I think the pros/ cons are fairly standardized at this point - we all know the same things:

Good

  • First FOSS platform we could actually use, because normal people can and do use it. My family’s on there. It has emoji-stickers, easy sharing, easy setup, and everything else that makes it viable.
  • Reliable, checkable encryption.
  • Good effort to circumvent bans, e.g. proxies for Iranians.

Bad

  • Occasional GPL violations, as they neglected to share the server for a while.
  • Requires a sim card, so you have to agree to a tracking device.
  • Non-federated, so it’s not sustainable. One day it’ll disappear, or get corrupted, or something, and then the entire base has to move somewhere.
poVoq
link
fedilink
12
edit-2
18d

Requires a sim card, so you have to agree to a tracking device.

Non-federated, so it’s not sustainable. One day it’ll disappear, or get corrupted, or something, and then the entire base has to move somewhere.

That massively understates both problems.

Requiring a phone-number is a huge privacy problem not only because of the device tracking, but because your phone-number becomes your ID on the network that you have to share with others to connect.

And the centralisation of the service, especially with servers & staff in the US, that allow US government services easy meta-data tracking (despite what Signal claims) is another huge issue.

And last but not least (but they seem to have eased up on that a bit), Signals requirement to use the official binary release versions of the client (instead of 3rd party compiled versions from places like F-droid that can remove Google dependencies) makes the open-source nature of the client pretty much void as it practically very hard to tell if the binary release they offer you for download is the same as what the source contains. This is also problematic as the Signal client pulls in external dependencies from Google services that are closed source and can change on a OS upgrade without the user noticing.

Damn, that makes me want to download molly. Which I am doing right now. Thank you for summarizing it. I always thought it’a bad but you nailed it, thx.

That has the same fundamental problems, with a smaller network (fewer people use it). If you’re looking for something which will never have those issues, I’d recommend anything on XMPP. Yax, for example, will let you chat with anyone on the xmpp protocol (like conversations, profanity, et c. et c.). It’ll never disappear, and if some problem arises, you can just change the client and keep your account and contacts (basically it’s e-mail but for IMs).

Molly is just a security focused fully FOSS 3rd party client.

From their site:

Molly, like Signal, uses Google’s proprietary code to support some features.

It’s Signal, with fewer users.

It’s another client, not another network. And they have a FOSS version that’s even aviable on F-Droid.

They dropped SMS support despite it being incredibly important. Disagree with a lot of decisions of the dev, like how they’re anti decentralization, anti distribution to FOSS platforms like fdroid or flathub, and adding crypto crap on top of that.

olbaidiablo
link
fedilink
417d

Because briar is much more secure and better.

_NoName_
link
fedilink
618d

A big reason for going with signal was that I could double-dip it as my default SMS app as I slowly got more people to use it. With the SMS going away, there’s not much reason for me to use it over other encrypted messaging apps. Kind of a bummer.

No self host, no decentralisation, no dice.

Unfunnyryan
link
fedilink
418d

Well what I liked about signal was the ability to set a password for App access and an on-device encrypted database to protect any SMS messages sitting on the device from snooping if I lost my phone or having an interaction with the authorities as you can’t be forced to give up a password (as opposed to fingerprint, in the US).

I never really have any encrypted E2E messages. Just used it for on-device security reasons

Its hosted in United States, so CIA and other agencies have full control over Signal. So not an option for me.

krolden
link
fedilink
317d

My brain is hosted in united States so CIA and other agencies have control over me.

Dessalines
link
fedilink
617d

You ever heard of National Security Letters?

NSLs typically contain a nondisclosure requirement forbidding the recipient of an NSL from disclosing the FBI had requested the information.[2] The nondisclosure provision must be authorized by the Director of the FBI, and only after he or she certifies “that otherwise there may result a danger to the national security of the United States; interference with a criminal, counterterrorism, or counterintelligence investigation; interference with diplomatic relations; or danger to the life or physical safety of any person.”

krolden
link
fedilink
517d

Thats fuckedup. I see now why Lemmy.ml is hosted in the eu

Because Threema is better.

Because Threema is better.

A loosely moderated place to ask open ended questions

If your post is

  1. Open ended
  2. Not offensive
  3. Not regarding lemmy support (c/lemmy_support)
  4. not ad nauseam inducing (please make sure its a question that would be new to most members)

it’s welcome here!

  • 0 users online
  • 32 users / day
  • 66 users / week
  • 153 users / month
  • 495 users / 6 months
  • 19 subscribers
  • 422 Posts
  • 3.68K Comments
  • Modlog