You have to appreciate the complete transparency, gently nudging towards giving without ever begging for it.
Refreshing compared to the alternative that Wikipedia is showing, with the tantrum-like emails we receive from their CEO like "LAST REMINDER" or "We've had enough" ; which they ironically send to people who gave.
Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
I would much prefer the Wikipedia endowment model of non-profit orgs. They have a standard operating procedure with a predictable budget, and endowment that let's them run indefinitely, and we just have to suffer through pledge drives. I just block them with ublock filters. I gave them 6 dollars back in 2012, and according to their marketing that is enough for life.
No. They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.
More broadly, I don't have to excuse bad behavior just because somebody's making money off it or because it makes some too-narrow metric go up. Yes, it's a complex and imperfect world. But to me that's a reason to work harder to make things better, not a reason for people to say, "fuck it" and make the world worse.
> They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.
This, absolutely! they play on people's psyche and mental cabling by trying to guilt you in the same way your parent would ; it's manipulative, and I have an absolute hatred for these tactics.
I'm good at detecting manipulation now, and the more someone tries to manipulate me the less I will give in.
I just put my money toward people who don't do that crap, and I want the manipulators to see that I'm giving money to their non-manipulating competitors.
Companies do it because it works. You're blaming bad behavior on the people that are being manipulated because, according to you, they have psychological problems. As if the people being manipulated being disabled somehow excuses the company taking advantage of them.
Exactly. Taking advantage of vulnerable people is not a legitimate defense, the fact that they are easily exploitable makes the behavior even less moral.
I'm not saying they are not wrong - it's unfortunate that there is a second hand market for fundraising consulting. It doesn't accomplish anything productive, yet here we are. The key point is to understand that this is caused by Wikipedia having too much funding, not too little. As internet denizens, we can be proud that an open source store of knowledge has money to blow on wasteful consulting, and then proceed to create our ublock filters worry free.
This is different than what is currently going on with venture backed services like reddit and youtube. I would argue that we should block ads there too, but there it is an arms race where we have to consider ways to protect ourselves from encroaching privacy violations. It's much ruder, and that is something we should actually be mad at.
I donated regularly until I learned the darker side of their behavior. If they’d be more transparent, I might start donating again. Is it so awful to ask for organizations to act better to receive voluntary support?
It's a good idea to be careful where to donate your money to. Most of us have limited resources, and while we should donate to worthy causes certainly, we have the responsibility of at least trying to put those resources to good use that reflect our own values.
You ever checked out Uncyclopedia? Nothing on that site is not like, hysterically funny and random. I'm glad Wikipedia has been such as inspiration to us all XD
> Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
It's still shitty, even if it's a shitty "standard practice" and not a shitty thing being done to me particularly.
Honestly, it seems like Wikipedia's goodwill is seen as an exploitable resource, that people in Wikimedia are using to do other, unnecessary things (probably building little personal fiefdoms).
Sort of like Mozilla, actually. IIRC, they literally won't let you give them money to fund Firefox development, and any donations you give them go to fiefdoms almost certainty entirely unrelated to why you gave them money.
Yeah I agree. But that's consulting for you. There is a lot to not like about the evils of consulting, but wikipedia being free and doing pledge drives are on the more mild side of what's wrong.
I donated to the Southern Poverty Law Center a few years ago. A physical address was a required field on the donation form. I have never stopped regretting it, because GODDAMN! They started hammering me with physical mail asking for more money immediately and have not stopped.
In case you're still giving money to them, perhaps consider not donating to an organization that marks people as bigots for speaking against religious extremism.
edit They do do a lot of good work in marking actual hate groups though, so I suppose it's a net positive still even if they miss a few strikes.
Just curious why you used an address that's associated with you. Choosing the address of a place like a park, which is a real address that has no mailbox or direct association with you, ought to be the default if you don't want to be spammed to hell and back.
I was young and naive!
Also, I wanted to make the donation immediately, while I was thinking about it. I didn’t want to put it on a back shelf of my mind and forget about it for a few years, and I assumed “The Good Guys” wouldn’t use my information in a negative way.
Apologies in advance as I may be saying contrary to the sentiments here against Wikipedia fund raising. I also get the same emails and the banners. I diligently donate what I can. I don’t know where my funds will go. But what I do know is that I use that website practically twenty times a day and get something of value.
Wikipedia is particularly insulting because they make enough money to cover the actual costs of running Wikipedia (the site) in days if not hours, and could operate for years without any additional donations: https://news.ycombinator.com/item?id=32840097
It's personally insulting that they lie and make it seem like they need the money to keep running, and that your donation will go towards helping Wikipedia itself, when they do not and it does not.
There's a difference between "donate if you appreciate this website" and "donate if you appreciate this website because we will have to shut down otherwise (not really though)"
Wikipedia is... nuanced. Keep in mind that the entity doing the fundraising is the Wikimedia Foundation. They pay the hosting costs, but return nothing to the actual Wikipedians (editors, admins.) Instead, what's left is used to pay the salaries for hundreds of administrative employees, fund third-party charities, and so on. You can love Wikipedia but have misgivings about the Foundation.
It includes staff, but not new stuff. The new stuff seems to be mostly things not directly related to Wikipedia, like funding third-party projects or causes. I'm trying to be politic here: many people don't like the projects they are funding with donation money, and others just don't like that they give money to any projects, and other people don't like that they keep the banner up after they've paid for salaries and keeping the lights on.
The point of Wikipedia is not to have some servers ticking over. The project has a vision: "Imagine a world in which every single human being can freely share in the sum of all knowledge."
I agree it's not ok for them to lie, and am bothered enough by their dubious fundraising tactics that I stopped donating. But that's a totally separate concern than whether Wikipedia's mission is complete.
What is the mission for Wikipedia beyond doing what they already do, which is just hosting the largest internet encyclopedia? Purely curious because I thought Wikipedia was pretty much at its end game for what it wants to accomplish that is the job of the organization rather than the job of all of its volunteers.
> The Wikimedia Foundation's mission is "to empower and engage people around the world to collect and develop educational content under a free license or in the public domain, and to disseminate it effectively and globally."
Its mission is not just "hosting" - actually creating an encyclopedia is much more than paying for the server costs.
Wikimedia produced many very useful projects which often integrate into Wikipedia, but work well standalone as well, and work towards the stated mission - projects like Commons, WikiData, WikiSource. Some projects are more useful than others, but that's just normal.
Wikipedia is the marketing face of Wikimedia. People donate to the first, but the money gets used by the second, and Wikimedia grows to use all of the money it receives. Wikimedia has no solvable mission, its just a mechanism to turn donations for a project people like into donations for arbitrary causes.
> The project has a vision: "Imagine a world in which every single human being can freely share in the sum of all knowledge."
That's not their vision. Not only do they require entries to be notable, they'll remove information from articles that are, in their editorial judgment, too long. Neither action is compatible with the goal of sharing the sum of all knowledge.
It is, because removing this barrier to entry and editorial power would lead to spam and SEO bullshit, which arguably already exists. Knowledge does not equal amount of content.
Seems almost mundane, as if they’re running a very effective foundation that’s actively achieving their goals. See the recent Cambridge study that explored how their governance has been effective at promoting moderate discourse while suppressing misinformation and hateful content: https://www.cambridge.org/core/journals/american-political-s...
Uh, the opening paragraph of that second leads reads to me like wikipedia effectively got ideologically captured and got rid of all editors who didn't agree.
Seems off. They have 250 million in net asset and hosting costs 2 million a year while they spend 88 million on salaries and still beg for money each year?
I'm a lifetime member of my university's alumni association. This means I routinely get physical mail with headlines like, "YOUR OFFER INSIDE," and then the "offer" is to give them more money.
There was a comic I've never been able to find about wikipedia asking for money, it basically had them being that one crazy dude yelling at you to donate, and getting worse as time passed and you tried to ignore them. Then it showed a raw screenshot of wikipedias nag screen. Unsure who drew it or where it went, but I regret not archiving it, because it conveys what it feels like every time. I just don't want to donate if I have 0 control of where my money goes. If it's straight to paying the bill for the infrastructure, then sure.
Aside from the salaries, which I agree are a problem, I think there are a lot of architectural issues that are both costly and not so secure.
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.
6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.
This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
I tended to agree with your sentiment. But the reality is that for some unknown reason to me, it's companies from SV the ones that get famous and used globally.
Why didn't this start from say Mexico? Or Singapore or Vietnam? Or at least Germany which has a good record of freedom conscious tech scene .
My bet is in something related to the "maslow pyramid": people in SV have so much money that have everything solved in their lives, so they have the luxury of spending their time in this sort of problems.
1. It's a network effect. If you're raised around doctors, go to school with prospective doctors, and your school gets many university recruits from a good doctor college, you will strive to be a doctor more likely than not. SV had a bunch of tech companies and falls into the same kind of environment.
2. It's probably a matter of Venture capitalists. Even if you aren't from SV, you may strive to go there to get funding for a pitch or find talent. Similar to your prospective actor that moves to Hollywood. Go where the crowds are.
Now, we can ponder why SV became a tech hub, but current market forces makes it ripe for tech startups.
Nonsense. Asking for donations as a millionaire (which is what these people are) is a bit awkward.
This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland. Bay area salaries are vastly inflated in terms of value for money.
There is lots of talent elsewhere of course. I live in Europe. Lots of smart people here. I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
And of course the elephant in the room here is that money is running out because this organization has a cost problem. Inflated salaries, insane cost for things that they should arguably get rid off (like the SMS bills), etc. That's a leadership problem. They aren't even getting value for money despite those salaries.
>I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
They are building a secure communicator that a normal person can reasonably use - and succeeding. Something nobody else before them managed to pull off. If this isn't rocket science I don't know what is. Not to mention that they pioneer cryptographic protocols in this area, which other messengers later use.
>This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland.
I'm also from Europe (and love it, despite its flaws) but this comes off like whining. If it's really so easy, maybe the smart people here should create their own Signal and reap that overinflated salaries, what do you think?
Or maybe smart people are not enough and you also need VCs, reasonable taxes, laws... Oh btw, did you hear about those plans of EU to get rid of E2E encryption?
Their #1 goal is not to be the most private solution. Their goal is to make day-to-day communications of most people difficult to surveil.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
Outsourcing identity to operators just moves the problem. And it adds a lot of privacy and security concerns. Besides, other platforms manage just fine without phone number based authentication (which is what this is).
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
The reason I don’t use signal much is this link to a phone number.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
Why does an organization with about 50 employees need 4 C-level executives, totalling about 2M compensation per year? Or perhaps it's 7 C-level executives (3 hiding under the "Software developer" title) totalling about 3,7M compensation per year?
I'm absolutely not donating money to such a thing without an answer to this question. As a counterpoint, I am a member of a local (Finnish) non-profit organization, one of whose many services is Matrix. This costs me 40 euros per year and none of that money goes to C-level executives.
I find this hypocritical. C executives of tech orgs with world class products often have eight figures compensation -- if not from salary then from stock options. I do not see any excess here. You need to pay to compete.
> I do not see any excess here. You need to pay to compete.
What you mean with pay to compete? The goal of Signal to exist is to offer a privacy oriented chat app. Non-profit companies serve a propose, and people not aligned with that, shouldn't be working there in the first place. If you join a non-profit to make money, you are doing it wrong.
So all the programmers who work there should live on thin air? I agree that ideally the management should not be there for profit, but come on, the salaries are not even that crazy. I suspect FAANG key employees in that area easily earn multiples of that.
That line of thought is exactly why FAAMG companies tried to lower salaries for CoL when they opened up to more remote roles. I don't know if thst was fair, but it wasn't something appreciated by many engineers during the pandemic.
It's also how and why long ago they tried to outsource a lot of engineering. They still do try. But that's not an easy transition either.
What is the problem of managers of a non-profit company earning around 700k/year and the company is writing blog posts complaining that the the company operation is too expensive? I think if you read it aloud, you will understand it.
When the numbers total $50m in operations and the CEO is making about as much as a principal Google engineer: no, I don't see the issue. Even if he made $0 the issue remains given that every part of the server operation costs more than him.
But sure. What do you think is a fair salary or totalccomp for a founder and CEO of a popular, privacy focused app?
> CEO is making about as much as a principal Google engineer
From a company living from donations... It is illusion (probably a California thing), to think that you are going to compete salary wise with FAANG. The time will tell (well their complaining about money, is already hinting it)...
But they aren't. A principal engineer is not a CEO but probably makes more at top companies.
I don't even work at a FAANG and I was making almost as much as the director there who lists 200k or so total comp. Probably with 20 years less experience to boot. I don't live in SF either; High CoL area but not SF.
That's why I asked you what's a "reasonable" salary. I'm wondering what your POV here is in terms of compensation.
Signal is competing with for profit companies for talented engineers and their talented leaders. You can't just cobble together something "good enough", this thing must be airtight given some of the dangerous situations it is used in.
And you get a world-class service that a lot of people can use for free and keeps their communication private in return. I'll happily keep donating for that.
I'm sure there are some costs that they could theoretically cut without consequence. Because the same holds for any other product I buy.
Indeed, I’m blown away these numbers are so low. I know multiple senior software engineers at FAANG companies who make more than the software engineers on that list, and they contribute roughly nothing to society. I have zero qualms with Signal executives and employees being paid at that level.
Absolutely. A former student of mine worked for a non profit in Afghanistan (his home country) for a few years. Said non profit was flying in McKinsey consultants for very short gigs at six figures (USD).
Same can be said about many LGBT non profits that have shifted their goals in the developed world on the "T" part of the acronym. On countries where marriage equality is a given, no one is going to fund an NGO focused on gay marriage... so they need a new cause to fight for.
How is it transphobic to say organizations focused on LGBTQ shifted their alignment for the one part that isn't widely accepted in developed because others for the most part are?
Its a transphobic conspiracy theory to say, as moravak1984 explicitly did upthread, that they did it for money not because its an actual real issue where they perceive an injustice, whereas the issues where they've already won, and thus are shifting some attention from, are not, or less so, specifically because they have succeeded in shifting the situation on the ground.
Why is it transphobic? Is it not possible for an organization to do something for money? I am not accusing any particular organization of doing so, but it absolutely should be a legitimate concern/question.
In fact, I would consider it transphobic to not call out organizations with ulterior motives.
The reply to my suspicion from the same person was so transphobic it got removed. I can smell these people from a mile away. Fragments of it survive in https://news.ycombinator.com/item?id=38301956
> safeguarding of children against mutilation and sterilisation,
I am so, so tired.
None of that happens.
GnRH analogues are commonly used in gender affirming care, these are reversible.
Surgery is not done on minors.
> the protection of women's single-sex spaces,
Predatory men have absolutely no problems finding opportunities to predate on women. This made up crap need not happen.
You are parroting sound bites on issues you have no understanding of. For the sake of humanity, literally, please stop and start reading. You are on a very dark path.
There have been cases of minors getting genital surgery too. For example Susie Green, who used to run the Mermaids charity, is infamous for taking her child to Thailand on his 16th birthday for penis inversion surgery.
> Predatory men have absolutely no problems finding opportunities to predate on women.
Exactly, any male who disregards women's boundaries and imposes himself on a female-only space is exhibiting predatory behaviour by ignoring the lack of consent. Those males who call themselves women are no exception to this.
> Trans women are not males who call themselves women, though.
They are male, by definition. If they were female then they would actually be women, rather than men trying to mimic women - which is the reality of 'trans existence' for these males.
They really have no business imposing themselves in female-only spaces. Rejecting this form of male entitlement and keeping them excluded from these spaces that are not for them isn't 'genocide' by any means. That is sheer hyperbole.
> However, sterilization (aka genital surgery) still is not a thing.
Genital surgery for minors is rarer but it actually a thing that happens. For example, reality television victim Jazz Jennings was sterilised at 17 years old.
Idk man, I think this shit should be between the trans person and their doctor. We already pierce the ears and rip the foreskin off babies, and minors can get boob jobs and nose jobs already. Minors get all manner of drugs prescribed. If a doctor thinks some treatment is appropriate for a kid, okay. If it turns out to be medical malpractice we have the court system for that.
Also, I disagree that men in women’s bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper. Also, the bathroom thing is super weird, like how are you gonna enforce this in a non imposing, non disregarding of boundary way? Already butch women experience harassment for not performing femininity, and there’s news articles where nosy weirdos harass them in bathrooms…
> Also, I disagree that men in women's bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper.
I don't agree with you on this, in almost all circumstances they should be using the bathroom appropriate for the sex of the adult, which in this case is the male one. If there genuinely is no baby changing facility available that isn't in the ladies' bathroom then for the welfare of the child an exception can be made, but the father needs to check with the women using this space first.
This scenario is very different to the males who feel entitled to use women's spaces whenever they please and for their own satisfaction, rather than to provide for their child as in your example.
> Also, the bathroom thing is super weird, like how are you gonna enforce this in a non imposing, non disregarding of boundary way?
All that's really being asked for is for males to understand that female spaces are not theirs, to voluntarily refrain from entering, and to acknowledge that women have the right to have violators expelled.
The problem is that far too many males truly cannot conceive of the idea of simply respecting the space and boundaries of women. It literally doesn't cross their minds, so they immediately jump to whether or not women can forcibly stop them. The belief seems to be that if a woman cannot enforce this, they may take anything they like from her with impunity.
Perhaps that's not the connotation you intended, at least not consciously, when you wrote 'how are you gonna enforce this'. But I believe this form of male entitlement is what this implies, even with the best of intentions.
“How are you gonna enforce this when it primarily harasses the women you claim to protect” isn’t a male claim. Way more women who never experienced male puberty and don’t have/never had a cock and balls are sexually harassed about this shit than trans ever are, just because there’s probably 100x more short-haired small-titty chicks than trans women.
Also, frankly banning fathers from protecting their daughters in bathrooms and changing their diapers is discriminatory. There’s nothing predatory about a dad changing his infants diaper and it’s utterly disgusting to portray it as such. This is precisely the gender discrimination we should be fighting against as a civilized society. Women aren’t fragile creatures who cannot see context and understand what is and isn’t a threat to them, and men aren’t inherently dangerous for not even interacting with women just being attentive fathers! This is so insulting to both sexes, I can’t even.
Like I said in my last comment, if you're thinking about female-only spaces only in terms of how women can forcibly stop men from entering, then you're looking at this from the perspective of male entitlement instead of focusing on women's needs. How about instead, the males just respect women's spaces, and stop trying to convert every female-only space into a mixed-sex space? Every time a so-called "trans woman" disrespects the space and boundaries of women for his own selfish pleasures, he's adding to this problem. It really shows how little these men actually understand and empathise with women, when they're exhibiting this dominance behaviour.
Also, some female-only spaces can be and are enforced by authorities with the resources to do so, for example prisons. It is well understood by most people that prisons need to be separated by sex for the safety and dignity of female inmates. The problem is that in some places, women's prisons have been incarcerating men who say they have a "female gender identity" in there too. There have been numerous cases of these men raping, sexually assaulting and even impregnating the women they have been imprisoned with. It is appalling and shows exactly why women need single-sex spaces away from these predators.
> Also, frankly banning fathers from protecting their daughters in bathrooms and changing their diapers is discriminatory. There's nothing predatory about a dad changing his infants diaper and it's utterly disgusting to portray it as such. This is precisely the gender discrimination we should be fighting against as a civilized society.
No, what is needed in this case are baby changing facilities in male and gender-neutral spaces. Not carte blanche access to female-only spaces by men.
Also please actually read my comments before responding. In no way did I say or even imply that a father changing his child's nappy is predatory. I believe it's a good thing when fathers are more involved in child care than is traditionally the case. You are railing against an argument you invented inside your own mind.
Nah you said Carte Blanche anyone male in such a space is predatory, including dad changing diapers and trans women peeing not talking to anyone. You’re also still not addressing the fundamental fact that women who have never experienced male puberty experience far, far more abuse by other nosey weirdos trying to get into their genitalia just because they don’t perform the sort of femininity demanded to enforce who gets to take a piss in the McDonald’s.
> Exactly, any male who disregards women's boundaries and imposes himself on a female-only space is exhibiting predatory behaviour by ignoring the lack of consent. Those males who call themselves women are no exception to this.
Then it was you who brought up this unlikely scenario:
> I disagree that men in women's bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper.
To which I replied with the following, consistent with my earlier comment in that the father needs to ensure that if such a rare and urgent scenario should arise, he receives consent from the women present and to ensure he isn't disregarding boundaries and imposing himself:
> I don't agree with you on this, in almost all circumstances they should be using the bathroom appropriate for the sex of the adult, which in this case is the male one. If there genuinely is no baby changing facility available that isn't in the ladies' bathroom then for the welfare of the child an exception can be made, but the father needs to check with the women using this space first.
> This scenario is very different to the males who feel entitled to use women's spaces whenever they please and for their own satisfaction, rather than to provide for their child as in your example.
Of course the best option is that baby changing facilities are provided in unisex or male-only spaces too, which is often the case these days.
As for this part of your comment:
> You're also still not addressing the fundamental fact that women who have never experienced male puberty experience far, far more abuse by other nosey weirdos trying to get into their genitalia just because they don't perform the sort of femininity demanded to enforce who gets to take a piss in the McDonald's.
Firstly, there are no women who have experienced male puberty. The people who experience male puberty are boys and then men.
Secondly, this isn't a "fundamental fact", it's something you're claiming because you want to try to justify the invasion of women's spaces by men who pretend to be women.
Thirdly, I see you're still narrowly focusing on bathrooms and are ignoring the growing problem of these men demanding and gaining access to other spaces that were female-only up until their incursion. Any comment on, as I discussed above, that in some jurisdictions these men are being incarcerated in the female prison estate, and how harmful this has been for women prisoners?
Profit or non-profit is not about paying market rates. Even non-profits have to pay reasonably competitive salaries to attract and retain good employees.
> 501(c)(3) tax-exemptions apply to entities that are organized and operated exclusively for religious, charitable, scientific, literary or educational purposes, for testing for public safety, to foster national or international amateur sports competition, or for the prevention of cruelty to children or animals.
Signal foundation is a non-profit 501(c)(3). It is literally and legally a charity.
Charities aren't charities in the colloquial sense of the word. It's not a truly altruistic collaboration of volunteers giving their time to help a cause.
Non-profit simply means that every bit of revenue made goes back into the company instead of given out to shareholders. Which includes paying your labor.
It being a non-profit is exactly why we can view the operating expenses and salaries of the public facing executives. For accountability.
They don't break out salaries specifically, but personnel costs are in this paragraph:
> To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
From the same link, it seems like his compensation was much higher in all the preceding years. Not sure what changed this year, but I agree it's a bit refreshing to see. Especially since he's probably made good money throughout his career
I think the lower 2022 numbers reported for Moxie Marlinspike reflect that he was only involved as CEO until February 2022, so $80k would make sense as ~2 months of salary before Meredith Whittaker stepped up to the role.
Salaries:
Pretty abusive salaries for a non profit but that seems to be pretty much the standard nowadays, right?
Bandwidth:
I took at quick look and see that chat.signal.org resolves to AWS. If they are paying AWS for a lot of bandwidth, that is very expensive. Let's take a quick look:
They say they use 20PB per year of bandwidth for voice calls alone, this costs them $1.7M a year.
According to AWS pricing for great customers (suckers) of over 150TB per month, the cost per GB goes waaaay down to $0.05, yay. 1.6PB per month is 1600000GBs, that's $80K a month and therefore $960K a year.
Very roughly, a 10Gbp/s link to the Internet, from a Tier-1 provider will be around $800 (eight hundred dollars, you're reading this right) a month in a low-bandwidth-cost country like the US, possibly double that in say Asia.
A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
So we have ~$10K a year (negotiable) for 36PB which is double their bandwidth needs but let's not forget that AWS graciously (geniously) charges for egess only, this means that their actual bandwidth needs are 40PB per year for whatever they are reporting. So we have $10K for 36PB a year vs $960K a year for 20PB (actually 40PB) of bandwidth from dear Amazon.
1. Not sure why they are saying the cost is $1.7M per year.
2. Even at 960K it's daylight robbery.
3. AWS makes an absolute killing on bandwidth costs. Best. Business. Model. Ever.
4. Don't these guys have a Devops pro at $300K+ a year? weird :)
Servers:
I won't get into the numbers here as that's a lot more involved, and impossible without more data, but buying and maintaining your own infra, or possibly easier, renting it, would still be quite a lot cheaper than using AWS.
Takeaways:
- Storage is something you should buy and maintain (Thanks B!), you swap out old/dying storage devices. See Backblaze.
- Bandwidth, compute and storage costs at your favorite CSP are absolutely f'ing *outrageous*
- If you care about your money, your bottom line, do things differently than the *insane* mainstream way of clickity-click on some UIs to provision services without understanding what's really happening under the hood (not saying Signal doesn't understand that part, I'm sure they do), or caring about the added costs of whatever gets so easily "added" to your "infrastructure".
- By having your stuff on a CSP you don't even have "infrastructure", but that's juts me.
Anyway, I do love Signal, what they do and what they represent. Keep up the good work.
Signal, mail me at m aaaat zynk.it if you'd like to talk.
> A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
I understand this is napkin math, but shouldn't we consider that the load isn't evenly distributed? - in which case 50% average utilization seems extremely high
> I’ve got a recurring donation of $5/mo I set up ages ago
Thanks for that, I did a one off 300 euro donation back in '21 during the bubble market; Meredith has been doing the rounds [0] and she hits on lots of good points, and even went to the UK over their now failed bill during the Summer.
Because this isn't the only one way to donate, and if it were subject to the 30% cut, most people would want to know they could spend a couple extra hours steps for 30% additional impact on their donation.
Very few people are going "No apple pay? No donation."
> if it were subject to the 30% cut, most people would want to know they could spend a couple extra hours steps for 30% additional impact on their donation.
I had an old Apple Store & iTunes gift card laying around so I redeemed it and attempted to use it to donate via Apple Pay, but get "Apple Account - Not enabled for in app payments". Google isn't very helpful about exactly why. Am I missing some KYC somewhere or are payments of this type prohibited from "Apple Account" balances?
I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
Most people using Signal - and particularly most people likely to donate - are not using it to hide their identities, but to decrease the chance of unknown parties reading their conversations. My Signal account has my full name on it, and checking my top contacts, most of them do too (some only have their first name).
> I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
Your payment info is not connected to your account.
There doesn't seem to be a way to pay annually, which I'd prefer to a monthly payment. £5/month is just a little high, but I'd merrily pay half that or £30/year.
There are two forms at https://signal.org/donate/, the second one lets you set a yearly donation at a custom amount (and both forms a monthly donation at a custom amount).
Seriously consider setting up a recurring donation if you prefer Signal. They have delivered consistently over the years. I set the $20/month back when they introduced the option.
I'm curious what the breakdown of donations is. I only have 1 contact with a $10/month and 1 with a $5/month badge. Of course there could be others not displaying the badge. Signal really needs 500,000 people giving $20/month and plus the rich guys giving some millions on top of that to be in a safe financial position.
Maybe something that could be done to encourage donations is have the client estimate how much raw infra costs your usage created and display in the donation screen.
20/month for every chat service I use is very steep. I'd be spending more on chat services than on mobile data + unlimited calling + landline + DSL + streaming services combined!
They actual costs are apparently about 1 USD per year per user. I usually at least double (usually more) my incurred cost when the donation is optional, to cover for those who can't or won't pay, but paying 240× the cost price seems wasteful as well when there are other nonprofits that can do more good with every dollar you give them (be it solving poverty, climate change, whatever you find valuable) rather than one which has mostly fixed fees
I'm not suggesting every chat service get donations. I'm only giving to Signal, the rest of the chat services I have to use get 0.
I'm donating more than my costs deliberately because I fully understand that most users are not going to contribute money, full stop. I need those users though, because they are the people I want to privately communicate with. So the obvious thing to do is pay for as many other users as I can. If there's 50M monthly active users, and if 1% of them are like me and highly value Signal, then each of us 1% users can pay $20/month and cover the entire operation. Then the contributions of the super rich donors can be saved to rebuild the war chest.
$20/month is nothing to me considering the value I get. I understand that most won't feel that way, which is why I'm only appealing to those who do feel as I do to just get that recurring donation going now.
- whatsapp cuz some friends dont really get signal
- imessage cuz some friends dont get whatsapp nor signal
- viber cuz family across seas and that's whats popular there
- slack with some friends cuz it's nice to have focused discussions in channels
- discord cuz its better for gaming
- ig messaging cuz i stay in touch with less close acquaintances and some friends that way, comment on their stories and chat about whats going on in the moment
There's also Wire, IRC, Telegram, and Threema. SMS I also have a subscription on, but that feels different so I didn't include that in my count, and Keybase I haven't used in a while now but that might also be part of the list for some people
I fail to understand the point of supporting an organization that is completely against self-sovereignty like Signal is. Why would I want to pay someone to develop something that traps me into their platform and does not offer a way out?
Great, you go ahead and get all your friends in family using Matrix. I'll join you there when all that is sorted out and it's practical to get my lawyers and doctors and accountants and friends and family onboard. Until then, we'll keep using Signal.
First, you talk like Signal never had any issue with usability or functionality, which is far from the truth. Signal amount of bugs and security issues with their client is notorious, and the insistence of requiring phone numbers is just a silly "let them have cake approach" that is conveniently ignored for too long.
Second, are you hedging your bets and supporting Matrix or XMPP as well, or will you only encourage people to "donate" to the platform that you happen to have picked already?
Yes, I am encouraging people to donate to Signal because I prefer it. Why would I be soliciting donations for something I don't favor? If you want to contribute to something else go right ahead, but this is a thread about Signal's financial needs so it shouldn't surprise you that Signal supporters encourage other supporters to donate.
I also use Matrix. Element has been pretty good for a few years now, but it's still not smooth enough for mainstream use. (Encryption state in chats gets messed up sometimes, for example. It feels like Signal 10 years ago, and it's had security issues in its client also)
The Matrix protocol is also inferior to Signal in that all metadata is stored in cleartext on the server. You get to choose or run a server, but the protocol still leaks the user info to whoever runs the home server and to any foreign server that has a user in the same channel if you are using it in a federated context. Signal manages all of this by peer to peer messages where cleartext is only available to clients, which is really slick.
XMPP is just dead. Forget about XMPP. Matrix is the clear leader in the federated messaging system category. I'd like to see Matrix displace things like Telegram, Discord, and Slack. I may donate to Matrix affiliated projects in the future, as I also donate to other open source projects from time to time, but I'm not going to promote any of those things in this thread.
> Why would I be soliciting donations for something I don't favor?
Because you are (consciously or not) creating a self-fulfilling prophecy for one champion over the others. Worse still, you are asking everyone else to devote resources to your preferred champion when we have no reason to believe that this is long-term sustainable.
> The Matrix protocol is also inferior to Signal in that all metadata is stored in cleartext on the server.
As I said in another thread: I honestly care less about the security guarantees from one protocol over the other than I care about the fact that pushing for Signal would mean that everyone's communication would be tied to one single provider. This is a systemic risk that no amount of "you don't need to trust us, you just need to trust math" can ever mitigate.
I don't care about your preferences. I'm consciously using and giving money to Signal, and I'm encouraging others to do so. Go ahead and work on or use or donate to whatever you like.
You can export to markdown apparently. Who's locked in? It might be a pain to import that into any other app but I don't think any messaging app is going to make that easy. You still have all your data if you want to bail
Given how many activists have used it in overthrowing dictatorial governments, self-sovereignty seems an odd choice of words to claim it doesn’t support.
Perhaps it was a bad choice of words. What I mean is that they say "you don't need to trust us", yet they require you to run through them. They refuse to build their system in a decentralized way, and the more that time goes by the more the decentralized alternatives are showing they are as secure as Signal without forcing us to accept their restrictions like mandatory use of phone numbers for authentication.
you literally don't. It's a fully encrypted service. The literal purpose of encryption is to move data securely through insecure or even adversarial channels. Which you can verify, it's audited and open source.
They refuse to build the app in a decentralized way because decentralization is an ideological obsession that is useless in this context, and because centralized organizations can actually ship polished software that works for normal people and move quickly.
Centralized supply chain, and metadata protection is anchored on SGX.
They can use their pick of SGX exploits to undermine the weak metadata protections and they (or apple/google) could, if pressured, ship tweaked versions of their centrally compiled apps to select targets that use "42" as the random number generator. No one would be the wiser.
Signal is a money pit with a pile of single points of failure for no reason.
Matrix is already proving federated end to end encryption can scale, particularly when users are free to pay for hosting their own servers as they like, which can also generate income.
> They can use their pick of SGX exploits to undermine the weak metadata protections and they (or apple/google) could, if pressured, ship tweaked versions of their centrally compiled apps to select targets that use "42" as the random number generator. No one would be the wiser.
Signal builds on Android have been reproducible for over seven years now. That's not to mention the myriad of other ways that people could detect this particular attack even without build reproducibility.
Moxie made it very clear he never wants third parties like f-droid -actually- reproducing and signing packages for distribution to de-googled signature-enforcing android distros etc. Providing side-loadable apks as an alternative a joke.
Third party builds and distribution would serve as public canary and be better for privacy forbidden. He argued the tracking advantages of centralized development and distribution outweighed any wins of allowing third party clients.
In reality a build published with a breaking change and a subtle crypto backdoor omitted from public sources may not be discovered for days or longer. Long enough to decrypt most every convo on the planet.
Something built like any other internet protocol with staying power.
A federated network with multiple strong client and server implementations that are able to be built, reproduced, and distributed by multiple independent parties. Like Matrix.
Matrix is far from perfect yet but it is miles beyond Signal in being a sustainable solution that can survive any single point of failure.
> can actually ship polished software that works for normal people and move quickly
They can ship it, because they got a fuckton of money. But apparently they can not maintain it, because now they are crying about how expensive it is to run it.
Signal is acting like a sprint runner who signed up for a Marathon and wants to be carried out to the finish line after showing how much faster he was in the first mile. That's what I think is dishonest here.
> Given how many activists have used it in overthrowing dictatorial governments
How many? There's some news about it being recommended for use by BLM protesters, and about it being blocked in China, Iran, etc. Where is this info about it being used in "overthrowing dictatorial governments"?
You're moving the goal post from "self-sovereignty" to supports federation with an infinite number of servers. Nothing is stopping you from compiling your own Signal server and modifying a Signal client to use your server.
Given that Signal is free as a service, supporting federation only increases their expenses.
Because centralisation provides ecosystem agility, which they absolutely value as an upside. Find a way of doing post-quantum secure key exchange? Just roll it out to the server and all the clients essentially overnight.
I'm well aware of their justifications. I'm also aware that centralization brings systemic risks, which they don't talk about.
The internet would be a lot more efficient and able to evolve if we just had it controlled by one single entity like Google or Microsoft. Do you think is a good idea to do that?
The economy would be a lot more efficient and allocation of resources could be a lot more fair if we could put it all in the hands of one single corporation or government. Do you think it's a good idea to do that?
Agricultural output would improve significantly if all crops used the exact same genetic strain and if all soil was artificially managed. Do you think it's a good idea to do that?
In case you are wondering, "ability to quickly roll out post-quantum key exchange" is waaaaay down the list of my worries compared to "facing a catastrophic Black Swan affecting all of the world's communications".
Security is extremely important, but it is not the only concern one should have when considering the design of a global communications infrastructure.
I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption".
> I worry a lot more about not having one single actor responsible in dealing for the communication of millions of people than about "quantum-resistant encryption
I'm glad you worry about this. Me and other people have other priorities.
You're putting an awful lot of effort into projecting your values onto other people, which is a bit weird.
Did you watch "The Big Short"? You are sounding like one of those jocks-turned-real-estate agents that are bragging about how easy it is to make money and thinking the analysts were idiots.
> You're putting an awful lot of effort into projecting your values onto other people.
We live in a world where people are bullied for not using iPhones and showing up with different bubble colors on the chat apps and family members will refuse to call you on the phone and only accept you if you use WhatsApp.
All I am saying is "please let's not collectively put ourselves in the hands of any single entity". Are you sure I'm the one projecting values, here?
> Did you watch "The Big Short"? You are sounding like one of those jocks-turned-real-estate agents that are bragging about how easy it is to make money and thinking the analysts were idiots.
I've literally no idea what this means. Who thinks who's an idiot in this analogy?
> All I am saying is "please let's not collectively put ourselves in the hands of any single entity". Are you sure I'm the one projecting values, here?
I don't care what messaging platform you use. You appear to deeply care what other people use, and therefore what should be important to them. Yes, I'm pretty sure.
Genuine question: Does Tor fall under the definition of federation? Either way, a Tor-like model would have security benefits over a centralized system like Signal, right?
Tor is distributed, not federated. And it has drawbacks, like high latency and a lack of a centralized system for human-friendly names (because that would mean a system like DNS, which is centralized). As far as security goes, there's probably little benefit. E2EE doesn't get more secure because there's more encryption.
The most comparable system to Tor that has practical properties I can think of is maybe ipfs, but nobody will store your encrypted chat blobs for you out of the goodness of their hearts. Ipfs also tends to have high latency. A slow system of uncooperative nodes isn't what you want your messaging app built on.
A federated messaging system looks a lot more like Matrix. The obvious problems are that splitting users up over multiple nodes mean encrypted data doesn't live on your instance, it lives everywhere the people are you chat with. Another problem is what you see with bsky, where identifiers come with a domain name (like an email).
IRC is also federated (sort of), and there's a long list of tired, age-old problems. The most common one is simple: different servers have different features, so you can't reliably "just use it" like you can with Signal.
Because code is law, centralized systems that grow bigger than the polity they started in are inherently problematic. See Facebook in Burma/Myanmar as one recent infamous example.
Some centralized systems. But I don't think there's any evidence to suggest that's universally true. Nor is the implication that non-centralized systems don't suffer from similar problems, or other problems which result in substantially bigger drawbacks.
bro, you're working for one of chat programs, yes? never heard of communick before. won't ever use it. if people ask me about it, i will show them how a person related to communick behaves in public.
You are creating an ad-hominem by thinking that I can not criticize Signal because I have a competing offer. And to add insult to injury, you seem to have a misconception of what Communick is.
Communick is not "a chat program". Communick is a service provider, which promotes and works only with truly open protocols. There is no custom client or lock-in based feature that I have. This means that if you are my customer and you want to move out you are absolutely free to get your things and move to a different place instantly.
yes, it's an ad hominem. people need to know who are you and what incentives behind them. if you're from a competing provider, other will need to take that into account.
also, if you want to peddle your stuff, make your own announcements or something.
I'm somewhat flattered that you think Communick is a "competing provider" to Signal. Or anything, really. Maybe I will add that to the "testimonials" section of the website along with other nice things I get to hear from my 8 customers.
Whether Communick exists or not, even if I close it down next week (because if we are being honest it is nothing but a money pit which I keep running out of spite and stubbornness, and unlike Signal I'm not panhandling for donations) my criticism of centralized messaging platforms would still stand: whether it's Signal, or WhatsApp, or FaceTime or Telegram... we should not be supporting any platform that centralizes all communications in one single place, no matter how "well intentioned" or even how "provably secure" it is.
I almost skipped reading into this article because I love Signal and it's mission (and their rare commitment to stick to it) and would have known it's good. Yet, the details on expenses and infrastructure was a good read. $1.3M/yr for temporary storage! $6M for verification codes during sign-up!? Toll fraud!? GOOG & FB data center spend, data breaches from GOOG, MSFT, et. al 50 full-time employees vs 3K or 4K for similar apps! All interesting.
The link about the Google "data breach" appears to be about some tax companies being sued for using Google Analytics tracking pixels. Calling this a data breach may be a bit of a stretch.
Thanks. I hadn't dug into that link, but I did based on your comment. It is a Congressional investigation that is rooted on a report from The Markup [1] that, as you note isn't about an accidental breach by Google, but one where multiple companies send extensive PII to Google about site visitors. While not necessarily a "breach", I think this lead of personal data plays to Signal article's point though. The Markup article's git repo with HAR files of what was sent to Google was convincing.[2]
I have held off donating to signal so far exactly because there is no clarity around this token, why it was even added to signal and who profited from that.
I don't think they ever confirmed that this was why they stopped updating, or did a postmortem on how poorly that launch went. I vaguely recall there was also an unexplained spike in MobileCoin trading shortly before the public launch that looked quite a bit like insider trading, though right now the stories I can turn up about it here are about similarly disconcerting and unexplained issues in its provenance: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
It's hard to take this fundraising plea seriously when this financial disaster is never even mentioned. I hope I've just missed whatever Signal has done to try to repair trust after the, but the fact that they haven't even removed it from the app is not promising. Can anyone share updates?
I for one will never donate to signal, and consider my $1000 (or $20k of never realized "fake" money, explained later) lost to mobilecoins to be my lifetime "donation" to them.
Short timeline of events from my side:
- Signal announces/endorses mobilecoin support, as their new and only cryptocurrency option
- I figure I'll get on it early this time after missing out on Bitcoin, despite Signal only supporting this in the UK (for now)
- Mobilecoin and Signal websites both mention FTX as being the only exchange where you can currently buy mobilecoin, never used it before but I go ahead, transfer $1000 worth (at the time) of bitcoin to buy mobilecoin
- There are currently no other wallets for mobilecoin (except maybe some difficult to use or obscure ones that looked sketchy? don't like leaving money on the exchange but didn't really have other options)
- Mobilecoin spiked on ftx, sold and bought back a few times, at the right time with some good luck, now have $20,000 of mobilecoin
- Signal finally adds support for mobilecoin in my country, proceed to try and withdraw it
- However, my country just announced legislation to require ID in order to buy/sell cryptocurrency, but it's not planned to go into effect for at least another 6 months or so, but FTX decided to start requiring it immediately and wouldn't let me withdraw without it (I could see they were still willing to take more deposits from me without it though!)
- FTX had trouble verifying ID, I already suspected what was about to happen, tried my best to get my crypto out but they kept having excuses, the ftx fall out and everything became known some months later
> I figure I'll get on it early this time after missing out on Bitcoin
So you only aped in because you were hoping to get rich without doing any work, and then you fraudulently opened up an account on a shady ass centralized exchange when you knew you couldn't KYC, and got your pretend money stuck, and then when FTX fell over it turns out it was never really there.
Cryptocurrencies are awesome. Greedy people who can't do research and complain loudly when their "get rich quick" schemes blow up in their face make everyone look bad :-/
> So you only aped in because you were hoping to get rich without doing any work, and then you fraudulently opened up an account on a shady ass centralized exchange when you knew you couldn't KYC, and got your pretend money stuck, and then when FTX fell over it turns out it was never really there.
> Cryptocurrencies are awesome. Greedy people who can't do research and complain loudly when their "get rich quick" schemes blow up in their face make everyone look bad :-/
Normally I wouldn't acknowledge this, but I find your assumptions and accusations about me quite rude, for someone who has been on HN for at least 12 years you should know the rules. I simply stated the timeline of events as is, because there is no denying the connection between Signal and FTX through mobilecoin, and I only spent what I could afford to lose, I was well aware of the risks.
Yeah how can I trust the security of an app which is engaging in potential financial fraud. Like ffs, if your whole thing is trust and principles, don't start fucking around with things for personal financial gain.
Probably not much at all. Thankfully they didn't shove it down user's throats - its kinda hidden behind a setting.
I guess if they did push it harder to users it may have generated more revenue, at the cost of users who won't put up with cryptocurrency rubbish.
Signal had 40 million active users in 2021 [1]. With 14 million in infra cost, that comes to .35 per user/year. Total expenses are about 33 million, so about .825 per user/year. All in all that seems very reasonable.
Mastodon org + Mastodon.social also have costs of 0.6 EUR/year, though they have two orders of magnitude less users [1]. This is really what most social media costs. These rates are even payable by many in poorer countries.
With how much Mastodon.social tends to fall over when Twitter does something stupid (again), their rates are probably a bit too low for a more robust service like Signal.
Signal also intentionally doesn't store too much data, long term data costs will slowly grow over the years. I imagine for a bigger platform, costs can grow to multiples of the rates for Signal and smaller Mastodon servers.
€10 per year should be more than enough for most users, though, and it should be quite affordable for most countries.
Yeah, the issue is more that there is substantial friction in paying any amount of money, especially in poorer countries with no access to e.g. banking or payment cards. I'm sure no one here, and few people even in comparatively poorer countries, would object if Signal/their messenger of choice cost 0.60$ per year to use. The problem is that making the service have a ~1$/yr price tag (as WhatsApp once had) is itself a barrier to a huge portion of the target audience.
In Pakistan at least, sometimes you can donate to charity etc by texting a special number [1]. That subtracts some fixed amount from your prepaid mobile balance (which the vast majority of people use) or adds to your postpaid bill. I imagine its possible for some business to charge customers this way as well.
Then again, instant C2C and C2B digital payments using mobile phones is growing extremely fast in most of the global south.
It’s beginning to sound like the 1 EUR/year that at some point WhatsApp wanted to charge and it seemed reasonable to me at the time. Signal is even better and even more so justified.
They used to "require" a subscription of 1$/year but it was not enforced. If you missed the deadline, nothing happened. It was basically the WinRAR model but for an online service.
This is kind of the number I was looking for -- "Cover your own costs: $1/year. Cover yourself and five other people: $5/year." I feel like something pointing out that the costs are around $1/year on signing up, maybe with a reminder once a year, would get most people self-funding pretty quickly.
And I was SOOO happy when I heard WhatsApp's business model: Finally, I'M THE CUSTOMER! I gladly signed up for the "free year" and started getting other people to sign up for it... only to have it bought by FB, and never charged my $1 yearly fee. :-(
Then I tried to get people to use Telegram, but hey never implemented encryption by default, instead implementing things like chatrooms with millions of people... then I signed up for Signal, but waited to see what would happen -- and they started doing some weird crypto thing. Thankfully that all seems to have not been an issue, so I might actually start recommending Signal.
If you pay Signal $1/year, they'll realistically see about 60-70 cents of that – and that's only considering payment processor fees.
Now add the cost of providing support (it's a paid product now!), payment handling on their end (in a privacy-preserving way, which excludes most common payment methods), and top it off with the immense damage to the network effect by excluding all the users that can't or simply don't want to pay $1/year...
You can also charge for a 10 year minimum and get to a higher retained %
You don't need to provide support, even much more expensive consumer services live without a proper one, so being explicit about the fact that you only pay for infrastructure could suffice
Not sure why payment privacy has to be so strict for everyone
The network effect damage is real, but maybe it could be limited with donations :)
Selling a service automatically opts you in to all kinds of consumer protections, either legally or de facto through the dispute mechanism of the payment methods your customers use.
Just ignoring customer complaints and selling the service "as-is" is usually not an option.
Why is it not an option when it already exists in many places (all these protections fail all the time)? Your first sentence doesn't imply high/expensive level of customer service
Besides, even now they're not ignoring all the complaints, the do fix bugs?
Maybe to be more specific, how much did it cost WhatsApp when they had $1 price and a tiny team? How does it compare to the cost of SMS?
In a December 2013 blog post, WhatsApp claimed that 400 million active users used the service each month. The year 2013 ended with $148 million in expenses, of which $138 million in losses.[1]
FB acquired them next year and if my memory is correct there were 19 in the team then.
That $ figure tells us nothing as it includes those same huge SMS costs that Signal is on an unsustainable path to rack up
With just a bit more effort you can see that most of those $148 are not related to the extra customer support we're discussing, but rather to the things that Signal is already doing
Costs and expenses in 2013:
Cost of revenue 53 (payment processing fees, infrastructure costs, SMS verification fees and employee compensation for part of operations team)
R&D 77 (engineering and technical teams who are responsible for the design, development, and testing of the features)
So for $10M revenue, they had $53M cost of revenue. I think asking for $1 is never going to be sustainable, even if leave all other costs. My guess is that "employee compensation for part of operations team" is the primary one taking all the cost, as payment processing fees couldn't be more than the revenue itself and one message is pretty cheap.
Thanks for over-analyzing my comment. $1/year, $2/year, $5/year, is all insignificant in the wide array of things I pay for. Sure, I'd pay $10/year for Signal as it is today if they really needed me to. And I never said to make payment mandatory. You're just way over analyzing a simple comment.
I'd pay substantially more for Signal if I could bot accounts.
I'd like a signal daemon on all my servers for alerting which could message me via Signal. This is worth a monthly fee to me.
I know people running small businesses who would really like to have a business Signal account: an ability to send Signal messages as a business identity without tying it to some specific phone number. This would be worth a subscription even if they had to get their customers to install Signal.
Signal need to figure out what product they sell that's going to fund the privacy objective: because there's plenty and they're worth having.
I know I could do these things, but the problem is (1) it's a cat and mouse game of trying to keep up with functionality they don't want to support and (2) means I'm not paying them for a service, which is the point of doing it.
IMO Signal need to figure out what they sell to people with the money to say "yes, this service helps me make money" so they fulfill the big mission statement. That's true viability.
Within that bucket there's some real obvious ones: server monitoring and alerting (I have Signal, let my severs have Signal so they can talk to me, maybe at an agreed reduced throughput rate so someone doesn't just try to run TCP/IP over it), and letting businesses have a secure multimedia messaging channel to their clients for notifications.
I find signald better. It also supports acting like a desktop client... so you can just add it to your account easily. signal-cli might do that also, but I stopped using it in favor of signald when I found that one.
But yeah, I hear you. It would be nice if it had a official bot interface where maybe all the bot's receipients have to be whitelisted so that it's easy to use for stuff like server monitoring but not easy to use for spamming.
I'd pay much more than $2 if they offered account identifiers other than phone numbers. Trying to get a burner SIM or DID while still staying anonymous is getting increasingly difficult.
But I think it's pretty clear by now that this is a feature for FVEY IC, not a bug. FFS, they burned development resources on stickers, but abjectly refuse to offer alternative account identifiers. The standard apologist response is, "but phone numbers make adoption easier". Sure, but nobody is asking to replace the identifiers, or even to make them nondefault. We're just asking for the option. It could be hidden behind a developer mode for all I care, but it should be there.
The fact that they abjectly refuse to do it is enough to tell you about what their true motivations likely are.
Agreed, at this point I don't believe the "privacy" aspect of Signal's sales sheet means anything. Most that I know use it primarily because they can have clients on all platforms, including desktop.
Indeed, the Wire messenger is done like this - it offers phone number, but has an option to not use them and only rely on the usernames (although I think you need to register in the web browser for that)
The sms decision made signal go from THE messaging app on my phone to an app I only use with a very small subset of my contacts. It is infuriating that they didn't allow users to retain that functionality when it costs them nothing, and they could have disabled it by default.
I still use Signal a lot, since most people I frequently talk to use it. However, this was extremely frustrating. Having 1 messaging app for so long was incredibly nice.
Many people care about Signal, and it is okay to dislike their decision. OP didn't demand from Signal to support SMS, but they expressed their emotions about the change.
Signal is an awesome project but some of their decisions annoy many users. E.g. Signal does not allow to automatically save all pictures in the gallery. It's a privacy feature, but it's inconvenient since it forces me remember to download each image seperately.
> and register for a new account with a phone number (you can use the same one you’re using in Production).
I hope that they make it so you can register WITHOUT a phone number. Perfectly fine if it's not the default. This is post is currently implying that is not currently the case.
Pay attention to WhatsApp's wording (all privacy/security claims start with "your messages"), and their privacy policy, and you'll see that while message involving with individuals (non-Business users) are secured, your contact list is not, neither are chats with businesses or the metadata about you chatting (destinations, frequency, time)
I encourage you to read the article, but Signal minimizes the metadata it stores about you, doesn't hold on to you contact list, doesn't keep information about your IP address, etc.
WhatsApp instead makes tons of money from this kind of metadata.
Hmm but then how did they manage before asking for that 1 euro? There were a whole lot of years where it was completely free (yes before the Facebook takeover). Here in Europe we've only needed to pay once or so until it got taken over.
There must have been some kind of venture backing because there was no money coming in at all from users for a long time.
I've been using WhatsApp when the nominal $1/year fee was still around, but somehow never ended up being actually charged, and I don't know anyone that did.
It's possible that they were only enforcing it in some regions, though.
Indeed. I just ignored the dialog box the first time it popped up. But next year I paid. It was quite a big deal because back then it was equal to my entire monthly cellphone bill in Pakistan.
But I remember other people started to en masse switch to other messengers like Viber(?). And Whatsapp had to stop enforcing the fee.
I was billed 0,99€ (Germany) exactly once, but was able to use WhatsApp without payment for most of the time just by ignoring the notification. I remember that they repeatedly gave grace periods and just set another payment date a few weeks later.
I'm paying what works out to about 15 cents per "booking" in my app due to API fees. Maybe more,.. and I'm just now realizing we'll probably be losing money if people used their accounts to their limits. Like 500 bookings would cost me at least $75 but we charge about 50.
Anyway $1/year is great
Sure, but privacy isn't black or white. A donation to signal does not compromise the content of your messaging.
So what you've leaked is the information that you have an interest in private conversations. This might be a problem in some countries, but I think it's fair to ask folks in affluent countries with working (sorta) democracies to shoulder that burden. I.e. you don't donate if there's elevated threat to your safety, there are enough people who aren't under elevated threat.
There's also the possibility of using a donation mixer like Silent Donor, though I'd evaluate that very carefully. (There's a record of the transfer in, and the mixer needs to keep temporary records for transferring out. There's also the question how you verify the mixer doesn't skim.)
Some donation mixers accept crypto currency, so for maximum paranoia, I suppose crypto->crypto mixer->donation mixer->charity might be workable. Or hand cash to a friend who donates in your stead.
As always, the best path is to set aside paranoia and build a threat model instead to see what the actual risks are.
There's never enough talk like this and I'm not sure why. It's always about the threat model. In this respect I always like to think of it in terms of probability. Probabilities and likelihoods aren't just about capturing randomness like quantum fluctuations or rolling dice, they are fundamentally about capturing uncertainty. Your threat model is your conditions and you can only calculate likelihoods as you don't know everything. There are no guarantees of privacy or security. This is why I always hated the conversations around when Signal was discussing deleting messages and people were saying that it's useless because someone could have saved the message before you deleted them. But this is also standard practice in industry because they understand the probabilistic framework and that there's a good chance that you delete before they save. Framing privacy and security as binary/deterministic options doesn't just do a poor but "good enough approximation" of these but actually leads you to make decisions that would decrease your privacy and security!
It's like brute forcing, we just want something where we'd be surprised if someone could accomplish it within the lifetime of the universe though technically it is possible for them to get it on the very first try if they are very very lucky. Which is an extreme understatement. It's far more likely that you could walk up to a random door, put the wrong key in, have the door's lock fall out of place, and open it to find a bear, a methhead, and a Rabbi sitting around a table drinking tea, playing cards, and the Rabbi has a full house. I'll take my odds on 256 bit encryption.
They take checks by mail. You definitely can do a cashier's check and I'm sure they'd take the "cash in an envelope" method that places like Mullvad do too. Looks like they also support crypto, and that includes Zcash. So I don't think this is a great excuse. The only "can't easily donate" aspect is going to also be tied with the "can't easily get a cashier's check or find an anonymous person to sell me bitcoin for cash" kinda issues, and when you're operating at that level I'm not sure anything is "easy." (but that's not that hard usually)
Oh yeah, I have an old checkbook that I've had since like 2010 because the only ones I've ever used are for random landlords. Otherwise it's literally easier to get a cashier's check, which you can (in America) do at any bank or grocery store. Note that some are free and some aren't, so check beforehand. I don't think these will ever really go away tbh
I think they will, America is just very traditional. Things tend to stick around for longer. The magstripe also lingers there even though we've got rid of it for years (though unfortunately our cards still have them in case we need to visit the US - I don't like having them because they are skimmable).
Nobody would accept a check here anyway as they're not guaranteed. These days I pay with my watch or phone everywhere (Samsung Pay). I don't even use the chip on my card anymore. And payments between people happen digitally too (a system called Bizum here in Spain).
Maybe, but these some big utility to cashier's checks. They're essentially cash that can only be deposited by a specific party. I also don't think cash is going away anytime soon. And while it isn't common for me to issue a check, it isn't uncommon to receive a check. They're just always form businesses. Even ones that have my direct deposit information.
Fwiw, in America I use my phone to pay for everything too. But there are edge cases and tools like these often have utilities in domains that might not be common to the average person but are to specific groups. For example, these are often used in situations where cash is preferable but you wouldn't want to cary that around, like real estate down payments and buying a car. Some settings are sensitive to the exchange times (though that money looks like it is in your account instantly, it isn't).
I just wouldn't be so quick to make such a conclusion because it's pretty likely that your experience is not general. Despite America treating corporations like people, I'm pretty confident you aren't a corporation.
> Nobody would accept a check here anyway as they're not guaranteed.
Btw, a cashier's check is. Like I said, it is as good as cash.
There are clever ways around that. I use posteo as my mailprovider. They have a system where you can pay anonymously: https://posteo.de/en/site/payment
It's possible in the US, but it's getting very difficult. I don't know anywhere you can buy or or borrow a DID with Monero anymore. Looks like they got to Telnum recently.
You can still buy a SIM, a prepaid PIN, and a phone with cash, but you'd need to pay a non-correlated person to be seen on CCTV to do it, at a non-correlated time, and hope they don't just take your money and leave you nothing at the dead drop.
Then there's the hassle of setting up the account in a way that's not correlated with your location, normal waking hours, etc.
All of this could just be avoided if Signal did the right thing.
Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
> Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.
Previous Twitter employees have said that this is incorrect. Because Twitter began as an SMS-only (and then SMS-first) application (remember 40404?), they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets. Twitter still has to maintain that infrastructure, because they didn't get rid of SMS 2FA - they just restricted it to Twitter Blue users, so the overhead is still the same.
Almost nobody else who delivers SMS today has that infrastructure, because it doesn't make sense for most services to build.
The only place where Twitter was paying significant amounts for SMS was due to SMS pump schemes, which is a consequence of Twitter gutting its anti-spam detection, resulting in them paying for SMS pumping which was previously blocked.
> they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets.
I am very, very interested to understand how that works, because without more detail or sources I'm calling bullshit. I definitely understand how Twitter could have greatly reduced their per-message fee with telecom providers, but at the end of the day Twitter is not a telecom and is still at the mercy of whoever is that "last mile" for actually delivering the SMS to your phone, so I don't understand how they have no marginal cost here. Happy to be proven wrong.
Carriers that run their own messaging infrastructure can allow for direct connections from 3rd parties, and set the price per message to whatever they want, including zero.
For something like Twitter where you could post by SMS, the balance of traffic might have been such that giving Twitter free outbound SMS was balanced by the charges incurred by customers sending to Twitter's shortcode. Or it might just be balanced by increased customer happiness when they can use the product more effectively.
If the carrier doesn't run their own messaging infra, they might be paying their IT provider on a per message basis, and might not be able or willing to set the messaging rate to zero.
For a use case where SMS is used to show control of a phone number, getting a zero cost direct route is a harder sell, but it can happen if the routing through aggregators is poor and the carrier is concerned about that, or if there's some other larger agreement in play.
If you require global connectivity, managing hundreds of carrier APIs, contracts, etc seems like major overhead. Also, there are companies whose only purpose for existing is providing messaging, like Twilio, are they just...not doing this or do the carriers just not play ball? In that case, why would the carriers agree to sell to you at a discount?
Aggregators do some of this, and they can negotiate pricing to some degree, but a carrier is unlikely to intentionally give them zero cost traffic, and even if they do, they're not going to pass that through at zero cost.
I ran the engineering side of carrier integrations at WhatsApp. Carriers wanted to sell data plans with special pricing for data with WA and use WA branding in advertising, because it attracted customers that might later convert to a bigger general purpose data plan. As part of that, we would ask for zero rated SMS to their customers for verification. When it was available, it was generally faster and higher success vs sending messages through an aggregator.
We also had some, usually small, carriers approach us asking us to set up direct routes to them for verification, because their customers would not always receive our messages when we sent through an aggregator. Early in my career at WA, we would just send these carriers to our aggregator contacts, and often things would get linked up and then we'd still pay $/message but it would work better. As we got a little bigger and built support for direct routes anyway, it was usually not too hard to set up a direct connection and then there'd be no cost for that carrier. Messing around with IPSEC VPNs and SMPP isn't fun and the GSMA SOAP messaging APIs are way worse, but once you get the first couple implementations done, it becomes cookie cutter (and FB had built way better tools for this, and a 24/7 support team, so I never had to be up, on the phone with telco peeps at 3 am kicking racoon or whatever ipsec daemon we were running until it finally connected)
Can you say what ordinary (non-discounted) pricing was like, per message? At least in the US, most carriers did I and, believe, still do operate free SMTP -> SMS gateways. They worked okay, although they resulted in oddly formatted messages.
Twilio has a public price sheet[1], I think they haven't actually updated this one lately, but it's a good representation of what ordinary pricing is like. This is not an endorsement (or non-endorsement) of Twilio, but having a public price sheet makes it easy to link to them.
In general, pricing varies widely by destination (country and sometimes carrier), US and some other places are < $0.01, up to $0.10/message isn't uncommon, and some places are $0.20-$0.30/message. Voice calling was usually mor expensive (Twilio should have a price list somewhere for that too; if you can get 6 or 1 second billing, assume a voice verification call is about 30 seconds, but you might have to pay for a whole minute even if you don't use a whole minute).
Those SMTP -> SMS gateways sometimes work in the US, but they don't work much in other countries, and they're not good enough to rely on if your product requires an SMS during the new user flow. SMS costs are real and it's frustrating, but if it costs too much, you need to use something other than phone numbers for ids; I don't think skirting by with email gateways is going to work. But, if you build dynamic routing, I guess you could try.
Also, you've got the use the right email gateway for the user's carrier, and a carrier lookup is on the order of $0.01, unless you have tons of volume, so for the US, you might as well pay for the SMS.
Oh I see... yeah, WA never went direct unless it was zero cost to us, so I don't know what carriers tend to charge. Managing payment to a foreign telecom would be challenging, managing it to enough carriers so the difference in cost is meaningful would be a major endeavor. SMS aggregation is a business with many providers and a low barrier to entry, so while there are margins, I don't think they're very high. There are some telecom groups that run networks in many countries, and some of those offer SMS aggregation services, and the prices were in the same ballpark as pure aggregators, as I recall, but it's been many years since I saw the price sheets.
Not who you are responding to, but my guess is that it was all fixed costs. They spend $20mm (or whatever) to maintain access, and maintain infrastructure and they get to send as many SMS messages as they want.
So sending 1 costs the same as sending a 10 million. It isn't that they are free to send, its that they are charged for access to the system, but aren't charged per message.
Is that true at scale? If I tell the telecoms that I want to send a billion messages per year it seems like they might be willing to take a lump sum instead of setting up the systems to bill based on usage.
I have no experience directly with foreign telecoms, so I was simply explaining how something with no marginal cost could still be a very expensive system.
> Is that true at scale? If I tell the telecoms that I want to send a billion messages per year it seems like they might be willing to take a lump sum instead of setting up the systems to bill based on usage.
In most of the world, SMS is billed per-message, so it's basically no extra effort on the Telecoms side at all. In fact, Telecoms' online charging systems are fast enough to calculate users' data usage by seconds in real time, so they don't even blink at counting SMS.
I don't know of countries that mandate a minimum price. If you are doing high volume you are free to work directly with carriers. If you are drawing as much billable traffic as you are sending, then that could even be a wash.
Yes but in this case we are describing old-school Twitter, in which people made their tweets via SMS. That's why it was easier for them to make these deals.
... legacy telecom operators have realized that SMS messages are now used primarily for app registration and two-factor authentication in many places, as people switch to calling and texting services that rely on network data. In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
...
These costs vary dramatically from month to month, and the rates that we pay are sometimes inflated due to “toll fraud”—a practice where some network operators split revenue with fraudulent actors to drive increased volumes of SMS and calling traffic on their network. The telephony providers that apps like Signal rely on to send verification codes during the registration process still charge their own customers for this make-believe traffic, which can increase registration costs in ways that are often unpredictable.
SMS has become a kind of real-world PoW (proof of work) mechanism. A phone number typically has a recurring fee to keep it working. So a live number indicates that someone is spending money (a proxy for effort) to maintain it.*
It still seems like a lot of money to spend on simple, old technology, but from the PoW perspective, making it cheaper would defeat its purpose.
*Which is why many sites reject Google Voice numbers, for example, for SMS verification.
> In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
There's nothing that requires tech companies to use SMS for registration or for 2FA. The normal way to do it is by email, which continues to be free. For Signal, there is no need to do 2FA registration at all.
Signal is ideologically committed to publicizing your phone number, and apparently they'd rather pay $6 million to hold to their commitment than just... not do that.
SMS rates are absolutely bonkers considering the technical way they're transmitted. The US is an outlier in SMS rates actually being reasonable (usually unlimited or close to) for consumers - but for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
> for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.
It's not a good solution to either problem, but it's slightly better than nothing (which apparently makes it good enough for many), so I suspect we're stuck with it for now.
> That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
iMessage is not SMS, though. It just uses phone numbers as identifiers, but so do many other popular over-the-top messengers, including the most popular one globally.
To clarify - iMessage does not use SMS if you're going from Apple to Apple device and both devices have data/wifi available. iMessage refuses to support messaging to Android clients and defaults to SMS for these messages.
I've got an Android phone so all iMessage transmissions come across as SMS (or MMS).
Messages inflexible reliance on SMS for communication to non-Apple devices is definitely an Apple issue, in my opinion. Apple has made it clear that they continue to default to SMS for non-iPhone communication solely because it's unpleasant for everyone involved.
There's apparently even "green bubble bullying"[1] of kids who have Android devices and thus have their messages appear different. In this particular way Apple is happy compromising the mental health of young people to secure a larger market share - it's awful and they deserve a lot more negative PR for it.
It reminds me of the "Blue eyes/Brown eyes" exercise (https://en.wikipedia.org/wiki/Jane_Elliott) so let's say this was a real psychology experiment. Middle-schoolers and high-schoolers are encouraged to communicate via a chat application with rich multimedia functionality. But any conversation that includes even a single individual who belongs to an arbitrarily-defined "out-group" has its functionality degraded and the application highlights who the out-group member(s) are. After a year you compare the mental, social, physical, and academic well-being of both groups. Would your university's IRB approve such an experiment?
I initially gave Apple the benefit of the doubt that this was simply a technical limitation. And of course kids will always bully each other about something. But at this point it does indeed seem like a billion-dollar company is intentionally amplifying and leveraging this sort of bullying to drive marketshare. If you don't find this immoral then I'm not sure what to say.
On the other hand, I have saved many a dollar by instantly knowing that I just sent a legacy text to somebody I normally iMessage with.
My carrier charges an arm and a leg for international texting, and if distinguishing between texts and iMessages wasn't as easy as it is, I would probably have to pay hundreds in carrier bills at least once.
> In this particular way Apple is happy compromising the mental health of young people to secure a larger market share
Should we also force luxury brands to offer stipends so that teenagers whose parents can't afford them (or simply don't want to participate in that nonsense) don't feel stigmatized?
It would be a completely different story if Apple were to ban third-party messaging apps on their platform, but as restrictive as they are in other areas, they aren't doing that.
It literally only takes a free app download to get a cross-platform messaging experience at least on par with iMessage (and in my personal view superior in many regards).
Do you have a source that it was started by Google? From looking around, they support its development but it was an industry initiative, and Samsung was one of the first OEMs to support it.
Adopted by Google yes, but since when would Google adopting a technology give them full control over the future of that technology? Surely the other industry members who started RCS also have a say?
And I would argue that the language used implies Google created RCS themselves (it was their idea): "RCS is Google's idea of a solution"
Google Messages, which is fast becoming the default Android messaging app across Android OEMs uses RCS when both participants support it and falls back to SMS when that is not the case.
RCS is an open standard that any carrier/OS/messaging app can support, unlike iMessage, which is exclusive to iPhones.
That's exactly RCSs biggest problem: It requires active carrier support. (As far as I understand, Google runs the infrastructure for many international carriers at this point, but they still need to opt into that.)
Using my phone number as an identifier and authentication factor for so many things these days is bad enough; I really don't want the messaging layer itself to touch my phone provider at all.
My preference would be that Apple drop SMS support from Messages all-together and market it as an iOS only communication method. People with iPhones would then have to pick some alternative, perhaps they would use Signal or perhaps something else.
I already have to install a handful of applications to talk to all of my friends and co-workers, at least I wouldn't have to continue to use SMS.
As an iPhone user, I am happy with messages and do not want it to drop SMS support. Note Apple created iMessage way before RCS even existed. iMessage works well and I am happy with it.
It's interesting that you mention that you like it having SMS support; do you only use this function to message Android phones? In my experience, the iPhone people I know are consistently annoyed by me and my SMS messages.
IMHO, RCS isn't a solution to anything since it still requires phone carriers to adopt it. A quick check of the internet indicates that many of these phone carriers are actually charging more to send RCS messages than SMS, making it a non-starter all around.
Maybe Google could create an iMessage-like (internet only) alternative for Android... Although it still wouldn't work with the actual Apple iMessage protocol unless Apple adopted it. IMHO they'd have better luck getting companies like Apple to interoperate if it was pre-installed and worked on all Android phones.
My phone runs Android, I'm pretty much forced to use SMS in order to communicate with anyone who uses an iPhone and that's most of my family. While it can be argued that iMessage provides a good enough experience on an iPhone for most people, I have wondered if they are the one thing keeping SMS alive.
> I have wondered if they are the one thing keeping SMS alive.
Absolutely they are. Most of my friends and family are Pixel users and we all communicate using RCS. If Apple would just support the modern replacement for SMS (which includes end to end encryption), iPhone users would be much safer and would have a better experience.
I really dislike iMessage, but somehow Google has managed to deliver an even worse alternative with RCS:
It apparently just doesn't work with dual-SIM phones, requires a phone number and an active plan with a supported operator (at least iMessage lets me use an email address!), the multi-device story is non-existent, to just name a few.
> For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.
In Brazil, businesses use Whatsapp to communicate with consumers. You order pizza and book doctor appointments over whatsapp
Personally, I prefer it over downloading yet another client, dealing with additional credentials, wondering about who can access my messages, and so on and so forth…
And all that just to message the handful of people that I know who use <popular in other country third party app>.
If only someone would release a universal protocol that the app's native messaging apps could utilize to eliminate the need for these 3rd party messaging apps. Oh, right, it's called RCS and Apple refuses to support it.
RCS is anything but universal. It requires the explicit cooperation of mobile phone providers, which makes it a non-solution in many scenarios – including usage on any device that happens to not be a phone.
RCS is exactly what it says on the box: A modern successor to SMS. That does not make it a good modern instant messenger.
RCS is better than SMS no doubt but lets not pretend it is on the same level as iMessage. Lack of end to end encryption alone makes RCS a dated standard
I see that you feel strongly about RCS, but as far as I know even some of the bigger US carriers dont support the universal profile on all the Android devices they offer. So maybe you’ll get your wish some point after carriers align on RCS.
Telecoms don't even want to roll out all of the infrastructure they get paid by the government to, I don't know that their willingness to do anything is a point I'd try to stand firmly on.
Exactly, so how on earth does Google think that it is a good idea to put them in charge of running the infrastructure powering the future of instant messaging?
Any chance at all it has something to do with the fact that they've acquired an RCS infrastructure provider that they can sell to telcos?
Someone has to run it. Logically, the obvious party to do so the carrier providing network access to the device, which also has a recurring billing relationship with the user from which to recoup its costs, and that the user knows to contact when they have issues. As a standard ostensibly replacing SMS, and coming out of the GSMA, it's also pretty obvious it'd be biased toward a carrier-centric solution.
There are a couple other options of course, but I am not sure they are better:
* Fully federate this, a la Matrix or XMPP. I really wish this was a practical option, but without legislation I doubt any company wants to go willingly in this direction. Even if they did, it'd be difficult to contain spam at scale. It also creates 'first contact' issues; love it or hate it, the general public seem attached to the idea of phone numbers and it seems to work relatively well and unambiguously. It is also the most technically complicated and most brittle and unpredictable for users.
* Phone / OS maker operates it for their devices. You don't seem to want Google running things, so this seems markedly worse than what they have actually done which is give you options (most people can at least choose a carrier, and carriers can choose implementations). It's unclear how operating costs are recouped here, especially for low-end devices. Does this lead to feature stratification? I hope not, but probably. It's a global single point of failure, both from a technical point of view as well as a policy/jurisdiction one (can $country LE subpoena my records because the company operating the service is ${country}an - or perhaps merely operates in $country, for example?). Also unclear how users are 'found', but maybe it's a bit easier than in a fully federated system.
* Phone / OS maker partners operate the service, giving users a few choices. Not really sure why anyone would go in for this, but it's basically the same as if the phone maker operates it.
None of these are great options, but I think the carrier is probably the least-bad one. You have an agreement with them. You have the legal protections offered in your home jurisdiction, with clear jurisdiction over the whole thing. They already have a ton of data on you and access to your traffic. You have a neck to wring if the service doesn't work properly.
They really should have standardized E2EE though, not including it is ridiculous.
Literally nobody wants RCS except Google and a handful of HN commenters. It’s so unwanted that Google had to scrap their original plan of making the carriers host the infrastructure and do it themselves, because the carriers didn’t give a shit.
(And even Google doesn’t really have any love for RCS, they crawled back to it as a fallback plan with their tail between their legs when their own proprietary lock-in messaging apps didn’t work out. Which makes their attempts to shame Apple into adopting it pretty hilariously disingenuous.)
> It’s so unwanted that Google had to scrap their original plan of making the carriers host the infrastructure and do it themselves, because the carriers didn’t give a shit.
To be fair, that wasn't Google's plan, that was the GSMA's plan. GSMA created the RCS spec, failed to get more than a handful of their members to use it, and kind of abandoned it to the wolves. For reasons I don't quite understand, Google decided it'd be a good idea to take it up, and then push it harder than any of their previous messaging services; but it's not like they came up with it.
I think I understand your comment, since iMessage isn't SMS, but defaults to SMS for those not using it.
There are opensource self hosted solutions like BlueBubble that allow reasonably secure communication through iMessage to the other chat platforms on desktop/Android etc. I have zero affiliation, but I know others who happily use it. There are also less secure and paid solutions I can't speak to.
For the purpose of 2FA and account registration let’s view it as a tax for fraud prevention, where the real value in SMS is in verifying someone’s identity rather than transmitting messages
If SMS actually worked for this purpose, it would be acceptable. However, SMS provides no guarantees about:
1) If it actually gets delivered
2) If it is delivered to the intended recipient
3) 1 and 2 without anyone reading or tampering the message while in transit
Now, even if stars align, your SMS ends up on a route where nobody is mitm-ing or hijacking it, the telco systems work and it gets delivered, it is STILL not a guarantee of identity. It simply verifies that you have somehow got access to a particular phone number.
Just because consumers get unlimited SMS doesn’t mean businesses get that. The telcos are ruthless about extracting their pound of flesh at business rates.
Phone numbers have become the de facto version of "Internet stamps" for identity verification.
They are near-ubiquitous on a per-user level, but hard to accumulate without significant cost. (Unlike email addresses.)
But the down side is that phone verification tends to be on a per-service level. So, for instance, Signal incurs these costs when they verify their users, and every other service incurs these same costs when they verify _their_ users.
There are a number of businesses out there that are trying to act as clearinghouses, where they verify the users once, then allow the users' verified profiles to be confirmed by multiple services.
I wonder if any of those could be used to reduce these "registration" costs.
"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.
The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.
It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?
The clearinghouse may not have the user’s most recent email address, which is common amongst non-tech people. My mom and aunts have lost many email addresses this way and forcing them to use an older email would cause many issues.
The app has to ask for email/phone to begin with (see step 1), if the email doesn't match then phone would be used as fallback, or potentially as a "Didn't Receive Code?" gesture.
I really wonder why it’s so expensive to run. I always hear things about scaling but I used to run a top 500 alexia website and it was just a php app running on a mutualized offer for $5/month. Lots of manual caching though but still.
My wild guess is that either the stack is not really optimal (last I heard it was java) or they do other costly things at scale (sgx?)
FTA: "Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) and to enable voice and video calls."
Java in theory and in synthetic benchmarks: damn near as lean and mean as C.
Every actual Java project: “oh, did you want that memory and those cycles for something else? Yeah, sorry, I need them all. Why no, I’m not actually doing anything right now, why do you ask?”
In this case we don’t need to speculate at all. Signal is open source. Back when I was at Twilio we even did some at-scale experiments with running Signal. The intensive parts have absolutely nothing to do with Java because the server logic is relatively simple. The hard parts of Signal are the database storage/retrieval and the encryption.
100% true in my experience. Literally anything else is far better when it comes to bloat, including C#, RoR etc.
Increasing the Java heap size just makes it so that when garbage collection eventually hits, it causes an even more massive slowdown across the entire application.
You can't send an sms yourself like you can an email. Instead of setting up a server, you have to work with a telco provider (an aggregator specifically). Any SMS service eventually hands off to one of these. Many SaaS SMS providers are just frontends for legacy telco services. They charge insane fees because they can, that is all there is to it.
Sending mass email is still difficult. Its probably easier to pay a provider than set up and establish reputation for yourself. But they don't charge near the rates. Last time I compared rates it was something like 10x-100x to send an sms compared to an email, but it has been a while.
> Many SaaS SMS providers are just frontends for legacy telco services.
I worked on an automated SMS marketing system back in the day so I have seen this in action, at scale. This would be stuff like "text LAKERS to 12345 for Lakers updates"- we didn't handle the Lakers but we did handle many sports teams. Though I wasn't privvy to the financial side, I got the sense that the per-text cost ended up being manageable at scale, but this is because we were one organization who would apply the rules onto our own customers, and if we failed to do so properly we risked losing the interconnects to the various carriers. We typically used a single contracted "aggregator" service which provided a unified API for the carriers. When I left, we were using OpenMarket.
When you have a self-service SaaS offering such as Twilio, the per-text costs are going to go up because the barriers for sending unwanted texts (or fail to follow the rest of the rules mandated by the TCPA) is so much lower, and Twilio has to address that organizationally which adds cost.
Additionally, Twilio does not purchase short codes (ie 12345) which means its harder for the carriers to track bad behavior across their network. There is an initial cost (fairly high) to acquiring a short code, though you can also share short codes across customers in some cases. Acquiring a single short code and sending all messages from that short code would likely reduce costs.
I would love to see more detail from Signal about what sort of SMS interconnection they are using, because directly connecting with an aggregator instead of a SaaS offering (if they haven't already) could save a lot of money, and they are definitely at the scale that would allow for it. And given that they only use it for account verification and are a non-profit, it seems likely they could get a good deal since the risk of TCPA violations is effectively zero.
Yeah, aggregator is a very industry specific term, so I just merged into teclo provider. But yeah, all the issues with short codes, national laws, and reputation, makes it very complex. I worked at a company like Twillio that had contracts with different aggregators across the world, and sold a platform to manage SMS interactions. They added a layer to make ensure customers respected opt-out keywords, or opt-in for specific countries, so it would help manage TCPA (and other) violations. I imagine this helped keep costs down. We would definitely fire customers for trying to get around the safeguards.
I was on the support side, so I just saw when it went wrong, which was a lot.
> Additionally, Twilio does not purchase short codes (ie 12345) which means its harder for the carriers to track bad behavior across their network. There is an initial cost (fairly high) to acquiring a short code, though you can also share short codes across customers in some cases. Acquiring a single short code and sending all messages from that short code would likely reduce costs.
Twilio offers short codes, but short codes are country specific, and the costs for sending to the US are low anyway < ~ $0.01/message for most services, lower with volume; IIRC, short code messaging costs were half, but then you've got some overseas destinations where it's $0.10/message and that's real money.
Maybe they should flip it on its head - get a thousand? Ten thousand? numbers that can accept SMS and tell people to "text 473843 to this number" to verify.
It's usually even more expensive to support receiving messages than sending them, beyond keywords like Unsubscribe. If you want any sort of threading its going to be extra. Also its extra for dedicated shortcodes. When you get an SMS from a random shortcode, there might be multiple companies using that code, but they mix the pools enough that its unlikely you will receive two messages from two companies from the same code. Also shortcodes are usually country/region locked. So if you want to international support, you need to buy shortcodes in multiple regions, and different regions have different telco laws. On top of that, provisioning is very manual compared to the modern cloud.
I supported a marketing platform for a while, and it was so much easier to send an email than an sms.
SMS sender isn't generally something you can trust. If you get the SMS directly from the carrier that's responsible for the number, and you have reason to trust their SMS sending to verify the sender, then yes. But in countries with number portability, you still need to pay to lookup the carrier responsible for a number.
And you'll need to maintain ingress numbers in all the countries you support, and maybe numbers per carrier, depending, and you'll need to tell the user the right number to text to ... it's a lot, and it might not work well or might not save much money.
It seems like Session relies on Oxen's network, so while there is no inherent coin it is blockchain backed.
> Session’s onion routing system, known as onion requests, uses Oxen‘s network of Oxen Service Nodes, which also power the $OXEN cryptocurrency. Check out Oxen.io to find more information on the tech behind Session’s onion routing.
I think simpleX[0] is a better choice at this point with all the recent issues around oxen: not coupled to any crypto, no user ids, can host your own servers if need be, etc
> we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure
Moving off cloud services to lower-cost provider like Hetzner, Vultr and DigitalOcean might provide a lot of cost savings.
I also imagine they're using managed SMS services from one of these clouds, and moving off them to a combination of local SMS gateways in each country can also further reduce costs (and in one case I've personally observed, by upto two orders of magnitude). This obviously pushes a lot of complexity on Signal's side, but is usually worth it.
In business, you get what you pay for. Cheaper hosting might raise more issues that need to by handled by your employees, who also are expensive, and also the organization's focus gets disrupted. The hosting company / cloud vendor has an enormous economic advantage, with access to the entire hardware and software stack, the engineers who built it, people whose full-time job is operating it. Often it's cheaper to pay more for better.
As I have to explain about open source, 'Free is only free if your time is worth nothing.' (And I use a lot of FOSS, it just not always the solution.)
This is the worst take in technology. The main value of FOSS is freedom, not time or money savings. For many people freedom is more valuable than either.
As I understand it, you have to often use multiple gateways based on which one is cheaper and can deliver your message to the recipient, and also take care of handling retries in case one gateway fails. This is not something you typically want to handle if you're not aware of it, and the process of having to talk to each vendor and figure out their limitations is tedious.
There's a lower bound on what these services can charge in the form of interconenction fees charged by the mobile service providers delivering the messages.
In the US, that's effectively zero due to the US phone infrastructure largely using a shared-cost model, but in most other countries which use "sender pays", these fees can be significant.
Just wondering, are they relying on these big name cloud providers (AWS/Azure/GCP), known for predative traffic and storage pricing? Have they considered cheaper providers such as Backblaze B2 for storage and Hetzner/OVH for servers? The fees for storage, server and bandwidth could be cut by 80% if they did that.
Signal actually jumps through quite a few hoops in order to let you and your contacts are on Signal without Signal actually having access to a copy of your whole address book. It's even mentioned in TFA.
I do agree about being linked to your phone number - doing it that way means not considering a lot of people's valid threat models. They are working on moving to usernames, though. It's in beta now.
> Signal actually jumps through quite a few hoops in order to let you and your contacts are on Signal without Signal actually having access to a copy of your whole address book. It's even mentioned in TFA.
It doesn't say how it works. If Alice's phone can tell whether her contact Bob uses Signal without Alice and Bob doing any sort of a priori cryptographic exchange, why couldn't Signal itself do whatever Alice's phone is doing?
They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.
Why is the security a joke? The data is e2e encrypted, and isn't related to a phone number in any way after registration. Do you know of a better way of combining privacy and anti-abuse measures? If you don't offload identity checks to telecom providers during registration some bad actor will immediately create a million accounts and send millions of spam messages and destroy the slim chance of this type of app to exist for free.
> They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.
Intentionally ignoring the fact that Signal splatters your phone number to everyone else is a humongous problem. And you can even put your phone number block in your address book, and it'll tell you everyone who has Signal. This happens all the time, with Signal servers leaking all of this metadata.
And doing "engagement promotion" is what companies do to sell more shit. So, exactly what are they "selling"?
>Why is the security a joke?
Metadata, pertaining to communication patters and to whom matters just as much as what's being said.
And that metadata, like "your phone number" and "contact's phone number", and "when data is being sent to/from" is that metadata.
> The data is e2e encrypted,
> and isn't related to a phone number in any way after registration.
Bullshit. I see new people hopping on signal fairly regularly. If that was true, it'd be a simple verify-once-and-delete. It aint.
> Do you know of a better way of combining privacy and anti-abuse measures?
I reject your claim of "privacy", with regards to metadata.
Secondly, Tox has an alternate way to handle this, by allowing any number of accounts not tied to anything. Sure, it's a SHA256 id, but who cares. There, its secure AND anonymous.
Basically, I look at Signal as "better than SMS, but not much". It's basically a way to keep the phone company from scanning messages.
I wish their justification for dropping SMS capability from their Android app to move away from phone numbers was a little more transparent about the obvious cost aspect rather than solely sticking to the patronizing "we're saving insecure messaging users from themselves" messaging they had. I found it pretty obnoxious. I think people generally get "valuable nonprofit + huge expense = not-sustainable = bad."
> their justification for dropping SMS capability from their Android app ... was a little more transparent about the obvious cost aspect
I'm not following. Signal gets stung for the registration SMS costs because they send the SMS to the user. They don't pay when one user sends an SMS to another user. If you send an SMS, you're the one who pays.
(I didn't realise they were moving away from phone numbers. Don't they they stay mandatory when PNP comes along?)
When you control access to the customer you can charge people a lot. Just like Apple can take 30% primarily because they’re the gatekeeper to iPhone users, telecoms are gatekeepers to their users so they can charge you a lot to text them. You don’t really have a choice. L
In the US, shafting customers as hard and fast as you can is the current business model. What are they going to do? Move to 1 or 2 remaining competitors with the exact same business model?
> Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
Particularly when the phone requirement is the biggest weakness in Signal.
Getting rid of it will make it substantially cheaper to operate and much more private. Win-win.
What's it cost to be an SS7 peer for a year? Could they spin up their own "phone company" for the purpose of delivering SMS verification and nothing else, cheaper than they're paying someone else's markup?
This will probably never happen. One of the reasons WhatsApp blew up is because using a phone number as your source of identification means there's much less friction in the signup flow. No username/password to create and your social graph is already there in your contact list.
My mom was able to get our entire extended family on Signal without my involvement, which is a testament to how easy that is.
They also blew up because it was also quite decent SMS app, so you just had to install Signal and use it instead of your default SMS app. All your messages are there, you can continue to communicate exactly like you did before, except that now, if the other person also has Signal, your messages are encrypted.
They stopped doing that (and I uninstalled Signal as a result), so they can also stop with the phone number thing, in fact, it would make more sense than with the current situation where Signal needs a phone number but doesn't use it (except for registration). I could even reinstall Signal if they do this.
In the short term it will, and quite possibly in a long-term also, but if you were going to fully make phone numbers optional, I'm pretty sure this is the first step you would take. At the very least it sure looks like they're starting to build the possibility.
Nobody is demanding them to stop supporting phone numbers as identifiers/verification methods.
I'm not mad at all if somebody prefers using their phone number and not having a password for a service – just give me the option to use my email address and/or a username.
There are too many "phone number only" services out there these days.
Which might be said to increase privacy. I suppose there's something to the point about combating spam. But surely there are other ways to do this, right?
The cloud tax is crazy (especially bandwidth). Pretty sure Signal has reached the scale where they would be cheaper by building their infra, maybe starting with the most expensive (storage + bandwidth), and then doing others.
SMS is (unfortunately) core to the product, so I'm not certain how they could make it cheaper, while retaining the same properties (user+pass registration would be a nightmare for spam and change the UX).
Is it not that they’re buying something resistance as well by buying from large infra providers if big adversaries like state actors start pushing hard?
I also think SMS and phone numbers are core, but they must provide a way to communicate without use of phone numbers being kept completely separate from phone numbers even when registration is needed using phone numbers.
> millions upon millions of new people suddenly switched to Signal in January 2021 after WhatsApp updated their Terms of Service
From a footnote of the article. Maybe this is why they've stayed with "infinite scale, infinite costs" (commonly known as "cloud") so long? Surely at some point this is worth considering though, I would also be curious where that point lies
Virtually anyone, also when spending only 100 euros/month on server providers, can save a large percentage of costs by taking it in-house. There might be a gap where you need dedicated personnel and it's briefly cheaper to outsource before you grow and it inverts again, but generally if you've got a stable service then this is nearly always worth it
Maybe a hybrid, where new users onboard onto cloud and they buy hardware for expected loads (i.e. current users), would be the most cost effective. I wonder how hard that is to combine the two worlds, but anything that requires more than one server already has that sort of communication going on so there shouldn't be any real blockers. Maybe the two types of infra add costs/risks again and that's why one rarely sees this setup?
I found that with the bandwidth and storage that my company was using on the cloud, we could get ROI in under 2 months by building a server and running it in house. Now we've scaled up to a dozen servers but it's still just a handful of computers in a closet that saves us $50k/mo in cloud costs. It was dirt cheap to slap together and scale up incrementally.
The small ISP/phone/cable company I worked for in high school had a data center. Maybe 20 racks. It was pretty damn reliable (old-school phone infra techs knew how to make shit stay “online”). I guarantee it wasn’t above the single-digit millions to build, inflation adjusted.
Fwiw, I've seen users suggest hybrid approaches. Interestingly it could reduce some of the costs they list here and looks like a route one could take to slowly build towards a fully or hybrid federated system instead of jumping straight there. But I am unsure how much the community likes the idea and judging by that last post it doesn't seem like the mods do. But this one takes note as two users were willing to place a bounty on the feature request
Signal and XMPP (via Quickly) have a simple phone number based signup workflow that my family have grown used to.
My family are not happy on having to remember/use passwords/keys. That's a shame, but is ultimately a constraint I have to deal with when persuading them to install/use an IM app.
That’s a very bold statement from an app that still requires a phone number using a broken protocol (gsm) to “verify” your identity and authenticate it, sim swap attacks can be carried out by kids these days. Also, don’t expect privacy when you are using a proprietary OS like iOS or one full of Google services that also have proprietary firmware drivers, they (the adversaries) don’t need to even decrypt these “privacy apps” when it’s easier to access the backdoor-ed OS or hardware, but enjoy the illusion in the meantime.
I'm always intrigued by people that have this POV. Security and privacy are not binary for fucks sake. Improvement on the status quo is great and Signal improves a hell of a lot.
Not to mention that half of your comment is non-issues.
there's a big social cost to trying to get others to use Signal, and it's not worth it if the advertised features don't work as advertised..
that said I stopped using Signal years ago because of basic deliverability being less reliable than SMS.. I switched back to SMS so I could communicate reliably with a loved one during an emergency when Signal randomly stopped letting me respond to messages, and I won't pay the social cost twice of trying to convince contacts to use it after having to abandon the service when I really needed it.
Actually between Element and Signal and the differences between their usability as advertised versus the reality of using them with non-technical users, I've used up all of my social capital for convincing people to use "better" networks and mostly just use SMS/RCS now.
I understand that. Signal has put in a lot of work since I started using it fulltime and is much more reliable now than it was just 2-4 years ago. The only time I've had issues now is when I'm backpacking in areas with spotty connection. SMS delivers quicker and is more reliable.
Right, so instead of 20 entities tracking you for example now you 18.. the false sense of privacy is far more dangerous than knowing your messages are not private (Like when Tucker Carlson used Signal thinking it was private to find later all his messages were not, regardless if it was a bugged app or an OS, the false sense of privacy is worse, he probably won’t texted those on iMessage for example). Same argument you can see with “vpn is private and we keep no logs because you can trust us!” plus it can be defeated with browser fingerprinting, or paying a hefty price for this “top private email” provider when the recipient doesn’t even use any privacy settings or anything let alone email as a protocol is not meant to be private, it’s all a business model, and the gullible buys it, you “have” to trust that Signal server is not backdoor-ed in real time, and as the old rule in security, if you can access the physical hardware you can in theory access anything in there, you don’t know the hardware is used there, is there any memory injection exploit that get activated after the so called audits? You can’t know, you have to trust that.
I'm honestly interested in what your solution for private communication is that will also get mass adoption among hundreds of millions of users. (And it's definitely not running your own XMPP server and getting everyone to switch to Linux phones).
People should be aware that Signal may be able to provide good e2ee and methods to make reading your messages or calls a challenge, they don't do to enough to obfuscate. Therefore censors can identify who is using signal and even block it.
https://github.com/net4people/bbs/issues/63
Privacy tools can make you stand out. Unless methods are used to obfuscate your data.
Which app would they all use and from where would they get it? Signal does not (intentionally) support the official app using other servers or the platform itself supporting federation. [1]
This can be a premium feature. Run your own server and for a little bit of money you can configure your client to use an alternative server. Client code is what make it private and secure, so you want to use their verified client even with your own server.
Offering self-hosted servers would probably just degrade the security guarantees of Signal if people misconfigure them. Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation for a niche user base who cares about self-hosting.
> Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation
It's a bit too late for that. They undermined their reputation when they started permanently keeping sensitive user data in the cloud (like a list of every person you contact), and then again when they refused to update their privacy policy which lies to users about their data collection practices, and then again when they killed off the ability to get both "secure" communications and unsecured SMS, and then again when they started adding weird cryptoshit nobody asked for. Signal seems to be telling people as loudly as they can not to use/trust them.
In my mind, the whole point of using Signal is that I don't have to trust the server. Why would it matter who hosts the server if we can trust that the clients' communications are E2E encrypted?
And the people those friends want to talk to. And the friends of those friends.
To have self-hosted chat services, you either need a niche enough service that you'll never have two parties that would want to talk to each other while being on different servers, or federation. Signal chose the former, so here I am with eight communication apps on my phone.
Maybe the next best thing could be to support multiple servers, like how email clients let you fetch data from more than one email provider, if they're so worried about federation inhibiting their ability to control the ecosystem that they plainly won't go there and hold speeches about how harmful that situation would be. Then we could have self hosting and also Signal wouldn't have to care about federating with my self-hosted server.
I would pay for a few signal features:
1. encrypted backups or backup integration of my chats, photos and videos.
2. business features (backup, directory integration, search)
I have not used:
1. voice and video
Incredible that SMS costs so much. I wonder if it's worth it because it _saves_ so much in spam and other sorts of fraud or bad behavior?
I have some good news: go into the settings and turn on encrypted backups. The clients also all come with a search function, even if it only matches against start-of-word (which includes URLs, so you can't search for domain names which regularly bothers me).
Directory integration, as in, importing a vcard with everyone's phone number into your device such that you can tap on anyone's name and message them on Signal if they've got Signal installed?
>: go into the settings and turn on encrypted backups.
Fair warning: It will...bloat. It usually keeps 3-4 copies of most recent backups in the folders you select and if you send a lot of photos, imagine it eating tens of gigabytes of storage just for backup.
(My current backups are 9.75 gigs each, approx 3 of them)
O.o TIL. That's weird, apple users already have plenty of lock-in and own-data-inaccessibility, but so maybe they figured they clearly don't care? Weird as heck either way
Then what I can recommend is installing the desktop client on a server somewhere and reading its sqlite-like (but with some flaky encryption extension) messages database
I started paying for Signal when they rolled out the subscription feature at the $5/mo plan and after reading this post, I just moved to the $10/mo plan because of how much I value this service since I use it every day. I hope other users subscribe if they are able to do so.
Wish they provided some numbers of actual messages, type etc. per day. Seems like a good game plan would be.
1) Get off the major cloud providers that charge insane egress fees.
2) Remove SMS verification. A simple solution might be the app gives you a code and then you dial in to them and punch in the code to them. Like a reverse voice based authentication.
3) Remove voice and video calling for non donating users.
3) Remove media texting until both users allow a p2p connection.
4) Remove no contact list message hosting for non donating users.
Lot of unpleasant trade offs there. But I would rank having a text based private messaging app as the top feature. Everything else is a "very" nice to have. I applaud what they are doing and the sacrifices that have been made so far.
Removing essential features like voice/video calling for non-paying users would be a terrible choice IMHO. This is a communication app, which means it is only useful if others use it too.
And how are you going to convince others to pay for Signal when there are many free alternatives, including WhatsApp, which most people already have and while not as privacy focused as Signal, does have end-to-end encryption. If Signal makes people pay for voice calls, they will simply use WhatsApp, regular phone calls, or whatever is free and popular at the moment.
The success of Signal came from being very low friction, privacy is the "nice to have" feature, at least for most users. But add friction and they will look elsewhere, Signal is not WhatsApp, it doesn't have enough of a critical mass to keep users on its network.
All that will remain will be a small core of cypherpunks and people who really have something to hide. This is bad because one strength of Signal is that it is a mainstream app, making it hard to single out "interesting" people compared to those who just use it because their geek friend told them to and they like the shade of blue.
Valid but if there is no model that is sustainable then who cares if its successful? Some trade offs will have to be made. How can they keep going if the vast majority of people don't pay? They don't have the model of "ok we are going to flip and monetize after we get to X mass". Its like a growth startup but with no end game plan.
Call to donations, ads, pre-mined cryptocurrencies, selling cosmetics, premium features no free service offers, partnering with other organizations, etc...
They already do some of these, and some are less popular than others, but the key is to keep the essential features free and easy.
On Discord for instance, a free account is enough to cover all of most people needs, but you get a little extra by paying a subscription, and it is enough for Discord to be worth billions. Maybe not the perfect example since Discord has a critical mass, but no one wants to leave just because they don't have premium features (larger uploads, higher resolution streaming, flashy emoji) for free.
For Signal, it seems like just calling for donations is enough. They have a good image, so they can do that. It can actually be a solid business plan, look at Wikipedia, they get more than $100M a year doing that despite the controversy.
About the SMS verification, it depends on the goal. If the goal is to verify a phone number, you can't trust the _sender's_ address in the phone network.
So, you can't trust the address in the "From" on an SMS or the "From" of a phone call.
That means a voice call to Signal would not work to validate phone numbers.
Good point, I guess we are proving why the resorted to using numbers in the first place. Unless you have a verification point that includes a "charge". Indirect or direct, your platform gets flooded with spam/bots. Does anyone have ideas of how this problem can be solved while also preserving privacy?
Problem: A system that enforces a monetary penalty to prevent sign up abuse while also not tying a users identity to said system.
Without doing some pain in the a crypto stuff it seems like there are no easy solutions other than the #
"Registration Fees: $6 million dollars per year." "the registration fees that cover the delivery of verification codes during the sign-up process to help verify phone numbers and prevent spam accounts"
Can you please change Signal to not require a phone number? Requiring a phone number makes me question Signal's privacy. Looks like it can save $6 million dollars.
I am imagining a donate page in the app that incorporates this willingness to be public about the costs.
It offers a way to configure a recurring donation for whatever amount and whatever schedule you want. $100/year for instance, but as you slide the slider or enter a number, it shows you if that number leaves Signal in deficit, covered, or surplus, if all other users who are currently paying anything paid this much.
Instead of just trying to suggest an amount with no explaination of what it means, is $5 still leaving them starving? is $5 5x more generous than needed? You still get to use it for free. But if you are of a mind to be one of the ones chipping in to keep it alive, you see exactly what is the right amount.
When 10k people are paying for 10m other people, that "covered" amount may be pretty high, apparently 5x what the average donater is currently paying. (article says it's 20% of total)
But with that little bit of non-repulsive non-abusive game theory, just honest information but presented in an immediate way, a lot of those other 10m users would start to chip in, and the covered amount would come down. Some users will say, well, I can swallow 5x what I was paying, and others can just leave their donation level in the red. But I think a lot more people would go from 0 to a few bucks if they could see exactly what it means and know that it wasn't a waste.
Maybe the donate function could even have a setting track the current covered value automatically so that your bill automatically comes down as other people start adding to the pool.
Also have it display the 3% or more transaction fee overhead going to the debit card and other payment processors, to show right there graphically how much you're wasting by paying a small amount monthly vs a large amount yearly. Everyone always hides that but I say show it prominently.
Total salary bill: $20m. 50 staff so average salary: $400k. I'd be happy with $200k USD - that's more than I get paid in my country at current exchange rates.
The last one available is from 2020, though. They tend to lag a few years behind. They're required to report key employees plus top-five compensated who aren't "key." Brian Acton and Meredith Whittaker both earn no salary at all. Their COO got $290 in 2020. Moxie Marlinspike and their top five developers/managers were all in the 400-600 range.
I'm sure they pay well (don't have much choice if you're going to be based in San Francisco), but I highly doubt 400 is an average salary. The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
> The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
This is incorrect, reportable compensation on a 990 is the amount in box 5 of the employee's W-2, which does not include health insurance, taxes, etc.
I lost interest in Signal when they started shilling a cryptocurrency that they had invested in. I really want a trustworthy replacement to Whatsapp but if I'm going to shill an app to people I know, it can't be something that has connections to investment fraud.
I've loved Signal. It's been the only consistent way I've been able to send and receive high-quality pictures and videos at all. It's been the only way I've been reliably able to send texts when I'm in an area with poor reception, which is frequent.
The privacy is nice and it's been simple and easy to use.
I hope they stick around. Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
The hardest part has been convincing people to use it, and if I have to get people to jump to another one it'll all just fall apart.
> Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
Signal has not been good. The absolute least we should expect from any "privacy oriented company" is that they're honest and fully transparent about the data they collect and store, and Signal is none of that. Since they started collecting and forever storing sensitive user data in the cloud they've refused to update their privacy policy to alert people to that data collection.
If you advertise your service to human rights activists, journalists, and whistleblowers whose freedom and/or lives are on the line you owe it to them to be extremely clear about what their risks are by using your service, but Signal outright lies to them in the very first line of their privacy policy.
This isn't "perfect being the enemy of good" this is either a massive dead canary warning people not to use/trust Signal, or it's completely immoral and irresponsible.
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.
You're right, that's how it used to be. They still have pages on their website bragging about times when they didn't have anything to turn over because they didn't keep any of it. A while ago that all changed. They started collecting and forever storing in the cloud the exact data those requests were asking for. Lists of everyone you've been contacting, along with your profile data (name, phone number, photo).
If you're a Signal user and this is the first time you're hearing about this, that should tell you everything you need to know about how trustworthy Signal is.
The technical info in that community form is a few notches too technical, I work in a different knowledge base.
If someone broke down what the timeline was, what new info is being stored that wasn't before, how that is known, and how Signal has responded, etc, then that would be useful.
I'll admit it doesn't seem great. Phone number I understand, but name and contacts are more concerning.
Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.
There's a lot more information about it in various places, but Signal went out of their way to be as confusing as possible in their communications so it caused a lot of people to get the wrong idea (see for example https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)
The forums were in an uproar for months asking Signal to not start collecting data or at least give people a means to opt out. Here's a good thread with links to a bunch of the conversations people were having at the time: https://community.signalusers.org/t/mandatory-pin-is-signal-...
I know it's unpopular to say this on here but Signal will never be popular as long as they don't add basic features that all other messaging apps have.
- If you lose your phone or it no longer boots, all your messages are irretrievably lost. There's no way to create backups on iOS. Why the hell can't I enable iCloud backups? I know it breaks privacy in some ways but let me choose the trade off. Put a giant warning if you have to.
- The desktop app is awful and requires signing in again all the time. See the Telegram Desktop app for how to do it better. In my opinion it should be the gold standard for desktop messaging apps
- Desktop app keeps losing message history
As long as Signal treats all messages as if they're so important that even super spies should not be able to read them, and as a result, goofing usability in a way that standard features don't work, I 100% understand that the majority of people won't use it.
I admire Signal and everything they do. Basically Software-as-Charity, for the greater cause. Now knowing this charity is actually millions drives me nuts. I hope the less expensive solution can be achieved in decentralization of the whole thing. Im sure it is possible to sustain it ourselves as a public service forever if everyone involved will have to pay with his personal computing resource - just like we are able to sustain decentralized finance now. And of course - the idea of a phone number as identity is very much flawed and unsustainable on itself, hopefully Signal team will be able to break through this problem as well
When will they finally get their donation box working properly (including not showing "weird" symbols, when Google is not informed about my visit by loading fonts from them)? Tried multiple times to donate, but I am unwilling to sacrifice my privacy for donating to a messenger that is supposed to protect my privacy. Once they get that donation box fixed, they stand a good chance to get my donation. Just like the Internet Archive, that still has broken donation box when Google fonts is not loaded ...
2 ideas to limit costs:
Make it a 2 tier plan: free tier is text and images only, paid tier adds audio/video calls
Remove the need for phone number verification
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world. Only a select few of the very largest companies globally are still capable of doing this.
Signal may be “small,” but they’re spending plenty on this. Registration is expensive and hard to do without using one of the large expensive providers. But there’s $7M for servers, storage and bandwidth. These are comparatively easy: servers and storage (especially for a service like this where availability for the substantial majority of the data is not terribly important) come in nice pre-manufactured boxes that can easily saturate 10Gbps and can store quite a few TB at very very high IOPS. [0]. And the forwarding model isn’t very latency sensitive - several hundred ms for most users is fine, and sending media via Signal is quite slow regardless. So having many points of presence doesn’t seem terribly important. I bet that two small colocated facilities could cover all of North America quite nicely.
Bandwidth costs outside the cloud world, at least in North America, are comically cheap compared to the major clouds.
[0] A service like Signal ought to need relatively little processing compared to bandwidth and storage for the data plane. AWS and the like may not have a particular good match in their catalog for this use case.
Is it possible to self host signal? Can signal move towards a model like the fediverse where the software development is decoupled from the hosting costs?
I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations. Even better would be to charge users in a way that reflects the costs.
For instance, maybe verifying a new number over SMS should cost $0.10 if that's going to make up 14% of the operating costs.
Begging for donations to subsidize excessive use by other users just doesn't seem sustainable.
> I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations.
Hard disagree. If you charge, the number of people who will use it shrinks by several magnitudes, and then you lose your network effect, you lose the ability to get your less technically inclined friends to install it.
P2P alternatives are less convenient (always on to deal with notifications, adding contacts typically requires extra steps, etcetera), but the difference in costs is abysmal. In any case, it's been years since I've tried to make my social circles move to any of those platforms (Briar, for example). It's a losing battle.
> Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) [...] At current traffic levels, the amount of outbound bandwidth that is required to support Signal voice and video calls is around 20 petabytes per year (that’s 20 million gigabytes) which costs around $1.7 million dollars per year in bandwidth fees just for calling, and that figure doesn’t include the development costs associated with hiring experienced engineers to maintain our calling software, or the cost of the necessary server infrastructure to support those calls.
20 petabytes per year is around 5000 Mbps only for audio and video calling. So 5000 HD video calls all year round.
Signal is known for the large bandwidth needed for calling but that sounds too much and not really scalable in the future.
Paying 2.8m for 20pb of bandwidth is two orders of magnitude more expensive than it needs to be. You pay significantly more using cloud hosting providers rather than dedicated server resellers. I would recommend signal consider just renting dedicated servers from providers like OVH for their voice relays.
While I would be willing to pay a fee to use Signal, most people won’t and then Signal would turn into a deserted landscape full of privacy nerds who only talk with each other. On the other hand, being better at soliciting donations more often would be more helpful. I’m a regular Signal user and didn’t even know I could donate.
Support for Signal development supports all privacy-oriented software and systems, because Signal is open source.
The Signal Protocol already is an industry standard. What other Signal development - either the components, the code, or the concepts - are used by others?
The only issue I'm aware of is that The Signal Protocol is only really defined in Signal's GPL'd code. So it's almost impossible to write a clean room implementation (e.g. Wire tried and ultimately failed. they ended up also GPL-ing their library).
I feel like investing in p2p approaches and having people donate spare server capacity might be better. For example, relay calling was p2p in the original Skype and worked well. Apple private relay is a similar concept whereby there are two intermediaries to make things private. It gets trickier since in mobile land you can’t run servers really, but I feel like the Signal population has enough spare capacity to offload bandwidth and stuff and could be an easier sell than “please give us money”.
For the sms verification, I feel like forcing the requester to do some bitcoin mining for you could potentially pay for itself.
As a counterpoint imagine instead if the cost of messaging went from $50 million per year to the even more lean $0 per year.
Messaging operations are expensive because they need servers to route your traffic. They need to route your traffic to navigate around the restrictions of IPv4 NAT. In a world of IPv6 there is no NAT (but firewall restrictions still apply).
I have created a relationship model that solves for privacy without need for third party servers and then routes messages based upon that model, but it’s limited by IPv4.
Signal should be able to bring in some revenue other than donations. Premium features that don't compromise the privacy? Premium stickers? Extended emojis only if one paid $1 etc.?
If you really wanted to talk to somebody in a "non-decryptable" fashion, could you set up like a channel that encrypts itself with a ton of different encryption methods, keys, etc. (encrypted payloads inside each other)
Signal encryption is its main feature (I think) and how easy it makes it (abstracts handling key transfer and all that), I'm just trying to think through... if I wanted nobody to read what I was saying , would I use an app/target as popular as Signal or something homegrown?
You don't need multiple security protocols (and in fact that is almost always a bad idea). You just need one good protocol and a way to securely exchange the keys. What signal solved for the most part is the secure key exchange.
If you want to talk to one person, you can give them a USB key in person with a set of crypto keys and then use that to encrypt your messages over any transit method and it will be secure.
You could, but you'd be adding complexity to solve a mostly non-existent problem. Security is rarely broken because the algorithm itself is broken. It's usually because one end has a key logger or other vulnerability. Or they are literally storing the unencrypted text in an unencrypted data store after reading it.
In the meantime, the added complexity adds new places for errors.
Yep, people who think about messaging security as a problem of sending data from one computer to another are missing a huge part of the attack surface. To fully understand the entire problem set, we need to consider the entire pathway from one human's brain to another.
I think the biggest risks for most people are going to be around key management, social engineering, and exploitation of terminal devices (i.e. if somebody has compromised your device running signal and can observe the message before encryption or after decryption).
More layers of encryption doesn't really solve those problems.
lots of drug traffickers went with something homegrown (Anom), which turned out to be an FBI front. they'd have been a lot safer sticking to Signal. and you can audit the Signal client's source code, which is enough to verify its secrecy.
They could use a free plus subscription model for really pro features, like “extra privacy”, “faster sending speed”, “create bigger group rooms”, these are bad features but you get it
As soon as there is “extra privacy” for a premium, I would ditch Signal immediately. It’s either provate and secure or it’s not. Certain things cannot be half measured.
Not having to rely on a phone number would be extra privacy.
They are stuck with SMS though because it's a costly... signal that prevents spam.
(Sounds like an opportunity ??)
But then this might solve the funding issue for them, but being tied to most payment systems would only somewhat improve the situation for the users.
I understand now why they dabbled with cryptocurrencies (Monero having proved that these can be anonymous short of having NSA levels of computing power ?). I haven't been keeping up, how did that work out ?
Maybe I'm the only one here but this so-called "transparency" in the form of a single blog post doesn't instill much trust in me. I have been an avid Signal user since the TextSecure days and still recommend Signal over any other messenger. However:
- There were times (e.g. during the introduction of MobileCoin) when the Github repositories hadn't seen any update for months, while they were still releasing new app versions on a regular basis. Heck, last time I checked there were not even public changelogs for any of the apps. Calling Signal "open-source" is a stretch at best.
- The Signal team time and again has failed to react to criticism of the usage of Intel SGX, or of how they completely messed up the introduction of the Signal PIN. And let's not talk about MobileCoin. Yes, being "open-source" or "nonprofit" doesn't imply they need to ask their users for permission or respond to every complaint. However, a minimum amount of openness and debating critical features in public would go a long way here.
- I would like to see some transparency regarding the overall foundation and corporate structure, beyond just silently filing form 990 years with significant delay. For instance, it seems Brian Acton can elect and dissolve the entire board just by himself[0, 1]?
Long story short, before donating to Signal I'd like to see a proper and continuous commitment to transparency, not just a once-in-time blog post.
appreciate their transparency, but boy do their devs make a lot of money. their 2 highest paid engineers make around $750k USD yearly. I guess if that's competitive good for them, I'm mostly jealous.
It seems that with uBlock origin enabled in Firefox, I was unable to fill out either of the 2 donation forms on the page. It wouldn't let me fill in my Name in the first form, nor would it let me enter a custom amount in the 2nd form.
"We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy."
Kind of Exaggeration to say that the other popular messaging apps don't respect your privacy.. all of them do, some more, other less, just not all of them have it as their main feature.
I always wonder what is the level of safety of Signal fron state level actors.
Signal uses telephone numbers as user IDs + sends those verification SMS. Also 50 employees? So how many are monitoring the infaratructure 24/7 (on a side note, a project with 50 employees is probably still better than those with thousands - what do those people even do).
If the data leaks somehow, telephone number as ID sounds very bad.
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world.
This is really the crux of the problem. ~$3M of servers per year is more than enough to start purchasing hardware, I wish there were easier ways for people like me to participate and help Signal on the cheap.
As someone who participated in the builds they complain about being expensive (and ignoring their , I don't think it's a function of centralization or "troubling" as much as it is practical. Meta, Google, etc all have many billions they could be saving if they could figure out how to make it cheaper too.
I don't see the point of all that encryption when the ends of a conversation are tied to publicly available info like a phone number.
Do you think $SECRET_POLICE will care that they can't decrypt my messages when they know I have exchanged said messages with a known dissident's phone number?
$SECRET_POLICE doesn't do innocent until proven guilty.
It’s so well written so long post, I afraid I well never read it as carefully. Tonight I’m too tired to delve into its depths. Tomorrow I won’t remember, possibly. And the day after that I won’t remember for sure.
Sorry everyone for this off-topic, I just think it’s needed to be addressed, but I have no idea what to do here.
Signal already has a very hard time competing against the network effects of WhatsApp and Telegram and getting people on the app, a fee would only increase that. But making it n$/year but with the option for an account withiot a phone number like other people are suggesting sounds nice, peace
> Signal already has a very hard time competing against the network effects of WhatsApp and Telegram
May not be the best thread to say this in, but Signal isn’t as good as Telegram and WhatsApp on features. People can be persuaded to switch, but may have different expectations than what Signal can satisfy.
Their competitors are free. Charging $2 would make Signal a non-alternative for many of their users, and due to how the network effect works, it would greatly reduce the utility for everybody willing to pay as well.
And that's all without even considering the significant overhead of collecting low-value payments internationally.
If you have a sustainable business model, you don't need the network effects. Threema is fine with a smaller userbase because they have a business model that works.
> Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago.
What? I know silicon valley salaries are a thing, but absolutely everywhere else in the world this would be insane. Maybe change the headquarters to somewhere cheaper?
Costs for staff are not just salaries. It's also pensions, taxes, benefits, the offices, software licenses and all the other stuff. I've often heard 50% of total cost going to salary, but it varies.
Pensions aren't a thing in the U.S. anymore, especially not for tech. And when a U.S. company says "staffing costs" that does not include licenses, offices, etc. It's strictly salary and benefits.
According to Signal's 990, it's paying multiple employees over $700k. That's above-market for corporate compensation, and it's way above market for non-profit compensation, to the point where it could be considered private inurement.
They cover this pretty substantially in the post on Signal's website (I know they merged the Wired article into this one).
Signal is trying to compete with the richest companies in the world; including for talent. And considering Signal's origins and motivations, they're not going to lower salaries or decrease benefits because some people believe that working for a non-profit automatically means lower compensation.
Engineers doing the same work on iMessage and Meta Messenger, i.e., their direct competitors, make less than 660k/annually in salary and benefits.
This means that the pay packages are likely not based on comparable market wages, which is an actual legal requirement for highly compensated employees for U.S. charities.
I keep re-reading this section of their blog post trying to figure out what I'm missing here. $2.6 million full load per employee on avg? Is this heavily weighted to a few executives? Can somebody explain this to me?
It's an uphill battle. I asked to recommend Session on the privacy subreddit- which the moderators denied because Session lacks a well-documented endorsement from a public figure regarded as an authority with regard to privacy.
That is a non-starter specifically in the context of vetting privacy-enabling software. Anyone got a list of privacy celebrities with enough spare time to vet reddit content?
If you ever have nothing better to do, view the revision history on the wikipedia entry for Session Private messenger and witness the petty roadblocks thrown up as objections to allowing it to have an entry.
I'll just say Session had to meet a lot of criteria merely to have a wikipedia entry that Signal's entry did not meet at the time.
To this day Session's hard-won wikipedia entry is saddled with a "limitations" entry best summarized as "Session is not Signal".
give the option to sign in without phone number paying a fee in bitcoin (sats on lightning network would be the perfect fit) would solve a lot of economic and privacy problems. Also dont waste money on phds post-quantum bullshits would be great.
Tells you how much faith they have in that "feature"....
I'd love to see some usage numbers on it, and perhaps removal of it when it turns out the usage is near zero... (Or maybe I'm totally wrong, which would be interesting too!)
If they remove it, it would render several hundred dollars I have in that wallet inaccessible without extra work on my part.
Usage numbers are not possible because Signal doesn’t include spyware in the app. There is no indication which transactions on chain came from the Signal app or any other app.
Yeah, you only ever hear the naysayers. So second voice to combat that: I like the integration and use it with (admittedly few) selected friends to split bills. And I think it fits signals mission.
Does anyone else think that this strategy of growing the userbase with a "free" product and then start panhandling for donations is outright dishonest?
There are tons of smaller XMPP or Matrix providers that didn't get access to millions in funding from these big corporations like Signal did. Who have to run a business in a way that requires paying customers from the start. But now that cash is tight (and after they built a sizable user base) and they can no longer just outspend the competition, suddenly they remind you of TANSTAAFL and are asking you to cough up the cash.
It is the same shitty playbook used by VC-funded companies, except that is now dressed as some virtuous thing of "looked at how much it cost to build all this..." It makes some emotional appeal but it tries to hide from the audience that these costs are solely due to them insisting on controlling everything.
If it is so expensive to run Signal, then open it up to let other people run their own servers instead of trying to control everything. Don't give me this bullshit of "we are a non-profit but we are in the same lane of big tech corporations". You are there because it served you. You can not have it both ways.
> open it up to let other people run their own servers instead of trying to control everything.
If you know of a good open architecture that solves the problems of spam and impersonation while maintaining the convenience and ease of use necessary for mass adoption, please share it.
I could get my parents who are nearing their 70s to use Element (Matrix) and it took them less than 10 minutes, even with me asking them to register to a non-default homeserver.
Screw "convenience". It's a poison pill. "Convenience" should never be put above "resilience" (not to mention "freedom") in a value scale. The American obsession with "convenience" is turning us all into cattle and it's getting harder and harder to get the rest of society to function without being controlled by some corporate overlord.
With all due respect, it seems that you have conceded that a convenient, spam free, open option not only doesn’t exist in practice, but can’t in principle.
That’s more than even I believe. I just think nobody in the OSS space has put the work in to figure it out yet.
> I could get my parents who are nearing their 70s to use Element (Matrix) and it took them less than 10 minutes, even with me asking them to register to a non-default homeserver.
Well in that case Element would be the solution we’re looking for, except that not everyone’s parents have someone like you to help them.
And as for the desire for convenience, it’s hard to imagine you seriously believe that only Americans value convenience over resilience. If that were true, the rest of the world would be using Element rather than WhatsApp.
Simply railing against people’s needs doesn’t change them.
No, you got me wrong. I think that Matrix is convenient enough to be practical, and I think that the issue is that we keep holding it back because we keep waiting for "someone else in the OSS space to put in the work" to make it as convenient as the leading closed alternatives, which is a fool's errand.
> Well in that case Element would be the solution we’re looking for, except that not everyone’s parents have someone like you to help them.
Yet they manage just fine to get a sales rep from Best Buy to help them setup FaceTime on their shiny iPhones that they get to buy every two years. Why can't that Best Buy rep be trained to setup Element instead?
It can in principle, but not in practice. To become something attainable in practice we would have to start supporting the companies that are focused on the more important things first until they are mature enough to be able to dedicate time and resources to optimize for convenience. The problem is that when we prize convenience above other things and we end up with stupid things like customers arguing about the color of their speech bubbles.
> To become something attainable in practice we would have to start supporting the companies that are focused on the more important things first until they are mature enough to be able to dedicate time and resources to optimize for convenience.
What happened to open source?
> The problem is that when we prize convenience above other things and we end up with stupid things like customers arguing about the color of their speech bubbles.
That’s a fair point, in that if consumers prioritized open infrastructure over convenience, a commercial enterprise would too. However this is back to the earlier point - there is no point railing about that. It’s just a fact that most people want to just buy the nicest thing they can with their money.
Open source is not magic fairy dust that can solve everything. You still need funding for developers, you still need to acquire customers to provide a feedback cycle, you still need device makers making it easy to install your app, etc.
No. Signal has the funding, the technical talent and the customers. They are as "open source" as it can be. The issue with them is that they want to control the platform.
> You act as if control has no value to their mission.
What is their mission, exactly? Why does it require one single entity as the single pipeline for all global communications?
How many times will we have to go through the same cycle of building centralized Leviathans and see them turning against us, to understand that this is the Road to Hell?
Some of these things raise an eyebrow and I'd like them further broken down (but in the mean time, I'm still donating):
* $19 million for 50 staff
- That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.
* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
- I'd drop these features if possible, or give them to donors.
* Storage: $1.3m, Servers: $2.9m
- I was actually expecting this to be far higher
- Long term storage should probably be donor-only
- Servers could likely be optimized by going hybrid cloud with colocation and owning own hardware, but again, was surprised how "little" they're spending on this.
* Sms registration fees: $6m
- Stop contributing and supporting the "Your phone number is your identity" problem.
- Move towards helping educating society and establishing a set of encryption keys as their long term identity
It's easy to criticize from the bleachers. Still thankful for the app and I'll continue to donate.
- That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.
You get what you pay for, though. $338k/year seems like a reasonable salary for people working on something as privacy critical as Signal – just because you're working for a nonprofit doesn't mean you have to work for less competitive wages.
> $338k/year seems like a reasonable salary for people
That $19M/year was total employee costs which, as best I understand these things, can often work out to be double the raw salaries which would bring the average down to a slightly less excessive $170k/year.
Whilst competitive salaries are important, it's fair to say that, outside of the US, you can get good people for a lot less than $338k/year.
To give one example of a (not that cheap) market, outside of London average developer salaries are probably under $50k in the UK. Even accounting for additional costs like taxation and equipment, that's likely to be under $100k fully loaded.
I said Average for a reason :D I didn't say you can get "top-notch" security developers for that.
I don't think there's industry numbers for that set of people in the UK, as it's not a big enough set. However I'd be surprised if they were 150K plus though, that's a very rare salary in the UK.
Also there are cheaper countries than the UK who have great devs.
There's definitely top-notch software and security engineers making well north of £150k in the UK. As you go up in levels, it's indeed a small set of people, but FB / Google comp for a top L7 engineer working in the same space as Signal engineers can be $700k+ in the UK. Just have a look at levels.fyi, and you'll see that even finance will pay over $500k in London. Furthermore, given how small the group of people are at the top of these companies, very few will self-report their incomes publicly, which is why you'll rarely hear about the engineers making $1M+ – but those cases do exist.
The people behind Signal pioneered end-to-end encryption, and as is pointed out in the blog post, there's still a lot of novel cryptography development involved in building a privacy-first messenger. You can't do that without top-notch talent.
IIRC, employees cost the business ~150% of their salary. That means we're looking at more like a $220k/yr salary on average. For a bay area company, that seems completely reasonable.
Nonprofits, as with for-profits, must pay competitive wages or they will have trouble getting the expertise that they need. $338k/head seems reasonable when you also consider taxes the company must pay for each employee.
"just because you're working for a nonprofit doesn't mean you have to work for less competitive wages"
Actually it does usually. Because when people see real meaning in their work, as opposed to find yet another way to manipulate people on other peoples behalf, then you don't have to buy their consciousness as well.
So sure, it is awesome, that signals employers get to have meaning and money. But I would bet, you would find competent people working for less. (And maybe somewhere else)
But .. they do have a working app and organisation right now and drastic changes could destroy that.
Why shouldn't we want to pay people working at non-profits the same for their labor than they would get at for-profits? If they are doing just as or even more important work, why do we want to bend over backwards to justify them getting paid less for it?
Oh come on. Just because the organization is non-profit, meaning that it's not out to make a profit for shareholders, is no justification for the staff to be paid below their market worth. In fact, they could definitely earn more by quitting and working at for profit companies. And that is especially true for those who are getting the higher end of the compensation.
And say that staff number was like, $5m/year less? It doesn't change the fact that costs of running are substantial and more donation is needed from those who want it to remain viable.
One thing I question with that is that if you gave features to donors only, wouldn't that mean that signal now needs to track users in ways that aren't privacy preserving? I.e. you'd be able to know if any given user using signal now has given payments to signal. I'm not sure that'd work with what they want to do as an organization.
This is a product that solves some of the harder problems of engineering, and has a staff of 50. Cheaper isn’t going to get you the best. If you had a staff of 1000, you could make that argument. Besides that’s not a lot of money to begin with. 340k is a senior engineer salary and I am sure the people running the company are far more capable than senior engineers.
> drop those features
That’s a valid argument, but 1.7M for that 20PB of bandwidth is not a lot of money. Dropping or making the features paid, defeats the purpose. If you’re trying to be the privacy first app that competes with WhatsApp and others, this would make it harder to be a viable alternative.
> sms registration fees
Education is a harder problem to solve, but offloading some of the costs to users may make sense here.
It's easy to say that "you should do x" from the bleachers but when you're in the arena you run up against reality. For example, Signal had a blog a while ago about how they tried to avoid the sms features, actually for privacy reasons, but they found people just didn't use other alternatives. Here's a reddit thread of users advocating for SMS support https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... .
So it was the best of all the available options practically, if they wanted to grow and retain the users.
< "* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
- I'd drop these features if possible, or give them to donors."
How about they pull their socks up and use peer to peer technology instead? Messages are asynchronous so they need to be temporarily stored but routing real-time audio and video is a technology problem that they have chosen the expensive way to solve.
They are peer-to-peer by default between people in their contacts list. That is for when calling someone that isn't in your contacts list or for people that have enabled the relay all calls option.
> I'd drop these features if possible, or give them to donors.
They can't really do that, it deters adoption of something with a network effect.
The real issue here is that direct connections have privacy implications (maybe you don't want the other party to know your IP address), so they relay everything. If they could solve that they could save a lot of money.
For example, detect if the user is connected via a known VPN service (which is likely given Signal's user base) and then let the VPN hide the user's IP address instead of Signal having to pay for it. Or make a deal with popular VPNs to put the relay servers in their data centers, which gives a similar advantage and they might be able to get better pricing from them in general because the VPNs already have a lot of bandwidth, are sympathetic to what Signal does and could use it as PR.
Still doesn't work. Any two people don't have a pro account and they stop using it in favor of a competitor, and then their other contacts use the competitor too. You can't charge for something WhatsApp has for free.
They need to dump sms entirely. Use on device private keys. If users mess it up, it’s on them. People need to get educated about how to manage private keys.
As someone technically savvy, I don't trust myself to manage my own private keys sufficiently for a service that's the point of contact for all my friends and family. I think it's a much taller order for someone without the technical knowhow – remember that Signal's audience includes very non-technical people who don't have time to learn the technical ins and outs but absolutely require its utility, like journalists and dissidents.
Then few will use it and Signal will die. There is this gap between the ideals of the technically-minded and the reality that users live in. They tried to dump SMS - and people responded by not using alternatives. The entire sales pitch of Signal is that it is easy and unobtrusive.
costs for a nonprofit are the same as costs for a forprofit
there’s just a bunch of nonprofit employees or personnel that play on the pauper perception because its convenient, but “nonprofit” and no money is not correlated to anything
so if those employee costs were excessive for any organization, saying non profit doesn’t make them more or less excessive
I think tech talent is undervalued and should at least compete directly with FAANG, for many organizations this is not possible, for organizations with other liquid assets they create (like Signal) it is possible. All employment hasnt risen with cost of living, I’m not familiar with other sectors.
Signal can be better, IMHO, by separating from phone number requirements. In other words, let users have secure random ids, rather than forcing each user to hand over their phone number for phone company verification.
It turns out the budget shows the phone number registration problem: the costs to deal with phone number verification seem to be $6MM, which seems to be 10% of the entire budget.
If Signal staff are reading this, I'd gladly pay $100/year for a phone-free solution for all users.
A bit handwavy, but allowing sign-up without a phone number could massively increase bot/spam traffic and ultimately increase hosting costs for Signal.
Accepting these payments would not be trivial, and linking them to Signal accounts would create a treasure trove of metadata that neither Signal nor its users would likely be very happy about.
Just charge $10 to create an account without a phone number and accept Bitcoin. Most people can avoid the $10 by providing a phone number, privacy-conscious people only have to pay $10, it generates revenue, and the $10 puts the spammers out of business because they don't pay $10 once, they pay $10 every time they get banned, which happens multiple times a day.
You could even automate the bans by banning anyone who gets blocked by more than two people they sent messages to, which anybody can avoid by not sending messages to people who would block them, and if it happens to someone innocent, it's still only another $10 to reactivate your account.
The phone number requirement is why WhatsApp won the space over in the first place. There were loads of username+password-based services before it, but none reached the market it did. Why? An incredibly wide user funnel, singing up is frictionless.
You might understand that it's a bad idea, but that makes you an outlier.
No, WhatsApp won because it successfully replicated and replaced the SMS experience in the developing world, where the cost of data was dirt cheap in comparison to the cost of a single SMS message.
Experience on WhatsApp, Telegram or any other IM is vastly better than SMS. Unless by SMS you mean iMessage - then it's even simpler - most of the world doesn't use iPhones.
Given the choice between SMS and a service that provides the same functionality is free, superior in most ways, borderless, etc. the choice to use whatsapp is obvious.
Mxit existed long before WhatsApp. Possibly a decade. I used it in the developing world and it wasn't anywhere nearly as successful as WhatsApp. For example, nobody in my family used it.
Signal has an app to use it with your computer. It's a one time linkage through a QR code. As long as you connect with the app at least once every 30 days, you never have to worry about it and, unlike WhatsApp, your phone doesn't have to be online for it to work.
I don't really buy this argument. Is signing up with a phone number really that much easier for the average user than using a username/email account? Billions of people seemed to have no problems making a Facebook or Google account.
With WhatsApp, your phone number allowed you to see everyone in your contacts that you could message on there, so you could see everyone straight away. Without that, you'd have to bring your friends along and have them sign up as well, then give you their username so you can connect.
The lack of a social network is why I settled on Signal. Before using Signal I tried Telegram, which requires a phone number and if they recognize your number in any of their user's contact list (which many people seem happy to allow access to), they'll send them a notification telling them their contact has joined. I got a nasty message within 10 minutes of making an account from a woman accusing me of pretending to be her deceased father. I had inherited his phone number a decade prior, and it told her I had made an account. I was so shocked they not only allowed, but encouraged such behavior that I deleted it promptly and swore I'd never use it again.
Signal does the same thing. Or maybe it used to but they changed it. I have a bunch of notifications of "so and so is on Signal" from when I joined years ago.
Can't say I've ever gotten any psycho responses from it though.
Requiring a phone number also seems like a decent way increase friction for automated account creation - obviously it can be overcome, but it probably reduces automated account creation by a few orders of magnitudes, which I would imagine reduces the amount of botting/phishing/ban evasion, which could all add up to be pretty expensive to an org.
Using phone numbers as identifiers (and by extension users' phone books as a contact discovery mechanism) is probably at least equally significant as a factor for WhatsApp's success.
I'd say it's basically standard everywhere outside the US. I lived in Canada and Europe, and eneryone is on it. All my fellow immigrants in the US are all on WhatsApp groups.
Focusing on app features is one thing but the bigger picture is that Signal is at risk of not existing without capital… (just donated $20 today and I wish I could buy stickers off of them).
I just hope they don’t expose phone numbers if a conversation was started on usernames and one or both parties have phone numbers saved. I hope it is not this bad - something Telegram does.
Also preferably clearing differentiating username and phone number messages.
I don't understand the concern. Signal has never been about anonymity. If you need to be anonymous, use a different tool. I like the fact that a phone number provides an additional verification that the person I am chatting with is who they say they are. As far as risk associated with having your phone number leaked to bad actors, that ship sailed years ago. I guarantee your number has been leaked a thousand other ways starting with by your phone provider.
It would have very particular ethical trade-offs, but they could just make signing up without a phone number a paid option. That has the advantage of actually turning a cost center into a profit center, at the distinct disadvantage of creating a moral hazard by the exact same virtue.
$6 million per year on outgoing SMS?
Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.
Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).
Would invites be a solution? Anyone can sign up if they provide a number, otherwise you need an invite from someone with a number linked. It would clump the identity/legitimacy for all invitees into origin number, but still allow disparate accounts.
they did not "make it required", Signal was just never developed to support anything else for username/registration. Which is what they have now almost corrected.
It's wording then. Making something required sounds like an artificial limitation whereas implementing support for usernames requires a lot of work, it's not like they commented out a couple of lines on purpose.
What is required at the moment is any phone number, not your phone number. You can use a phone booth even.
Or just kill SMS entirely. SMS is old tech from the 1990s. We have better things now, like e-mail over LTE/5G, that work across countries, across devices (whoa!), across providers, across SIM cards (wow!) allow more than 140 characters (wow wow!), and allows easy-to-remember alphanumeric identifiers for user ids (wow wow wow is this the future!). I hate SMS confirmations, I don't want to use my phone number as a username, and I will most certainly never donate to an organization that is using my donations to pay for stupid SMS texts after e-mail was invented.
I think we're all on the same page here, but the point is specifically "e-mail over LTE/5G..." (or really HTTPS over TCP/IP/LTE). I see SMS as this weird, independent, kluge of a data channel on the side, which was only cool when phones weren't yet fully interoperable with the Internet.
I feel the same way about the entire telephone system at this point.
Personally, I refuse to financially support Signal so long as they're still holding my chat logs hostage on my old iPhone and seem not at all concerned about solving this problem, which has existed for years.
There was (and still is, so far as I know) no upfront warning to users that if they don't first sync with a desktop client, and their phone gets lost or stolen, their iTunes backups do not (unlike most iPhone applications) contain their Signal chats. And furthermore, there's no way to export those chats in backup format from an old phone.
(You can transfer, but the transfer deletes the data from the original source, which is extremely foolish and dangerous IMO, and anyways isn't a proper export accessible from other applications. Furthermore, so far as I know there's no support for transferring from very old versions of the Signal client.)
This has been a critical bug for years [1], it's one of the most complained about issues, and Signal has done (and intends to do) absolutely nothing to fix it. It is absolutely unacceptable to have our own data held hostage by them in this way, especially without any upfront warning.
I completely agree with you, even though the situation is at least a tad better on the Android side... However, it's worth noting that Signal seems to consider this a feature and not a bug.
I hate that. I use signal to chat with my friends. We trade pictures of our cats. I am not a whistleblower who needs my data deleted instantly for safety. I provide the noise that acts as cover for those people. And I would have a LOT easier time bringing onto the network if they were able to keep that chat history. (I take a backup on Android and export it and clean my Signal install periodically because it gets large and starts taking up too much space on my device.)
I love Signal. I want it to succeed. I think they have a little bit of problem understanding who their users actually are though, or perhaps just a disconnect with telling us who the users they want to have are...
Interesting, I always saw this as a deliberate feature aligned with what I first came across Signal for (sensitive communications between trusted parties that may need wiping at a moment's notice). If a journo reporting in a less than hospitable regime had their phone confiscated then they need not worry about their chat logs compromising them.
Sorry, how is this any safer for the journalist? If their phone is compromised in a way such that someone can login and control their Signal app, their chat logs are already compromised. I’m just saying there should be the ability to export those logs once you’ve logged in.
But if they don’t want to provide that, then:
1) Why does the Android app support this?
2) They should warn users of this BEFORE holding their data hostage, and not market Signal like it’s the right solution for everyone.
Wouldn't it be more damaging if the authorities are able to sync and recover the chat logs (they had time wipe the logs)?
If they are able to take the journalist's sim card which is linked to their Signal account and then are able to recover the chat logs the journalist would be done for.
Of course the supposed journalist we're speaking of is already in a bad spot if they're interred. However, they might have plausible deniability with respect to their phone if there's no compromising chat logs to recover.
To your point about exporting, it would be nice. Ultimately, why can't we have both worlds by way of toggling the function?
I’m certainly not proposing that access to your SIM card should allow authorities to sync your messages! They should be stored encrypted on-device, and only exportable if you have login access to that device.
If authorities do acquire login access to the device, they can scroll through your chats and make screenshots, with or without an export feature. It’s true that exports make it slightly more convenient for them, but if you’re a serious target they’ll do it the hard way.
If Signal wants to provide some opt-in to disable exports, which can’t be retroactively reversed for old chats (otherwise it’s pointless), I have no problem with that. But if you’re worried about authorities with login access to your device, you shouldn’t be storing logs at all.
Perhaps Signal is not the right choice for you? It seems odd to be so concerned about data retention from a system which prominently features support for disappearing messages!
I expect messages to disappear when I turn on disappearing messages and not when I don’t turn them on.
But yes, I agree it’s not the right choice for me and many others who want to have full ownership over our data, and they should make that clear in advance.
> But yes, I agree it’s not the right choice for me and many others who want to have full ownership over our data,
The whole point of Signal is you have full ownership of your data. You said you can transfer the data to another device, right? I get that inability to export cleanly is an annoying bug, but technically you have full control over your data the whole time. It seems to me that it's easier to guarantee no one else can get your data (at the expense of data export friction), than it is to provide "do anything you might want with your data" while still guaranteeing privacy.
Being able to transfer to another copy of the same app, but not to a different app, and being forced to delete the original data in the process, is not ownership of your data.
Love the product. Had a monthly recurring donation for many years. Dropped it over what I consider to be their serial mishandling of open source. See https://github.com/signalapp/Signal-Desktop/pull/6186 for the latest chapter in the, "we won't implement desktop GIPHY that we announced in 2016, and also won't merge it when someone else thoughtfully implements it for us" saga.
I feel like they've made their position here quite clear and it's well-reasoned. I understand the disappointment, but this doesn't give any indications to me of "serial mishandling" unless there's some other context I'm missing?
Open source != open to contributions. Signal has made it pretty clear that their motivations for open source are visibility and verifiability, not to get people to do work for them for free. It seems like the action item to update the CONTRIBUTING.md to make those expectations more clear is a reasonable one.
They announced the feature coming to desktop "shortly" seven (7) years ago [1]. It has been implemented on mobile for ages, and is generally one of the most-popular features of any modern messaging service. In the years since, things like in-app cryptocurrency were implemented. Issues on GitHub dating back to 2017 were unceremoniously locked [2]. A community feature request has been open since 2018 [3]. When more issues on GitHub were created, they were told to discuss it in the one that was already locked, and didn't respond further once that was noted to be impossible [4].
When the PR was thoughtfully created long after it was clear that they wouldn't be honoring their own announcement, they said (approximately a year ago) that they would review and implement it with credit. After 6 months of darkness and petitioning, it was dismissed as being harder to review than to implement while disingenuously counting things like SVGs and license text as LOC. When some specific concerns were finally provided, the author responded point-by-point in how they were already researched and addressed, with a polite request for evidence so that they could correct any misunderstandings. The subsequent response ignored everything in that but the suggestion to update the contribution guide to align with their previously-unstated intent.
Serially mishandled. I'm not moving off of that position.
Why would you ever want to raise the bar for what constitutes open source, all the way up to "Must be open to spending their time reviewing and integrating massive contributions from 3rd parties"?
I don't understand how storage can cost a million dollars when they don't store anything. Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine... even if you receive and send trillions of messages I don't think you would end up storing much at all.
As for registration fees, it sounds like they should use authenticator instead of SMS... and stop requiring a phone number to sign up. That is why I left Signal (went with Matrix). I don't see why anyone would want to tie their Signal to a phone. If you value privacy, why would you do that?
Servers cost seems excessive as well. I don't believe you need that many servers, even if you served a boat load of requests.
As for bandwidth.. okay, that may be the case. I am not sure how you can get that cost down.
> Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine...
The details are there in this post, but I can offer a few guesses. Users may be using multiple devices. And the service has to deliver to all the linked devices before ejecting the message from its storage. The time limit for storing and waiting for linked devices to come online is about a month. With tens of millions of users, this could add up.
Even if every user had dozens of queued up messages, I don't think it equals millions in storage costs. Maybe I'm naive, but I have a storage/database/queue with billions of records and it costs <$700/month.
I think some messages will cost more storage than others. I have 4 devices synced to my Signal account. Yesterday, my friend sent me a 6.8 MB cat video[1]. I presume Signal has to store this cat video until I boot up my 4th device and load the queued messages.
If Signal drops the requirement to have a phone number I'll support them with money. If they allow me to change the name of a contact to what makes sense to me, I'll donate again. Follow the example of Session on this!
I'm seeing all the comments about the $6m Twilio expense, but nothing commenting on how their cost per employee is $380,000 totaling $19m. I think they could optimize this easier if the will was there. I know HN is very SV/tech centric, and that number makes sense there given the run up of VC money, etc. but I'm willing to bet they could source talent from cheaper places and slash this in half; if they wanted to. Just an observation, not my place to tell anyone how to run their business, but for a nonprofit that is trying to drum up donations to fund their operations, I'd think they would want to be leaner.
This number includes taxes, benefits, etc, not just raw salary.
Notably Signal employees do not get equity, so the salary must be higher to remain competitive.
Signal is probably the hardest class of product to build. Name an optimization/distributed systems problem, they probably have it. And quite literally, a Signal bug could jeopardize an activist/journalist’s life.
So for a <$200k salary and no equity, how many world-class engineers do you think you could hire?
I simply wouldn’t trust the product, if it had mediocre engineers.
I interviewed at Signal for a senior developer. They do not pay well. I didn't even get past the phone interview because they were nowhere near my range. No idea where the $380k comes from, executives maybe?
If you want to hire the best talent - engineering and ethics, you need to pay top dollar. 380k is senior engineer comp at most FAANG adjacent companies. It's not a lot.
This is SV tech logic that I mentioned. I’m just not usually of the opinion it’s necessary. There’s a lot of talent around the world. And I’d guess only a few really “top talent” folks are needed to build the unusual problems/cryptographic parts of their app. A lot of it could likely be build by an average dev with some oversight.
I say this as a person that regularly and successfully hires devs from low COL areas. I know the common pitfalls of it and know it’s completely possible to manage and get high quality outcomes. It requires a management approach that’s slightly different than having 100% top tier talent from high COL areas but it’s possible all the same.
I'd never advocate for unfair compensation. Only that what's fair is highly variable when the world is your potential labor pool. A lot of people and companies think or behave like only a few areas of the world produce quality software. It's absolutely false. I'd also want to question if a company full of Master Craftsmen are needed (if that's what's implied by the $380k/employee). To keep with the construction metaphor, most labor on a typical construction site is Craftsmen supervising unskilled/lower skilled labor; otherwise cost would be a major issue (more than it is already).
Are you the same kind of people that think that NGO workers should work for free or for a small wage that is not representative of the market wage for their positions?
No, I’m the type of person who thinks tech salaries are bloated in certain areas and certain companies and that does not follow the distribution of talent. It’s followed the distribution of VC money and profits of large companies. The evidence of such is that the median software engineer in the US is in the low-mid $100s (depending on what source I want to believe it’s $110k-$140k). But I also believe that same talent can be sourced outside the US is many cases and for far less expense.
I also view most apps/tech as not very novel. It’s largely the same engineering “problems” that are known and well documented. A lot of it can be done by average developers and “top tier” talent isn’t usually needed other than probably the cryptographic components in Signal’s case. Scale is certainly a concern, but that is a familiar problem that’s has a lot of documentation solutions and approaches.
I could be wrong. Maybe they’re already doing this and it just happens most of their expense is going to a couple high paid execs. Could be that I’m underestimating the complexity as well. But I find my statements to be true in many cases. I can even point to the number of times I’ve talked to consultants and top tier devs about building things for me. What they would charge $1m for I can often piece together for less than $50k by hiring a few folks in low COL areas and then just spending a little effort refactoring their code to be as pretty as I like it to be; sometimes I outsource that too but the point is having a whole company of top tier talent isn’t usually necessary, it’s a choice. Just like believing that top tier talent only exists in the high cost tech hub cities is a choice more so than the truth.
OP didn't mentioned to slash salaries just by half not by 75%. Most IT people in western countries in Europe are not making even 200k per year. Even in London is hard to get 120k unless you maybe working as a contractor.
A lot of those SV talents are not american but migrated from europe or elsewhere - there are still talented people in EU who just simply don't want to move to USA these days even if salaries are at least 2x. You wouldn't have a problem finding real talent in eastern europe for 150k.
Well I don’t get paid to hack, it’s a hobby and sometimes I’m and entrepreneur so I don’t have the same bias as thinking all devs should be making $500k+. I actually think of cost controls and how to build more with less, so kind of polar opposite motives.
Cheap is also a relative concept. I have a guy on full time that I pay $1500 a month. It’s more than twice than he’s ever made in his life and he’s an excellent dev. If I needed to, I could find 50 more like him. Sure if I was FAANG scale trying to hire 30,000 of these people it might get tough. But, I could probably create an entire training program and just apprentice people for less than they paid new grads out of 2-4 schools they normally hire from.
Silicon Valley is not the only place to find engineers who know what they're doing. Some of us want to stay in our home country and/or don't want to jump through the hoops that American tech companies demand.
It's amazing what they produce with their headcount:
First, we have three distinct client teams, one for each platform (Android, Desktop, and iOS). These teams are constantly working: adjusting to operating system updates, building new features, and making sure the app works on a wide variety of devices and hardware configurations. We also have dedicated engineering teams that handle the development and maintenance of the Signal Server and all of its infrastructure, our calling libraries like RingRTC, and core libraries like libsignal. These also need constant development and monitoring.
Product and design teams help shape the future of the app and determine how it will look and function, while our localization team coordinates translation efforts across more than sixty languages. We even have a full-time, in-house support group that interfaces with people who use Signal and provides detailed technical feedback and real-time troubleshooting information to every other team. This is an essential function, particularly at Signal, because we don’t collect analytics or telemetry data about how people are using Signal.
--------
How many people does it take to perform all that?
In total, around 50 full-time employees currently work on Signal ...
FB only wanted whatsapp to preempt a potential competitor. They are happy to give the service for free (at a loss)
There is no room for monetization because of FB. In other words, you can't compete with a monopoly, even if you are in a different business. They simply take all
FB is getting and using some metadata from WhatsApp. FB also said it would be introducing ads in WhatsApp. While WhatsApp may not be raking in a lot of money, it’s not a complete loss for Meta either.
An entirely peer-to-peer instant messaging network, which doesn't rely on a central authority, is technically possible. A $50M/yr burn rate to implement that authority as an act of charity is simply unsustainable. Why do we insist on continuing down this path?
Attempts to decentralize or federate Signal are met with hostility. The Signal Foundation tells us that this is the only possible way; "the ecosystem is moving", and we must exist in competition with commercial offerings, rather than build something small, sustainable, and decentralized. This is great, until the AWS bill is due.
Because peer-to-peer messaging is not a solved issue. People want asynchronous conversations and not have to expose their location to everyone they talk to.
There are other platforms that are working on federated e2ee services (it's not easy. matrix was completely broken a year ago).
I'm not suggesting that it's a solved problem, but it's a solvable problem, and the Signal Foundation should be using its (significant) resources to solve it, rather than slowly bleeding them out to AWS, GCP, Azure, and Twilio. Unfortunately, solving that problem also significantly reduces the scope of the Foundation, so there's little incentive.
Nothing seems out of the ordinary in terms of costs. But there some features that would be pertinent to their core mission of providing a secure messenger, and stories and payments aren’t some of those. Stories button takes up half of the bottom navigation bar, I have not seen anyone using that feature.
Their non-product approach is what prevents men from becoming a recurring donors. They are finally testing a build with usernames, but it has been long over due.
I'll probably donate, but I find it annoying that Signal only offers Linux packages for Debian-based distros. I've had headaches with the Flatpak. I would think that the Linux desktop audience - while not huge - would be the most interested in Signal. That is, might not be a lot of Linux users but percentage-wise I'd bet more Linux users are interested in Signal than macOS or Windows users.
> she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
There is also a third alternative: Threema (https://play.google.com/store/apps/details?id=ch.threema.app...) is a privacy-focused messenger app that tries to cover its costs by *gasp* asking for money for the app! But of course those notoriously financially-conservative Swiss can't hold a candle to Signal, who first decided to give away their app, same as those other messenger-making companies flush with cash, and then found out that supporting all those users who download your free app actually costs money...
I would use Signal, but it ties to a mobile number, that is why I don't use it. Been using Element/Matrix instead. I'd consider switching if I could primarily use it on a Desktop decoupled from a mobile device.
Contact this company if you're looking Best IP-TV Provider
Whats-app: (+12023675323)
I buy from him every year and I don't find any problems with the server, worth encouraging
This was a nice, detailed read. At some point, Signal would have to move out of cloud providers at least for a few things to manage costs better.
I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinately user unfriendly on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal ignoring the user and UX issues completely.
> Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages.
This is not the only case where Signal has decided that users should not be in control of their own data. For example an Apple Store or authorised repair shop may need to reset the phone, or an OS upgrade goes badly and needs a restore will also lead to data loss even if there is a full local encrypted backup made.
It is really orthogonal to the much of what Signal claims to stand for them to so boneheadedly insist that users should not be allowed to own and control their own data.
It's crazy, 400,000k per person. It would feel like nothing but an unfair waste of my "cheap-country" money to fuel "overpriced-county" with a donation.
But that's not salary, that's the total cost per employee. So if you factor in ~40% cost for healthcare, pension, perks, and various taxes, then the average salary is closer to $240,000 which will still a bit high, is probably less than market for the average engineer working at the company.
Per the 990, which is just salary, multiple employees at Signal are getting paid over $650k. That's way above market for the nonprofit sector for comparable positions.
From page 2 of Schedule J (at the bottom) they break out the components of the compensation, showing that most of those numbers incorporate a base salary that looks fairly normal with 2-600k of bonus & incentive comp on top.
In curious Googling to see if there was an explanation for how their structure works, I stumbled on this interesting Glassdoor review:
> The bonus structure promised up to a 100% match with salary, but in practice the system was set up so that nobody got more than 50%, if that. Had I understood this I probably would have taken a competing offer that ultimately would have had much higher comp.
> The quarterly cliff on the bonus system, where a feature failing to ship within the quarter specified (even if just by a single day) was counted as if you hadn't done it at all. This led to death marches each quarter as everyone scrambled to try to finish unrealistic goals. It wasn't possible to get help from anyone else at these times since of course they too had the same problem.
> Nominally, the quarterly goals were set in a collaborative process. In practice it was a 2 day full day meeting where we were told what Moxie had decided we were going to do - our input wasn't really considered at all, including if it was even viable to complete in a quarter. I'm fine with top down control, that's how most corps work, but I disliked the false patina that this was some democratic process.
> Internal communications are a disaster, because Signal uses Signal for everything, including things Signal isn't at all designed for or good at. Bug tracking is literally done in a giant group chat. I have a newfound appreciation for JIRA.
After a few hours of reaching out to people about this, the Signal salaries appear to be grossly inflated not only compared to other non-profits, but to what engineers working on iMessage and Meta Messenger make for the same or more difficult work (considering that both of these competitors many several times the users as Signal; Meta Messenger has over 1 billion users).
Back in the day Signal was called TextSecure and it did everything over SMS which required no centralized infrastructure aside from the cellular networks. They transitioned to internet-based messaging to support Apple devices. It seems that decision is now a 50 million dollar per year step backwards.
It's not a step backwards for me. Our organization uses signal in many situations where SMS isn't an option. When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages. We had a widespread cell outage in my area last year. Signal not being on cell/SMS meant that I could still communicate with family without need of cell towers. This is a big step forwards imho.
> When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages.
WiFi calling is a standard feature that does exactly what you describe for texts and calls, without using a third-party. I have cell connectivity turned off constantly on my phone and yet receive texts and calls via WiFi.
It is actually an awesome feature for receiving 2FA SMS at my parent's place where there is great internet but poor cell coverage.
WiFi calling isn’t always free internationally though, it often gets charged according to your phone plan’s international rates, which is discouraging for many people. Signal, on the other hand, just sees WiFi as WiFi.
Right, I totally hate being able to text, voice, video, send files, and screen share with individuals or groups of people, including half my contacts who use iPhone. Also, fuck them for making all of it sync to all my computers. And I especially hate the fact that I was not billed by telecom carriers for the tens of thousands of messages I've sent and thousands of calls I've made over it over the last 10 years.
Yes, indeed, how backwards. I wish I only used software that spied on me, or permitted others to spy on me, for those features.
Every time I hear about Signal's donation notices I start thinking about ways they might generate revenue. I'm sure Signal staff have considered a ton of options already. Anyway,
- can't do personalized ads or geo-specific ads, so doing generic ads wouldn't drive a ton of revenue anyways
- can't require users payment because when payment (most forms, including bitcoin!) can be used to identify people
- No real benefit to themed group chats (like discord nitro) since it doesn't focus on community groups
I'd love for someone to figure this out, though, because a nonprofit structure for an app is not sustainable.
Who is the active user base for signal these days? Everyone I knew who was using it dropped off after the SMS debacle, which was a shame.
Edit:
Wow some weird haters on HN today. I was honestly curious as an active signal user that was no longer able to use it to message people in North America and had never seen anyone using it in East Asia. Apparently this makes some other signal users very angry.
I've been to a lot of meetups in the last year and exchanged contacts with people. As a nerdy idealist running a deGoogled Android with no proprietary software, I always have to tell them that I don’t have WhatsApp, just Signal. Again and again I have heard the reply, “Oh, yeah, I’ve got Signal, I use it to buy drugs.”
So, that’s some of the active user base in my city, but none of those users are very motivated to use Signal with their network of contacts in general. There WhatsApp reigns.
That's been similar to my experience in the last year. WhatsApp or even worse, Snapchat, seems to be the preferred "private" messaging platforms, which is depressing to say the least.
Buying drugs from shady people online like on Telegram channels is a good way to get you not high or killed. Apparently they're selling HHC now that looks like bud? No thanks. I'll stick to my local guy straight from behind the bushes next to the park.
those users probably have a far lower impact on Signal's operating costs because they're only sending the occasional message instead of using it as a broadcast platform.
The SMS issue was mainly a problem in the US where people used it for SMS and therefore never mattered since that communication was never secure. Those people probably never even cared for security since they, as you said even went out there and actually uninstalled an app. Something people seem to rarely do.
I use it for friends, family and colleagues. People now started asking me for it (or safe alternatives to Facebook Messenger) since Facebook started asking people to pay for non-targeted ads recently. They actually got people to think about the data they share with an outdated social network.
Yep, the whole point of Signal for me was the SMS component. I put up with the old-fashioned UI for that reason. Now it just looks and acts like a Telegram clone.
I have yet to find a replacement that both I like and other people use. Matrix and Session I have yet to find anyone using, telegram seems to be almost entirely bots in my area, and WhatsApp etc are owned by Meta.
I've converted all of my friends and family to using it. It's the "social media" for my world now. I'm probably an outlier for that, but it makes me happy!
For instance, 1.3$ million per year for storage??? Apparently, they have 40 million users, so 1 MB per user (seems reasonable for Signal) means 40TB. You can buy a 4TB SSD for $200, which means you need $2000 one-time for 1MB per user.
How they get from $2000 to 1.3$ million is a mystery.
As for SMS registration, if they are spending 6 million, maybe they should find some way of doing it for free, e.g. Google might be offering it with Firebase, Twitter used to have it, etc. It's not great for privacy, but if they care about that they should just stop using phone numbers.
Routing video calls through a server to obscure IP address seems totally pointless while you are revealing the phone number anyway. And again there might be a way to do this for free, e.g. perhaps using one of free WebRTC STUN/TURN servers that e.g. Google seems to run.
As for bandwidth, a very conservative estimate seems 100 MB per month for each of 40 million users, giving 4 PB per month (though I guess the real usage is 1/10 that at most). Hetzner charges $1/TB, so that gives $4000 per month or $40k per year, overestimated.
Again a mystery how they get from $40k per month to $2.7 million.
Maybe the problem is that they use AWS/GCP/Azure/etc.? They have to be real idiots to use them since everyone knows they are insanely overpriced and should never be used unless a large corporation or deep-pocketed investors are footing the bills or they is no other possible solution.
Perhaps they need to consider stopping dumping money down the drain before asking for donations.
Sorry, how does 1 mb per user seem reasonable? I’m sending tons of videos, documents and pictures, probably beyond a gigabyte daily. Just one video is like 40Mb. 1Mb assumption seems absurd
If I open an old chat, and press "play" on old video, and it's downloading before being played, where is it download from? Same for downloading a file.
I really, really, want to go into a bunch of detail on exactly why this calculation is so incredibly naive. More as a personal thought exercise than for internet fame (since this will be buried under a buried comment).
Maybe I'll find the time...
But, like everyone else is saying, putting things in a datacenter in a resilient way for a high profile, high bandwidth, multi-national app is not the same as buying some ssd, or even running a hetzner instance.
But the solution seems to be to have the desktop client request data from the phone.
In fact I'm not sure how it can possibly work otherwise (what if someone just uses their phone for years and then opens the desktop client for the first time ever? does that not show any old messages? seems a terrible design).
Yes if you open the desktop client after 30 days its de-linked and you lose all new messages. And yes its bad design and very annoying, but understandable given their storage limitations. Have a look at the links I posted.
Retrieving from the phone would be a better idea I agree.
Yes like paying 30$ for Tylenol in a hospital. You didn’t pay that much for the pill but for a nurse to enter that you need that into a schedule and then actually deliver it to you.
Photos are generally <1MB in size and I think have a single photo sent but not received on average per user seems reasonable (most users probably almost never use Signal, and of those that do probably most only use text, and those that use photos probably most don't send more than one or a few per day).
Videos are probably relatively rare and if not maybe they should do something about them, like not storing overly large ones them on servers and requiring both phones to be online to transfer.
There's a 500x margin between the estimate and their costs anyway.
> There's a 500x margin between the estimate and their costs anyway.
It's probably more than just storing it in s3. Given their list of
> Storage: $1.3 million dollars per year.
> Servers: $2.9 million dollars per year.
> Registration Fees: $6 million dollars per year.
> Total Bandwidth: $2.8 million dollars per year.
> Additional Services: $700,000 dollars per year.
"Storage" probably also includes the cost to host it on their databases or some queuing/redis etc...
Refreshing compared to the alternative that Wikipedia is showing, with the tantrum-like emails we receive from their CEO like "LAST REMINDER" or "We've had enough" ; which they ironically send to people who gave.