The main site is located here: molly.im
The first paragraphs on the donation page:
The goal is to build a secure messaging app with integrated support for Monero payments and a decentralized backend.
The application will be based on the Signal fork Molly.im (henceforth ‘Molly’) but with a privacy-focused backend that allows the user to sign up anonymously (without phone number), encrypt their local database with passphrase encryption, RAM shredding, and more.
Monero features will include the ability to set up a XMR wallet, send and receive funds, keep track of the balance, and review the history.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 14 users / day
- 18 users / week
- 24 users / month
- 15 users / 6 months
- 20 subscribers
- 619 Posts
- 1.56K Comments
- Modlog
Payment does NOT belong in a messenger, way too high a risk of an exploit in one leading to control over the other.
While I agree with this, many other messengers have payments and not having them could prevent people from switching. I would rather use Signal’s MobileCoin than whatever Facebook comes up with, mobile payments are HUGE in Asia and is probably coming to the US too.
But there is no need to have it in the messenger. That just sounds like a stupid idea: make your payment system connected to the internet, addressable by name and make it parse and load all kinds of media. Mobile OS have per-app sandboxing so why not take advantage of it?
I don’t see a problem with having messenger as hot wallet, just don’t keep too much in it. Read the discussion here https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/252
There is no good reason to risk any amount. It is ridiculously idiotic; like having a wallet on the outside of your car to pay for parking tickets… sure, it’s a tiny bit more convenient and as long as you’re either driving or parking your car in a garage most of the time it’s unlikely the money will be stolen, but who the fuck thinks it’s a good idea? Also note the risk of the reverse; Cryptocurrencies are a juicy target and lot’s of code has been found exploitable over the years. I’d be just as worried about an exploit in that part leading to a breach into the messenger security… It is a fundamentally stupid idea to combine these.
You have a point, but again you have a money’s worth stake on your messenger of choice, as well as the platform. No doubt they have a lot of holes, but credit card or password stealing is the same thing. You totally forget that coins like ethereum, bitcoin and such are traceable, so there is no way to cash out stolen money.
I think having payment in the messaging app will be expected as it is becoming the norm. But I don’t like that signal is partnering up with a private crypto coin corporation.
Is the answer necessarily cryptocurrencies? Maybe a stablecoin version or just some different intermediate way to send payments privately that doesnt involve cryptos?
There is GNU Taler from GNUNet project (its not popular ofc), and hashgraph (discussion here https://libredd.it/rty0vt ), the main advantage of monero and crypto more generally is to have a way to send money.
Stablecoin is also full of shit, as in practice it is backed so little and with securities rather than moneu that it can easily crash. I heard that Nova coin transactions used in WhatsApp trigger movements in underlying USD accounts, if that’s more what you’d be expecting?
From the lead developer: Code that doesn’t get executed cannot be exploited. It’s true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you’re assuming there’s a prior critical vulnerability in Molly that allows to alter execution flow in the first place
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?
It is optional and will be able to be fully disabled easily
Disabled != Not even in the binary. Buffer overflows regularly lead to executing “disabled” (read: behind an “if” statement) code.
From the lead developer: Code that doesn’t get executed cannot be exploited. It’s true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you’re assuming there’s a prior critical vulnerability in Molly that allows to alter execution flow in the first place
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?
Posting these two comments again and again will not make the arguments against them disappear.
No one has argued against them successfully.
Why should I want a wallet inside the code of a secure messanger?
Keep it simple and save. One tool for one job.
We have seen what some imported/used libraries may open holes in the software. (Hint: Log4j)
From the lead developer: Code that doesn’t get executed cannot be exploited. It’s true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you’re assuming there’s a prior critical vulnerability in Molly that allows to alter execution flow in the first place
That comment does not make me confident in the developer.
No, the developer is assuming there isn’t such a vulnerability. No one can know if there is or not. Applications are complex, there’s a lot of code, a lot of room for a vulnerability to go unnoticed by even a skilled programmer. OpenSSL was a thoroughly reviewed open-source library that had been widely used for a long time and heartbleed still happened.
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?
The difference is that image and video sharing are actually relevant features for a messenger. While it is possible to have a messenger that can only share text, and have other applications for sharing images and videos, that would significantly impact the UX.
Anything to do with money is not a relevant feature in messaging.
Fair argument
If this materializes, is there any other signal forks, able to connect to signal servers for messaging, like molly? I remember reading about some, but I have always preferred molly.