Olvid, a secure messenger, is finally open-source! They said before the end of 2021, well it's really just before the end but it's there. They released the source for their Android and their IOS app.
They are trying to sell audio calls, video calls and desktop clients as premium feautures.
Yujiri@lemmy.ml 2 years ago
Some red flags about this messenger:
They are dishonest about the merits of existing secure messengers.
From the homepage:
There is no "most secure messenger in the world"; that judgement is much too nuanced and situation-dependent for such a claim.
This is false of at least several alternatives, including Signal and Matrix.
From the "technology" link on top bar:
Objectively false. Even if you consider end-to-end encrypted and federated platforms like Matrix to "rely on a trusted third party", there are P2P messengers which truly have no servers and which solve the problem of mapping username to public key, such as Tox.
Actually, all existing secure messengers have cryptographic authentication, and I'm pretty sure some of them also encrypt as much metadata as possible, such as Signal.
It seems like they're dishonest about the merits of their own messenger.
This is huge. I'm developing a federated messenger and had given up on hiding the recipient ID when sending a message because I couldn't find a way to do it. If there's a practical way to do it, I want to hear about it. So I opened their protocol specification.
In the section "Upload message and get UID", I see that the request actually contains a list of both the device UIDs and the identity of all recipients. They call it "encoded", but it sounds like that just means JSON.
In summary, I would stay away from this messenger in favor of another option like Matrix or SIgnal.
Seb3thehacker@lemmy.ml 2 years ago
I think Molly may be trying to do something similar https://ccs.getmonero.org/proposals/vd-molly-payments-stage1.html and molly.im
Yujiri@lemmy.ml 2 years ago
Similar to what? According to their client's github readme, it's just an alternate client for the signal server (which IIRC is illegal and previous alt-clients such as LibreSignal have been shut down because Moxie threatened legal action, so I'm not sure how Molly's getting away with that).
BridgeBum@lemmy.ml 2 years ago
Marketing speak bends the truth? Say it ain't so!