you’re running a bridge on a locked down home server on your own network, not sure it’s the most secure.
Very good point. For me its a private server and I run both the bridge and the matrix server inside the same docker network.
Oh nice! I just like to warn people because I saw bridges get popular with Beeper and people don’t always catch that security-for-ease compromise
I’m not trying rip on Beeper, by the way. I don’t use them and never have. They could be totally legitimate and good-faith actors, but the reencryption issue with bridges sets my tinfoil hat off!
Oh yea, I won't use Beeper. Self-hosted for me!
Molly now merged the long-awaited UnifiedPush feature that Signal refuses. This means the notifications go thru my server instead of Google’s.
That said, I hate the entire concept of only allowing one Android device but also requiring an Android device with a SIM or you get no service. iOS is also supported but feeds into that duopoly, requirements to have a phone, & the freedom use whatever devices you want how you want.
I would prefer XMPP, but I have too many folks that refuse to move from Signal despite the conspiracies.
My too many folks are on Facebook messenger, Whatsapp, and telegram. 'and' not 'or'...
I got a chunk of friends & family to Signal a couple years back. Now I have some regrets due to the architectural decisions of the Signal ecosystem (and that battery drain + Electron app being huge). I wish I had had resources for an XMPP server as even a lazy person could run Snikket, but now they don’t want to remigrate after on a few years.
I'm in the same boat. To be frank, if I didn't have to use WhatsApp to talk to those in my family that remain in my motherland, I would be more than happy to get a simple dunbphone.
Yea, the mobile device requirement is so pointless and annoying! I have to use Signal with only a couple of people and had to use signal-cli, which is pretty annoying because it doesn't display history. Now I have it on Waydroid, but you should NOT have to do that.
I'm using molly for several months now it is really nice but recently I dive myself in XMPP and it is superior to molly/signal just because XMPP servers are auditable amd you can actually see if the server is using encryption or not while signal servers are closed source unfortunately, it's their only flaw
The signal source code is open source, it is hard to prove that the servers are running the source code that's published, and we know they have admitted to having source code they don't publish for anti-spam purposes.
But you could take the signal server source code and stand up your own signal servers today.
The Signal protocol is built in a way where you don't have to trust the server. The servers could be run by the NSA, it wouldn't matter. Especially now that the Signal protocol uses post-quantum cryptography.
And how do I tell may client to use only a specific server?
If your going to run a independent signal server cluster, you will also need to modify the client applications to connect to your cluster.
You probably would find the molly developers happy to accept a push request to have some configurable backend selection.
Session demonstrates this is possible.
If yo run your signal server does it come with the new quantum E2EE?
Good question, check with the signal github
I don't know man, seems to me XMPP is more secure (unless you trust Signal) and simple to use because you have to jump less hoops
By all means, go with the platform you like better!
https://www.privacyguides.org/en/real-time-communication/
Are all perfectly acceptable options
AFAIK it's entirely done in the client. The server doesn't perform any encryption/decryption other than TLS.
load more comments
(1 replies)
Your client encrypts and decrypts everything, so it is actually not a privacy concern regarding message content when we don't know what the server does.
The server could decrypt or could be machines attached to the server that store data
Your private key stays at the client, the server doesn't get it. Verifiable by the source code of your client
Ook thanks
The Signal servers don't do the encryption, it's done on your phone. That's how end-to-end encryption works. Also, Signal's Server code is FOSS: https://github.com/signalapp/Signal-Server
Secondary phone, or any other additional android device (let's say a tablet).
Instructions unclear, now comfortable with pissing myself.
Every time I want to try molly the version is too far behind to restore backup of signal. Currently my signal is at 6.37.2 and latest Molly is at 6.35.3
Well I guess I don't have any more excuses not to use Signel.
I’ve been doing this and like it but, it’s been crashing a lot in the background and draining battery