Molly advertises itself as a “hardened version of Signal,” & its FOSS variant is the same without proprietary dependencies. TwinHelix’s FOSS Signal fork goes further, adding OSM support instead of GMaps. Are these forks trustworthy, & are they worth using for added security compared to mainline?
it’s not just osm instead of gmaps for the FOSS version. It’s NOT using google push notificationss neither gapps at all. Using sockets instead of push notifications. It makes molly FOSS being more battery hungry, but at least it’s not using google stuff. Not sure if the dev would be willing to integrate suipport for unified push for the FOSS version, that’d be even better…
Are they allowed to use signal servers ? last time I heard third party apps or forks were banned from using signals servers.
Yes they are allowed. The devs have nothing against third party clients as long as they’re not abusing the network or pretending to be the official Signal app.
The issue you’re referring to happened, I believe, around 2016 and it was specific to one developer who was using a similar app name and the lead Signal dev basically told them specifically to not use their network.
Almost every other Signal client since then even report to Signal’s servers as a third party client - and the signal devs can see this in their logs - and nobody has been kicked/asked to stop anything since.
I also seem to recall the issue may have been 3rd party clients unintentionally abusing the network at the time, causing issues for other users, so I can see the frustration from a dev perspective to potentially be woken up at midnight for an issue/outage affecting your users, that is caused or at least made worse by clients that are pegging their servers.
If anyone has more background or corrections, please let me know so I can update/edit my statement.
Not true. There’s an issue in the molly repo where Moxie chimed in and told them to stop using their servers.
So, theyre not being banned or sued…but they are not allowed either.
Not that I don’t believe you, but do you have a source? I mean, Molly has worked using Signal’s servers for at least 5 years now and Signal’s devs can see that people are using it and have the capacity to easily block them if they wanted to, so how are they not allowed but still allowed? Seems contradictory.
I guess he is talking about this
https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217231557
read the main page of this repo, the Dev made it clear that moxie made the right move in the end by accepting a gcm free notification feature
Just search their repo issues for Moxies username. Should be easy to find.
I tried but my google-fu failed me.
Search in github, not google
Won’t use it until I can securely install it through F-Droid
you can add the official molly fdroid repo
Since signal is not on fdroid I’ve been using Molly. Works fine for me. If having a third party developer modify the signal source code is an unacceptable risk for you then it’s unacceptable. So far the Molly developers haven’t done anything worrisome
Have you tried Molly FOSS, or are you using the standard one with proprietary dependencies? Is there a meaningful difference in day to day functionality?
Foss, basically new messages might not show up immediately
if that’s the case for you, your preferences may need some tweaking.
For me, it doesn’t add enough to switch from the base Signal and slow down those updates
Does Molly or TwinHelix still allow sms? If so, on top of having no Google dependencies, it’d be a no brainer switch for me.
You want SMS but not Google. How does that line up?
Spying is OK, but not if it’s Google?
My reference is regarding signal removing SMS and how ~75% of my messaging is SMS. If signal still offered SMS, it would make having others switch much much easier. I do use a security and privacy based VOIP service for sms and calls currently. But the moves I make are almost always much more than my friends are willing to do.
How are they switching if they’re still using SMS? Get them to install signal is getting them to install signal…
At the point they can use Signal SMS for everyone else, but direct Signal for you, in the same app, you’ve effectively converted them.
They need to install signal either way…
I haven’t used SMS for like 8 years.
What’s another app?
You haven’t, but you’re not trying to convert you.
Baby steps. First they get used to the interface, then they transition.
I think they can be trusted as their build process is open. I recently learned that the official client supports reproducible builds as well, so I don’t see the point in using those versions for myself. Now I trust the Signal authors’ builds. If you want to use them because of the extra features, it’s probably worth it.
if you uninstalled GMS, than you have no choice, it’s Molly for you.
can’t understand people who complain about privacy standards of Signal, yet they have GMS sitting at the core of everything their phone does.
I have MicroG