148
Molly - a better signal
(molly.im)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
As far as it being against signals tos, molly exists and had not received any problems from the signal foundation to my knowledge, discord has the same clause and they don't seem to give a rats ass. Sure they could enforce it but they don't, and personally with how matrix clients are handled they have mixed security, fluffychat has security issues ranging from outdated SDK versions to quite literally ddosing homeservers because of a non-existent rate limit.
The crypto stuff wasn't great but you know what's cool? You don't have to use it. Simple as that. You don't have to engage with it and you and I both know that. It's buried in settings and you have to find it yourself.
Signal is not an anonymity tool, and has never been advertised as such, if you need anonymity, signal is not a good choice. You can make it more anonymous by using a burner phone but that's a different topic.
If everything is encrypted, what could Amazon tap? You do realize sealed sender and PFS take away any trust from the server correct? It's all encrypted, your aren't trusting the server at all, it's completely trust-less, and unless you think Amazon or governments can at this very moment tap any encrypted data and decrypt it, I would recommend taking a walk outside and realize that no one, NO ONE can decrypt current encrypted standards.
Unless you can point me to a reputable article showing in great detail that signal is lying about their e2ee claims then I'll rest my case. Signal has been proven time and time again to not have any data on their users except the minimum required for the service to work, that's called integrity.
Also there will always be someone you trust on the internet, nothing will change that unless we completely rethink how the internet works.
Edit: added quotes Edit 2: added extra info
Federation is different in that:
you can chose amongst a very diverse pool of providers, including local ones that you actually have a chance to meet in person, those with shared ideals that enable long-lasting/mutually-beneficial relationships, some operating truly in the open and enabling a just and provable retribution for the offered service (i.e. "you are not the product"), etc
you can be your own provider, and with "turnkey" self-hosting options like https://snikket.org/ , it's never been easier to do it safely at small/medium scale, and cheaply (e.g. for a family/neighbourhood/association on a shared instance/RPi/…)
choosing a provider never cuts you off from the rest of the network: you are not tied to anyone, and you can migrate with no drama nor loss of contacts/histories/data like is the case when the captive networks "flavour of the year" inevitably shut down.
You must be new on the internet to believe that this is a sustainable state of affairs. Google was letting you use GApps for free until it didn't. Reddit used to be mostly usable and ads/clutter-free until it wasn't. Recently Unity pulled a weird one against their users and customers for a quick buck. Examples are plenty, and more recently people have referred to this as "enshittification" or "the tyranny of the marginal user". Such monopolistic networks are particularly prone to that phenomenon, by design. Personally I don't want to live under the constant threat of a single entity potentially changing its mind/ToS, and I certainly don't want to drag my family, friends and peers into the gamble.
fair but you missed the point: Signal already controls and enforce this aspect of your user experience, which only benefits themselves, in spite of the significant backlash. Sure you can feign blindness, but what's next and what recourse will you have ?
Integrity has nothing to do with that, Signal can absolutely be forced by law to suspend its service in some countries (e.g. to implement sanctions) and whole regions can disappear from the network overnight. In terms of resiliency, that's pretty much how email (federated) just works from anywhere, but things like WhatsApp are blocked in e.g. China or allowed to work without E2EE (e.g. in some Gulf countries).
Sure, but you missed my point, in case of sealed senders and contacts discovery, we are not talking about zero-knowledge/E2EE but about Signal basically saying "trust us, bro, we ain't looking at it" which can't be proven one way or the other.
I'm not sure that you understand what's really going on. All your messages are routed through Signal. You can absolutely infer who's talking to whom with enough frames by just matching packets popping out of X and being received by Y. Encryption plays no role in that because this takes place at a lower level. At least some protocols like XMPP let you host services entirely on Tor or to even skip the central server.