Molly: An Improved Signal App

Original Article ↗ Hacker News Discussion ↗

Android multi‑device support

  • Major draw: Molly allows linking two Android devices (e.g., phone + tablet, or two phones) the way Signal allows desktop/iPad links.
  • Users describe this as solving a long‑standing “artificial” limitation in official Signal, especially for migrating family from apps like Viber that already support multi‑device on Android.
  • Some confusion: registering the same number as a primary on both apps logs one out; Molly must be added as a linked device to keep Signal active.

Local database & at‑rest security

  • Molly encrypts the local database with a user‑supplied password and can lock/unlock it on a timer, plus wipe RAM on lock.
  • Supporters see this as fixing Signal’s “regressions” around at‑rest security and offering defense in depth against device seizure or forensic tools, especially at borders.
  • Critics argue this is an incoherent boundary: if an attacker has a rooted or compromised phone, they can capture keystrokes or unlock the app anyway; they see more friction than real protection for most users.
  • Broader debate about whether Signal’s reliance on OS‑level encryption is sufficient vs the need for app‑level DB encryption.

Push notifications, blobs, and FOSS variants

  • Molly has two variants: one using Firebase (FCM) and one FOSS build using UnifiedPush/websockets, avoiding Google Mobile Services and other “proprietary blobs.”
  • Some view Google as part of their threat model and prefer Molly/FOSS; others note UnifiedPush limitations (e.g., with multiple devices) and potential battery impact.

Backups, server control, and federation

  • Molly is praised for local backup options and the possibility of using private Signal‑compatible servers.
  • Signal’s own server code is open source, but there is no federation with official servers and likely never will be; Molly can talk either to official Signal or compatible alt‑servers, but not both at once.
  • Some see Molly as improving “digital sovereignty”; others note that any third‑party fork adds supply‑chain risk (new signer, extra trust).

Trust, centralization, and threat models

  • Skeptics worry about trusting a small fork for E2EE and mention research showing Signal’s notification behavior can leak fine‑grained usage patterns; Signal is criticized for slow response.
  • Defenders stress Signal’s open source, non‑profit status, minimal metadata design, and public stance against backdoors; they argue no decentralized E2EE system yet matches its privacy guarantees.

UX, features, and update policy

  • Several users complain about Signal’s design, lack of features (e.g., live location, richer multi‑device, web client), forced updates, and phone‑number requirement.
  • Others report both Signal and Molly as stable and sufficient, noting that frequent updates are expected for a high‑security app, even if changelogs are sparse.
  • Molly’s UI is reported to be essentially Signal with a different theme, despite the project’s “design” marketing; the lack of screenshots on the Molly site is widely criticized.