this post was submitted on 17 Sep 2023
142 points (82.3% liked)

Privacy

31892 readers
416 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] LiveLGNProsper@lemmy.world 7 points 1 year ago (2 children)

What is the difference between regular signal app I am on iOS so doesn’t matter just curious?

[–] CaptainAlchemy@lemmy.one 13 points 1 year ago (2 children)

Molly is only available on Android, as far as differences it is a hardened fork of signal with an encrypted database, what that means in practice is even if someone was actively probing your phone to try to gain access to messages they wouldn't be able to due to the encryption. It's very useful if you are an active target or you don't trust your phone os to play nice. I personally use it myself and really like it but in general it's not terribly different.

[–] skullgiver@popplesburger.hilciferous.nl 5 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] CaptainAlchemy@lemmy.one 2 points 1 year ago* (last edited 1 year ago) (1 children)

It's only encrypted in a BFU state, (before first unlock). Police can probe your phone for data using a tool by cellebrite without root. GrapheneOS includes a auto rebooting feature to place it back in a BFU state but other phones will lack this feature. Using Molly's database lock allows you to not trust the OS itself by encrypting it.

edit: corrected cellbrite to cellebrite

[–] LiveLGNProsper@lemmy.world 4 points 1 year ago* (last edited 1 year ago) (2 children)

Yeah I realize it is android only and that makes sense that is exactly what I was looking for surprised signal doesn’t encrypt the database honestly.

[–] jet@hackertalks.com 8 points 1 year ago (1 children)

They used to. Then they removed it. And Molly forked and put it back in.

[–] LiveLGNProsper@lemmy.world 2 points 1 year ago

Makes sense thank you for clarification

[–] CaptainAlchemy@lemmy.one 7 points 1 year ago (1 children)

The main issue with encrypting the database using Molly's setup is you'll miss notifications and calls until you unlock, this might be able to be fixed using a different database encryption setup but as it stands it would be inconvenient for many.

[–] LiveLGNProsper@lemmy.world 2 points 1 year ago

That makes allot of sense why signal does not have it would be a issue for most regular users.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (1 children)

It has a completely FOSS version that is available on F-droid. It also implements a pin which signal removed for convenience.

Its not available for ios

[–] LiveLGNProsper@lemmy.world 3 points 1 year ago (1 children)

Yeah I know it’s not on iOS I still love Android so I try to stay up to date on Android as well even not having one. My iPhone is paid for by work so I just don’t complain .

[–] possiblylinux127@lemmy.zip 0 points 1 year ago (1 children)

For android Lineage os the best with F-droid as a app store.

Many will disagree with me but Lineage os has the best support and is updated once a month. None of your privacy ROMs can compete with that

[–] LiveLGNProsper@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah but Linage OS does not relock the bootloader for extra security so if you lose physical access to your phone it is now vulnerable.

[–] possiblylinux127@lemmy.zip -4 points 1 year ago (2 children)

True so don't lose your phone. Its encrypted and you can use third party apps to auto wipe under certain circumstances

[–] LiveLGNProsper@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

True but I work outside and have lost devices before sometimes it is out of are control and we still misplace devices especially when the fall out a pocket I was only pointing out I personally won’t use it for that reason is all I still would rather use Lineage OS over Graphene OS but I don’t think I will because of that one thing. I am looking at buying a used pixel hopefully soon.

[–] zwekihoyy@lemmy.ml 2 points 1 year ago (1 children)

the more third party apps you have, the higher your attack surface and a decrease in security. I love my mods but this isn't really a solution and should be an os feature.

[–] possiblylinux127@lemmy.zip 0 points 1 year ago (1 children)

How would that be implemented? The way stock does it is though proprietary software

[–] zwekihoyy@lemmy.ml 2 points 1 year ago (1 children)

what is proprietary about a locked bootloader? the only android fork i can recommend is GrapheneOS. you relock the bootloader on that as well.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (1 children)

Oh, I though you were talking about lock out and findmydevice

[–] zwekihoyy@lemmy.ml 1 points 1 year ago (1 children)

find my device would be more difficult to implement without a decently sized company backing it but a lock out function wouldn't be that difficult. it just needs to be implemented into the os itself rather than rely on the trustworthiness of a third party dev.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

I use a app on F-droid called findmydevice. It can use a custom server but I just opted to SMS via a password