CCS - Decentralizing Molly.im to support Monero payments
ccs.getmonero.org

The main site is located here: molly.im
The first paragraphs on the donation page:

The goal is to build a secure messaging app with integrated support for Monero payments and a decentralized backend.

The application will be based on the Signal fork Molly.im (henceforth ‘Molly’) but with a privacy-focused backend that allows the user to sign up anonymously (without phone number), encrypt their local database with passphrase encryption, RAM shredding, and more.

Monero features will include the ability to set up a XMR wallet, send and receive funds, keep track of the balance, and review the history.

  • palindromi@feddit.de
    12·
    3 years ago

    Why should I want a wallet inside the code of a secure messanger?

    Keep it simple and save. One tool for one job.

    We have seen what some imported/used libraries may open holes in the software. (Hint: Log4j)

    • Seb3thehacker@lemmy.mlOP
      13·
      3 years ago

      From the lead developer: Code that doesn’t get executed cannot be exploited. It’s true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you’re assuming there’s a prior critical vulnerability in Molly that allows to alter execution flow in the first place

      • Yujiri@lemmy.ml
        3·
        3 years ago

        That comment does not make me confident in the developer.

        But you’re assuming there’s a prior critical vulnerability in Molly that allows to alter execution flow in the first place

        No, the developer is assuming there isn’t such a vulnerability. No one can know if there is or not. Applications are complex, there’s a lot of code, a lot of room for a vulnerability to go unnoticed by even a skilled programmer. OpenSSL was a thoroughly reviewed open-source library that had been widely used for a long time and heartbleed still happened.

      • Seb3thehacker@lemmy.mlOP
        14·
        3 years ago

        Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?

        • Yujiri@lemmy.ml
          0·
          3 years ago

          The difference is that image and video sharing are actually relevant features for a messenger. While it is possible to have a messenger that can only share text, and have other applications for sharing images and videos, that would significantly impact the UX.

          Anything to do with money is not a relevant feature in messaging.