top of page

Why you should use Signal and Molly

Marco Liberale

As the primary method of communication in modern times, instant messaging is a primary target for most organizations doing any sort of surveillance.


So, I am a very, very big fan of Signal, and I've "convinced" my friends and family to use it when communicating with me. The signal protocol is very, very cool. I personally use the Molly with encryption at rest instead of Signal for better security.


So here is my review:


Signal

Price: Free and mostly open source (contains some proprietary bits)

Speed: Great

Reliability: Great

Privacy: 8/10

Security: 9/10

Convenience: 7/10

Platforms: Android, iOS, Windows, Linux, macOS


Signal is great, especially if you are used to WhatsApp.

It uses quantum-resistant end-to-end encryption, and it's completely free to use.

But it will always use Google/Apple notifications if they are available, which could lead to your de-anonymization.

An issue with Signal is that it is centralized, so ISPs/governments can block it easily, though the Signal Foundation has set up censorship circumvention via volunteer-run proxies that significantly mitigate the issue.


Pros:

  • User Friendly

  • Very Secure

  • Has almost the same features as WhatsApp


Cons:

  • No encryption at rest (I.E., if your phone gets decrypted, there is no extra layer stopping an attacker from reading your messages)

  • Does not work well without Google/Apple services

  • Requires a phone number


Who is it for

From the average individual who cares about their privacy to someone being targeted by a semi-sophisticated actor (e.g., corporations)



Molly client for Signal

Price: 100% FOSS (Free and Open Source)

Speed: Great

Reliability: Great

Privacy: 8.5/10

Security: 10/10

Convenience: 6.5/10 (4.5/10 with encryption at rest)

Platforms: Android


Molly uses the same signal servers and protocols as the main signal app, meaning that it allows you to communicate with people using signal but comes with a lot of security improvements.


For example, you can set up your own notification server or get the notifications directly from the source via WebSockets.


It also comes with encryption at rest, allowing you to use a password to encrypt your messages, making it almost impossible to decrypt without snatching the phone out of your hands as the app is open or guessing the password. You can set it to encrypt your data every time you leave the app (note: you will not get notifications while the data is encrypted) or every time you reboot.

You can route both notifications and messages through TOR via OrBot, meaning that you can circumvent blocking of signal servers.


Pros:

  • looks and works the same as Signal

  • You can enable encryption at rest.

  • You can get notifications without Google/Apple services.

  • Works well in a de-Googled phone

  • You can route both notifications and messages through TOR.


Cons:

  • Android only

  • If you forget your encryption password, your messages go bye-bye (you can enable backups, but it kinda defeats the purpose of encryption unless you also encrypt the backup decryption key with the same password).

  • Not using Google/Apple notifications will drain your battery a bit (not a huge issue unless you have an old phone).

  • Requires a phone number


Who is it for

Someone who is being targeted by actors with the ability to send psychical attacks or get notification info

48 views

Recent Posts

See All
bottom of page