Since 2016, decentralize.today has been covering messengers and looking for the most privacy-focussed and user-friendly messengers around.
Some of our team uses SchildiChat, which is a fork of Element, and really appreciate it as a self-hosted version of a federated messenger network.
However, there is no denying, that one of the best, when it comes to privacy (forget the use of a mobile number for a while), is Signal. It is also one of the most used messengers, and makes moving away from WhatsApp and the like as easy as possible. I am not a fan of many decisions Signal has made, but its E2EE (End-to-End-Encryption) is second to none!
We last reviewed Signal here:
The Signal Protocol (formerly known as the Axolotl-Protocol) was developed in 2013 by Trevor Perrin and Moxie Marlinspike and is pretty much the Gold Standard when it comes to encryption. I know some of my friends on Mastodon prefer Element or more decentralized applications but even if we all agree that self-hosted is better, we all need to give it up for Moxie as his encryption protocol is not just open-source but also second to none. It's Zero-Knowledge-Proof, which means that not only can Signal not see your messages but can not even see with whom you're communicating. Sealed Sender and Private-Contact-Discovery are unique to Signal and worth reading up on at both the links highlighted.
For further assurance, here is 'A Formal Security Analysis of the Signal Messaging Protocol - Extended Version, July 2019'.
All communications are E2EE (End-To-End-Encrypted), this is true for one-on-one as well as for group chats with Signal using the Forward Secrecy (PFS Perfect-forward-secrecy) .
So how come I am on about Signal, when the article clearly mentioned Molly.im? Well, that's because it is a Signal fork!
Molly has two different flavors
Molly, like Signal, uses Google’s proprietary code to support some features.
Molly-FOSS is the community effort to make it 100% free and open-source.
So let's get that directly out of the way! We're only looking at Molly-FOSS today!
Molly-FOSS is 100% free and open-source with zero property blobs, unlike Signal. Molly-FOSS also lets you protect the database with a passphrase-encryption. Yes, Signal offered that in the past, but dropped it for no good reason. You can lock the app at a set time to make it even more private and secure. Molly-FOSS also has RAM Shredding, which securely shreds sensitive data from RAM. Molly-FOSS also lets you back up on a daily or weekly basis. Finally, with Molly-FOSS, you can proxy your chats over Tor via Orbit.
We have talked about Signal in the past, and that is why I linked it earlier and while Molly-FOSS is Signal, it is truly open-source!
Molly has an F-Droid Repo:
And a Github release:
A nice added bonus feature is that you can communicate with anyone who uses Signal - calling, texting, video calling - plus the other end won't know you are not using the 'official' Signal app.
I, personally, would get myself an online number and set it up so truly no-one will know who you are!
Today's messenger review might not have been the 'in-depth' review that we normally do, but that is because everything that applies to Signal also applies to Molly-FOSS!, except for the features Signal is denying you and surely the aspect of being truly FOSS is a pleasant extra feeling, when using any app on your phone.