The main site is located here: molly.im
The first paragraphs on the donation page:
The goal is to build a secure messaging app with integrated support for Monero payments and a decentralized backend.
The application will be based on the Signal fork Molly.im (henceforth 'Molly') but with a privacy-focused backend that allows the user to sign up anonymously (without phone number), encrypt their local database with passphrase encryption, RAM shredding, and more.
Monero features will include the ability to set up a XMR wallet, send and receive funds, keep track of the balance, and review the history.
aexiruch@lemmy.ml 2 years ago
Payment does NOT belong in a messenger, way too high a risk of an exploit in one leading to control over the other.
SusPillow9328@lemmy.ml 2 years ago
While I agree with this, many other messengers have payments and not having them could prevent people from switching. I would rather use Signal’s MobileCoin than whatever Facebook comes up with, mobile payments are HUGE in Asia and is probably coming to the US too.
pinknoise@lemmy.ml 2 years ago
But there is no need to have it in the messenger. That just sounds like a stupid idea: make your payment system connected to the internet, addressable by name and make it parse and load all kind media. Mobile OS have per-app sandboxing so why not take advantage of it?
Seb3thehacker@lemmy.ml 2 years ago
It is optional and will be able to be fully disabled easily
aexiruch@lemmy.ml 2 years ago
Disabled != Not even in the binary. Buffer overflows regularly lead to executing "disabled" (read: behind an "if" statement) code.
peppermint@lemmy.ml 2 years ago
I don't see a problem with having messenger as hot wallet, just don't keep too much in it.
aexiruch@lemmy.ml 2 years ago
There is no good reason to risk any amount. It is ridiculously idiotic; like having a wallet on the outside of your car to pay for parking tickets... sure, it's a tiny bit more convenient and as long as you're either driving or parking your car in a garage most of the time it's unlikely the money will be stolen, but who the fuck thinks it's a good idea? Also note the risk of the reverse; Cryptocurrencies are a juicy target and lot's of code has been found exploitable over the years. I'd be just as worried about an exploit in that part leading to a breach into the messenger security... It is a fundamentally stupid idea to combine these.
Seb3thehacker@lemmy.ml 2 years ago
From the lead developer: Code that doesn't get executed cannot be exploited. It's true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you're assuming there's a prior critical vulnerability in Molly that allows to alter execution flow in the first place
Seb3thehacker@lemmy.ml 2 years ago
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?