I am not comfortable that signal depends proprietary google library. However, I find that Molly lags significantly behind signal (around 1 to 2 weeks, so maybe not as significant as I thought), but I am just concerned that if there is a security fix in signal, molly will not be able to react as fast.
I am also quite frustrated with the general lack of communication from the signal team (for example the lack of communication regarding username). I doubt they will have the good will to help molly when there is a critical security fix.
It is frustrating that signal no longer seems like the gold standard for privacy any more; unfortunately, all my friends are on there (ironic, isn’t it…).
What’s your threat model?
Signal as a gold standard for encrypted messaging is based on many factors. Ease of use, UI/UX, protocol, platform support and so on.
Even though I’m a hard core FOSS person I’m also a realist. Sticking to a common platform is worth a lot. Bridging stuff with Matrix is cool but will not take off among most people.
Signal using Google blobs is a problem but let’s face it, the UI will be presented on a Google branded Android phone or a iOS device anyhow. Sure you can use GrapheneOS and Molly or you can switch to another app altogether but heck you’ll have no other to talk to then.
deleted by creator
There’s a FOSS fork of Signal which removes Google dependencies from the software.
Signal-FOSS
A fork of Signal for Android with proprietary Google binary blobs removed. Uses OpenStreetMap for maps and a websocket server connection, instead of Google Maps and Firebase Cloud Messaging.
Hasn’t been updated in a year and is over 3000 commits behind Signal. I wouldn’t use
XMPP or Matrix. I’m on Matrix only because I have my family there and I was there before I knew of XMPP and at this point I can’t turn that boat.
Signal was/is (idk if they still are) into crypto, they don’t let you run your own server or client, and they have a proprietary shim in place to combat spam (or so they say, it can’t be audited because it’s proprietary).
I was all in on Signal until the above.
I love Signal, and I have persuaded people to use it a lot. That said, it is definitely not the gold standard for privacy. It’s a good-enough compromise between actual unbreakable encryption and trivial for anyone to use. It’s always been valuable for that reason, and still is.
Don’t worry about Molly - it uses a variation of the same code that Signal does, so they don’t need “help” to get critical fixes that Signal receives. Use it if you like it!
The actual gold standard for privacy would be logging in through TOR and sending GPG-encrypted messages that way. And there’s an app which does this, too - it’s called Briar. (No phone number needed, either!) It’s not as seamless to set up as Signal is, though.
And there’s an app which does this, too - it’s called Briar.
Cool I had not heard of this, thanks!
Do you know about SimpleX?
@Nimbus @SteleTrovilo
@lengsel@latte.is not.coffee I did not, super interesting.
I gave up Briar for SimpleX, as really good as Briar is, because of only having one ID. On SimpleX, if you enable incognito, it will create a new random ID for each new contact that you message, so no 2 persons will see the same ID for you, they each see you as a different name.
Also SimpleX is on iOS and Android, Briar is only for Android, and SimpleX does calling with contacts.
How do you backup SimpleX? Considering you changed your phone or factory reseted, can a normal person continue to contact their previous list? They don’t have a problem with Signal since it uses the phone number. Can I convince my family / friends on SimpleX, as I barely managed it on Signal? Because SimpleX looks much nicer and I’d love to use it.
In SimpleX app settings, if you have already set a database passphrase, you can do a data backup or export to a file, when SimpleX is installed again, you import database.
I see, thanks for the reply. I guess this is still not so viable for tech-illiterate people, unless the devs find an optional and more streamlined process for this. I barely made people use Signal, they couldn’t managed Matrix for example.
@baseless_discourse The gold standard has always been XMPP. It’s the IETF Internet Standard for messaging, no walled gardens, ability to self-host, no phone numbers required and modern clients use the same end-to-end encryption protocol as Signal does.
It’s not the same encryption, it’s based on the same double ratchet design that’s it
Is there a community for XMPP? I would like to know what clients people use on iOS. So far I found them all to be pretty insufficient.
@matricaria There is a community around XMPP. Of course you will find most of them in public XMPP channels, but many are also active in the Fediverse/Mastodon. I don’t have any Apple devices, but a few of my friends use Monal ( @Monal ) which seems to be the most reliable client on iOS currently.
For me Molly works but one can’t use Signal betas (obviously) and backups are currupted for me for months.