this post was submitted on 17 Sep 2023
146 points (82.9% liked)
Privacy
32130 readers
1210 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What is the difference between regular signal app I am on iOS so doesn’t matter just curious?
Molly is only available on Android, as far as differences it is a hardened fork of signal with an encrypted database, what that means in practice is even if someone was actively probing your phone to try to gain access to messages they wouldn't be able to due to the encryption. It's very useful if you are an active target or you don't trust your phone os to play nice. I personally use it myself and really like it but in general it's not terribly different.
[This comment has been deleted by an automated system]
It's only encrypted in a BFU state, (before first unlock). Police can probe your phone for data using a tool by cellebrite without root. GrapheneOS includes a auto rebooting feature to place it back in a BFU state but other phones will lack this feature. Using Molly's database lock allows you to not trust the OS itself by encrypting it.
edit: corrected cellbrite to cellebrite
Yeah I realize it is android only and that makes sense that is exactly what I was looking for surprised signal doesn’t encrypt the database honestly.
They used to. Then they removed it. And Molly forked and put it back in.
Makes sense thank you for clarification
The main issue with encrypting the database using Molly's setup is you'll miss notifications and calls until you unlock, this might be able to be fixed using a different database encryption setup but as it stands it would be inconvenient for many.
That makes allot of sense why signal does not have it would be a issue for most regular users.
It has a completely FOSS version that is available on F-droid. It also implements a pin which signal removed for convenience.
Its not available for ios
Yeah I know it’s not on iOS I still love Android so I try to stay up to date on Android as well even not having one. My iPhone is paid for by work so I just don’t complain .
For android Lineage os the best with F-droid as a app store.
Many will disagree with me but Lineage os has the best support and is updated once a month. None of your privacy ROMs can compete with that
Yeah but Linage OS does not relock the bootloader for extra security so if you lose physical access to your phone it is now vulnerable.
True so don't lose your phone. Its encrypted and you can use third party apps to auto wipe under certain circumstances
True but I work outside and have lost devices before sometimes it is out of are control and we still misplace devices especially when the fall out a pocket I was only pointing out I personally won’t use it for that reason is all I still would rather use Lineage OS over Graphene OS but I don’t think I will because of that one thing. I am looking at buying a used pixel hopefully soon.
the more third party apps you have, the higher your attack surface and a decrease in security. I love my mods but this isn't really a solution and should be an os feature.
How would that be implemented? The way stock does it is though proprietary software
what is proprietary about a locked bootloader? the only android fork i can recommend is GrapheneOS. you relock the bootloader on that as well.
Oh, I though you were talking about lock out and findmydevice
find my device would be more difficult to implement without a decently sized company backing it but a lock out function wouldn't be that difficult. it just needs to be implemented into the os itself rather than rely on the trustworthiness of a third party dev.
I use a app on F-droid called findmydevice. It can use a custom server but I just opted to SMS via a password