Aside from the salaries, which I agree are a problem, I think there are a lot of architectural issues that are both costly and not so secure.
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.
6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.
This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
I tended to agree with your sentiment. But the reality is that for some unknown reason to me, it's companies from SV the ones that get famous and used globally.
Why didn't this start from say Mexico? Or Singapore or Vietnam? Or at least Germany which has a good record of freedom conscious tech scene .
My bet is in something related to the "maslow pyramid": people in SV have so much money that have everything solved in their lives, so they have the luxury of spending their time in this sort of problems.
1. It's a network effect. If you're raised around doctors, go to school with prospective doctors, and your school gets many university recruits from a good doctor college, you will strive to be a doctor more likely than not. SV had a bunch of tech companies and falls into the same kind of environment.
2. It's probably a matter of Venture capitalists. Even if you aren't from SV, you may strive to go there to get funding for a pitch or find talent. Similar to your prospective actor that moves to Hollywood. Go where the crowds are.
Now, we can ponder why SV became a tech hub, but current market forces makes it ripe for tech startups.
Nonsense. Asking for donations as a millionaire (which is what these people are) is a bit awkward.
This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland. Bay area salaries are vastly inflated in terms of value for money.
There is lots of talent elsewhere of course. I live in Europe. Lots of smart people here. I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
And of course the elephant in the room here is that money is running out because this organization has a cost problem. Inflated salaries, insane cost for things that they should arguably get rid off (like the SMS bills), etc. That's a leadership problem. They aren't even getting value for money despite those salaries.
>I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
They are building a secure communicator that a normal person can reasonably use - and succeeding. Something nobody else before them managed to pull off. If this isn't rocket science I don't know what is. Not to mention that they pioneer cryptographic protocols in this area, which other messengers later use.
>This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland.
I'm also from Europe (and love it, despite its flaws) but this comes off like whining. If it's really so easy, maybe the smart people here should create their own Signal and reap that overinflated salaries, what do you think?
Or maybe smart people are not enough and you also need VCs, reasonable taxes, laws... Oh btw, did you hear about those plans of EU to get rid of E2E encryption?
Their #1 goal is not to be the most private solution. Their goal is to make day-to-day communications of most people difficult to surveil.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
Outsourcing identity to operators just moves the problem. And it adds a lot of privacy and security concerns. Besides, other platforms manage just fine without phone number based authentication (which is what this is).
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
The reason I don’t use signal much is this link to a phone number.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
Why does an organization with about 50 employees need 4 C-level executives, totalling about 2M compensation per year? Or perhaps it's 7 C-level executives (3 hiding under the "Software developer" title) totalling about 3,7M compensation per year?
I'm absolutely not donating money to such a thing without an answer to this question. As a counterpoint, I am a member of a local (Finnish) non-profit organization, one of whose many services is Matrix. This costs me 40 euros per year and none of that money goes to C-level executives.
I find this hypocritical. C executives of tech orgs with world class products often have eight figures compensation -- if not from salary then from stock options. I do not see any excess here. You need to pay to compete.
> I do not see any excess here. You need to pay to compete.
What you mean with pay to compete? The goal of Signal to exist is to offer a privacy oriented chat app. Non-profit companies serve a propose, and people not aligned with that, shouldn't be working there in the first place. If you join a non-profit to make money, you are doing it wrong.
So all the programmers who work there should live on thin air? I agree that ideally the management should not be there for profit, but come on, the salaries are not even that crazy. I suspect FAANG key employees in that area easily earn multiples of that.
That line of thought is exactly why FAAMG companies tried to lower salaries for CoL when they opened up to more remote roles. I don't know if thst was fair, but it wasn't something appreciated by many engineers during the pandemic.
It's also how and why long ago they tried to outsource a lot of engineering. They still do try. But that's not an easy transition either.
What is the problem of managers of a non-profit company earning around 700k/year and the company is writing blog posts complaining that the the company operation is too expensive? I think if you read it aloud, you will understand it.
When the numbers total $50m in operations and the CEO is making about as much as a principal Google engineer: no, I don't see the issue. Even if he made $0 the issue remains given that every part of the server operation costs more than him.
But sure. What do you think is a fair salary or totalccomp for a founder and CEO of a popular, privacy focused app?
> CEO is making about as much as a principal Google engineer
From a company living from donations... It is illusion (probably a California thing), to think that you are going to compete salary wise with FAANG. The time will tell (well their complaining about money, is already hinting it)...
But they aren't. A principal engineer is not a CEO but probably makes more at top companies.
I don't even work at a FAANG and I was making almost as much as the director there who lists 200k or so total comp. Probably with 20 years less experience to boot. I don't live in SF either; High CoL area but not SF.
That's why I asked you what's a "reasonable" salary. I'm wondering what your POV here is in terms of compensation.
Signal is competing with for profit companies for talented engineers and their talented leaders. You can't just cobble together something "good enough", this thing must be airtight given some of the dangerous situations it is used in.
And you get a world-class service that a lot of people can use for free and keeps their communication private in return. I'll happily keep donating for that.
I'm sure there are some costs that they could theoretically cut without consequence. Because the same holds for any other product I buy.
Indeed, I’m blown away these numbers are so low. I know multiple senior software engineers at FAANG companies who make more than the software engineers on that list, and they contribute roughly nothing to society. I have zero qualms with Signal executives and employees being paid at that level.
Absolutely. A former student of mine worked for a non profit in Afghanistan (his home country) for a few years. Said non profit was flying in McKinsey consultants for very short gigs at six figures (USD).
Same can be said about many LGBT non profits that have shifted their goals in the developed world on the "T" part of the acronym. On countries where marriage equality is a given, no one is going to fund an NGO focused on gay marriage... so they need a new cause to fight for.
How is it transphobic to say organizations focused on LGBTQ shifted their alignment for the one part that isn't widely accepted in developed because others for the most part are?
Its a transphobic conspiracy theory to say, as moravak1984 explicitly did upthread, that they did it for money not because its an actual real issue where they perceive an injustice, whereas the issues where they've already won, and thus are shifting some attention from, are not, or less so, specifically because they have succeeded in shifting the situation on the ground.
Why is it transphobic? Is it not possible for an organization to do something for money? I am not accusing any particular organization of doing so, but it absolutely should be a legitimate concern/question.
In fact, I would consider it transphobic to not call out organizations with ulterior motives.
The reply to my suspicion from the same person was so transphobic it got removed. I can smell these people from a mile away. Fragments of it survive in https://news.ycombinator.com/item?id=38301956
> safeguarding of children against mutilation and sterilisation,
I am so, so tired.
None of that happens.
GnRH analogues are commonly used in gender affirming care, these are reversible.
Surgery is not done on minors.
> the protection of women's single-sex spaces,
Predatory men have absolutely no problems finding opportunities to predate on women. This made up crap need not happen.
You are parroting sound bites on issues you have no understanding of. For the sake of humanity, literally, please stop and start reading. You are on a very dark path.
There have been cases of minors getting genital surgery too. For example Susie Green, who used to run the Mermaids charity, is infamous for taking her child to Thailand on his 16th birthday for penis inversion surgery.
> Predatory men have absolutely no problems finding opportunities to predate on women.
Exactly, any male who disregards women's boundaries and imposes himself on a female-only space is exhibiting predatory behaviour by ignoring the lack of consent. Those males who call themselves women are no exception to this.
> Trans women are not males who call themselves women, though.
They are male, by definition. If they were female then they would actually be women, rather than men trying to mimic women - which is the reality of 'trans existence' for these males.
They really have no business imposing themselves in female-only spaces. Rejecting this form of male entitlement and keeping them excluded from these spaces that are not for them isn't 'genocide' by any means. That is sheer hyperbole.
> However, sterilization (aka genital surgery) still is not a thing.
Genital surgery for minors is rarer but it actually a thing that happens. For example, reality television victim Jazz Jennings was sterilised at 17 years old.
Idk man, I think this shit should be between the trans person and their doctor. We already pierce the ears and rip the foreskin off babies, and minors can get boob jobs and nose jobs already. Minors get all manner of drugs prescribed. If a doctor thinks some treatment is appropriate for a kid, okay. If it turns out to be medical malpractice we have the court system for that.
Also, I disagree that men in women’s bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper. Also, the bathroom thing is super weird, like how are you gonna enforce this in a non imposing, non disregarding of boundary way? Already butch women experience harassment for not performing femininity, and there’s news articles where nosy weirdos harass them in bathrooms…
> Also, I disagree that men in women's bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper.
I don't agree with you on this, in almost all circumstances they should be using the bathroom appropriate for the sex of the adult, which in this case is the male one. If there genuinely is no baby changing facility available that isn't in the ladies' bathroom then for the welfare of the child an exception can be made, but the father needs to check with the women using this space first.
This scenario is very different to the males who feel entitled to use women's spaces whenever they please and for their own satisfaction, rather than to provide for their child as in your example.
> Also, the bathroom thing is super weird, like how are you gonna enforce this in a non imposing, non disregarding of boundary way?
All that's really being asked for is for males to understand that female spaces are not theirs, to voluntarily refrain from entering, and to acknowledge that women have the right to have violators expelled.
The problem is that far too many males truly cannot conceive of the idea of simply respecting the space and boundaries of women. It literally doesn't cross their minds, so they immediately jump to whether or not women can forcibly stop them. The belief seems to be that if a woman cannot enforce this, they may take anything they like from her with impunity.
Perhaps that's not the connotation you intended, at least not consciously, when you wrote 'how are you gonna enforce this'. But I believe this form of male entitlement is what this implies, even with the best of intentions.
“How are you gonna enforce this when it primarily harasses the women you claim to protect” isn’t a male claim. Way more women who never experienced male puberty and don’t have/never had a cock and balls are sexually harassed about this shit than trans ever are, just because there’s probably 100x more short-haired small-titty chicks than trans women.
Also, frankly banning fathers from protecting their daughters in bathrooms and changing their diapers is discriminatory. There’s nothing predatory about a dad changing his infants diaper and it’s utterly disgusting to portray it as such. This is precisely the gender discrimination we should be fighting against as a civilized society. Women aren’t fragile creatures who cannot see context and understand what is and isn’t a threat to them, and men aren’t inherently dangerous for not even interacting with women just being attentive fathers! This is so insulting to both sexes, I can’t even.
Like I said in my last comment, if you're thinking about female-only spaces only in terms of how women can forcibly stop men from entering, then you're looking at this from the perspective of male entitlement instead of focusing on women's needs. How about instead, the males just respect women's spaces, and stop trying to convert every female-only space into a mixed-sex space? Every time a so-called "trans woman" disrespects the space and boundaries of women for his own selfish pleasures, he's adding to this problem. It really shows how little these men actually understand and empathise with women, when they're exhibiting this dominance behaviour.
Also, some female-only spaces can be and are enforced by authorities with the resources to do so, for example prisons. It is well understood by most people that prisons need to be separated by sex for the safety and dignity of female inmates. The problem is that in some places, women's prisons have been incarcerating men who say they have a "female gender identity" in there too. There have been numerous cases of these men raping, sexually assaulting and even impregnating the women they have been imprisoned with. It is appalling and shows exactly why women need single-sex spaces away from these predators.
> Also, frankly banning fathers from protecting their daughters in bathrooms and changing their diapers is discriminatory. There's nothing predatory about a dad changing his infants diaper and it's utterly disgusting to portray it as such. This is precisely the gender discrimination we should be fighting against as a civilized society.
No, what is needed in this case are baby changing facilities in male and gender-neutral spaces. Not carte blanche access to female-only spaces by men.
Also please actually read my comments before responding. In no way did I say or even imply that a father changing his child's nappy is predatory. I believe it's a good thing when fathers are more involved in child care than is traditionally the case. You are railing against an argument you invented inside your own mind.
Nah you said Carte Blanche anyone male in such a space is predatory, including dad changing diapers and trans women peeing not talking to anyone. You’re also still not addressing the fundamental fact that women who have never experienced male puberty experience far, far more abuse by other nosey weirdos trying to get into their genitalia just because they don’t perform the sort of femininity demanded to enforce who gets to take a piss in the McDonald’s.
> Exactly, any male who disregards women's boundaries and imposes himself on a female-only space is exhibiting predatory behaviour by ignoring the lack of consent. Those males who call themselves women are no exception to this.
Then it was you who brought up this unlikely scenario:
> I disagree that men in women's bathrooms is inherently predatory. Frankly, this discriminates against fathers of young children because often one has to bring a daughter into the bathroom or change their infants diaper.
To which I replied with the following, consistent with my earlier comment in that the father needs to ensure that if such a rare and urgent scenario should arise, he receives consent from the women present and to ensure he isn't disregarding boundaries and imposing himself:
> I don't agree with you on this, in almost all circumstances they should be using the bathroom appropriate for the sex of the adult, which in this case is the male one. If there genuinely is no baby changing facility available that isn't in the ladies' bathroom then for the welfare of the child an exception can be made, but the father needs to check with the women using this space first.
> This scenario is very different to the males who feel entitled to use women's spaces whenever they please and for their own satisfaction, rather than to provide for their child as in your example.
Of course the best option is that baby changing facilities are provided in unisex or male-only spaces too, which is often the case these days.
As for this part of your comment:
> You're also still not addressing the fundamental fact that women who have never experienced male puberty experience far, far more abuse by other nosey weirdos trying to get into their genitalia just because they don't perform the sort of femininity demanded to enforce who gets to take a piss in the McDonald's.
Firstly, there are no women who have experienced male puberty. The people who experience male puberty are boys and then men.
Secondly, this isn't a "fundamental fact", it's something you're claiming because you want to try to justify the invasion of women's spaces by men who pretend to be women.
Thirdly, I see you're still narrowly focusing on bathrooms and are ignoring the growing problem of these men demanding and gaining access to other spaces that were female-only up until their incursion. Any comment on, as I discussed above, that in some jurisdictions these men are being incarcerated in the female prison estate, and how harmful this has been for women prisoners?
Profit or non-profit is not about paying market rates. Even non-profits have to pay reasonably competitive salaries to attract and retain good employees.
> 501(c)(3) tax-exemptions apply to entities that are organized and operated exclusively for religious, charitable, scientific, literary or educational purposes, for testing for public safety, to foster national or international amateur sports competition, or for the prevention of cruelty to children or animals.
Signal foundation is a non-profit 501(c)(3). It is literally and legally a charity.
Charities aren't charities in the colloquial sense of the word. It's not a truly altruistic collaboration of volunteers giving their time to help a cause.
Non-profit simply means that every bit of revenue made goes back into the company instead of given out to shareholders. Which includes paying your labor.
It being a non-profit is exactly why we can view the operating expenses and salaries of the public facing executives. For accountability.
They don't break out salaries specifically, but personnel costs are in this paragraph:
> To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
From the same link, it seems like his compensation was much higher in all the preceding years. Not sure what changed this year, but I agree it's a bit refreshing to see. Especially since he's probably made good money throughout his career
I think the lower 2022 numbers reported for Moxie Marlinspike reflect that he was only involved as CEO until February 2022, so $80k would make sense as ~2 months of salary before Meredith Whittaker stepped up to the role.
Salaries:
Pretty abusive salaries for a non profit but that seems to be pretty much the standard nowadays, right?
Bandwidth:
I took at quick look and see that chat.signal.org resolves to AWS. If they are paying AWS for a lot of bandwidth, that is very expensive. Let's take a quick look:
They say they use 20PB per year of bandwidth for voice calls alone, this costs them $1.7M a year.
According to AWS pricing for great customers (suckers) of over 150TB per month, the cost per GB goes waaaay down to $0.05, yay. 1.6PB per month is 1600000GBs, that's $80K a month and therefore $960K a year.
Very roughly, a 10Gbp/s link to the Internet, from a Tier-1 provider will be around $800 (eight hundred dollars, you're reading this right) a month in a low-bandwidth-cost country like the US, possibly double that in say Asia.
A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
So we have ~$10K a year (negotiable) for 36PB which is double their bandwidth needs but let's not forget that AWS graciously (geniously) charges for egess only, this means that their actual bandwidth needs are 40PB per year for whatever they are reporting. So we have $10K for 36PB a year vs $960K a year for 20PB (actually 40PB) of bandwidth from dear Amazon.
1. Not sure why they are saying the cost is $1.7M per year.
2. Even at 960K it's daylight robbery.
3. AWS makes an absolute killing on bandwidth costs. Best. Business. Model. Ever.
4. Don't these guys have a Devops pro at $300K+ a year? weird :)
Servers:
I won't get into the numbers here as that's a lot more involved, and impossible without more data, but buying and maintaining your own infra, or possibly easier, renting it, would still be quite a lot cheaper than using AWS.
Takeaways:
- Storage is something you should buy and maintain (Thanks B!), you swap out old/dying storage devices. See Backblaze.
- Bandwidth, compute and storage costs at your favorite CSP are absolutely f'ing *outrageous*
- If you care about your money, your bottom line, do things differently than the *insane* mainstream way of clickity-click on some UIs to provision services without understanding what's really happening under the hood (not saying Signal doesn't understand that part, I'm sure they do), or caring about the added costs of whatever gets so easily "added" to your "infrastructure".
- By having your stuff on a CSP you don't even have "infrastructure", but that's juts me.
Anyway, I do love Signal, what they do and what they represent. Keep up the good work.
Signal, mail me at m aaaat zynk.it if you'd like to talk.
> A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
I understand this is napkin math, but shouldn't we consider that the load isn't evenly distributed? - in which case 50% average utilization seems extremely high
Compensation Key Employees and Officers Base Related Other
Jim O'leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104
Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0