You have to appreciate the complete transparency, gently nudging towards giving without ever begging for it.
Refreshing compared to the alternative that Wikipedia is showing, with the tantrum-like emails we receive from their CEO like "LAST REMINDER" or "We've had enough" ; which they ironically send to people who gave.
Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
I would much prefer the Wikipedia endowment model of non-profit orgs. They have a standard operating procedure with a predictable budget, and endowment that let's them run indefinitely, and we just have to suffer through pledge drives. I just block them with ublock filters. I gave them 6 dollars back in 2012, and according to their marketing that is enough for life.
No. They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.
More broadly, I don't have to excuse bad behavior just because somebody's making money off it or because it makes some too-narrow metric go up. Yes, it's a complex and imperfect world. But to me that's a reason to work harder to make things better, not a reason for people to say, "fuck it" and make the world worse.
> Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
It's still shitty, even if it's a shitty "standard practice" and not a shitty thing being done to me particularly.
Honestly, it seems like Wikipedia's goodwill is seen as an exploitable resource, that people in Wikimedia are using to do other, unnecessary things (probably building little personal fiefdoms).
Sort of like Mozilla, actually. IIRC, they literally won't let you give them money to fund Firefox development, and any donations you give them go to fiefdoms almost certainty entirely unrelated to why you gave them money.
I donated to the Southern Poverty Law Center a few years ago. A physical address was a required field on the donation form. I have never stopped regretting it, because GODDAMN! They started hammering me with physical mail asking for more money immediately and have not stopped.
In case you're still giving money to them, perhaps consider not donating to an organization that marks people as bigots for speaking against religious extremism.
edit They do do a lot of good work in marking actual hate groups though, so I suppose it's a net positive still even if they miss a few strikes.
Just curious why you used an address that's associated with you. Choosing the address of a place like a park, which is a real address that has no mailbox or direct association with you, ought to be the default if you don't want to be spammed to hell and back.
Apologies in advance as I may be saying contrary to the sentiments here against Wikipedia fund raising. I also get the same emails and the banners. I diligently donate what I can. I don’t know where my funds will go. But what I do know is that I use that website practically twenty times a day and get something of value.
Wikipedia is particularly insulting because they make enough money to cover the actual costs of running Wikipedia (the site) in days if not hours, and could operate for years without any additional donations: https://news.ycombinator.com/item?id=32840097
Seems almost mundane, as if they’re running a very effective foundation that’s actively achieving their goals. See the recent Cambridge study that explored how their governance has been effective at promoting moderate discourse while suppressing misinformation and hateful content: https://www.cambridge.org/core/journals/american-political-s...
I'm a lifetime member of my university's alumni association. This means I routinely get physical mail with headlines like, "YOUR OFFER INSIDE," and then the "offer" is to give them more money.
There was a comic I've never been able to find about wikipedia asking for money, it basically had them being that one crazy dude yelling at you to donate, and getting worse as time passed and you tried to ignore them. Then it showed a raw screenshot of wikipedias nag screen. Unsure who drew it or where it went, but I regret not archiving it, because it conveys what it feels like every time. I just don't want to donate if I have 0 control of where my money goes. If it's straight to paying the bill for the infrastructure, then sure.
Aside from the salaries, which I agree are a problem, I think there are a lot of architectural issues that are both costly and not so secure.
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.
6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.
This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
Their #1 goal is not to be the most private solution. Their goal is to make day-to-day communications of most people difficult to surveil.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
The reason I don’t use signal much is this link to a phone number.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
Why does an organization with about 50 employees need 4 C-level executives, totalling about 2M compensation per year? Or perhaps it's 7 C-level executives (3 hiding under the "Software developer" title) totalling about 3,7M compensation per year?
I'm absolutely not donating money to such a thing without an answer to this question. As a counterpoint, I am a member of a local (Finnish) non-profit organization, one of whose many services is Matrix. This costs me 40 euros per year and none of that money goes to C-level executives.
I find this hypocritical. C executives of tech orgs with world class products often have eight figures compensation -- if not from salary then from stock options. I do not see any excess here. You need to pay to compete.
They don't break out salaries specifically, but personnel costs are in this paragraph:
> To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
From the same link, it seems like his compensation was much higher in all the preceding years. Not sure what changed this year, but I agree it's a bit refreshing to see. Especially since he's probably made good money throughout his career
Salaries:
Pretty abusive salaries for a non profit but that seems to be pretty much the standard nowadays, right?
Bandwidth:
I took at quick look and see that chat.signal.org resolves to AWS. If they are paying AWS for a lot of bandwidth, that is very expensive. Let's take a quick look:
They say they use 20PB per year of bandwidth for voice calls alone, this costs them $1.7M a year.
According to AWS pricing for great customers (suckers) of over 150TB per month, the cost per GB goes waaaay down to $0.05, yay. 1.6PB per month is 1600000GBs, that's $80K a month and therefore $960K a year.
Very roughly, a 10Gbp/s link to the Internet, from a Tier-1 provider will be around $800 (eight hundred dollars, you're reading this right) a month in a low-bandwidth-cost country like the US, possibly double that in say Asia.
A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
So we have ~$10K a year (negotiable) for 36PB which is double their bandwidth needs but let's not forget that AWS graciously (geniously) charges for egess only, this means that their actual bandwidth needs are 40PB per year for whatever they are reporting. So we have $10K for 36PB a year vs $960K a year for 20PB (actually 40PB) of bandwidth from dear Amazon.
1. Not sure why they are saying the cost is $1.7M per year.
2. Even at 960K it's daylight robbery.
3. AWS makes an absolute killing on bandwidth costs. Best. Business. Model. Ever.
4. Don't these guys have a Devops pro at $300K+ a year? weird :)
Servers:
I won't get into the numbers here as that's a lot more involved, and impossible without more data, but buying and maintaining your own infra, or possibly easier, renting it, would still be quite a lot cheaper than using AWS.
Takeaways:
- Storage is something you should buy and maintain (Thanks B!), you swap out old/dying storage devices. See Backblaze.
- Bandwidth, compute and storage costs at your favorite CSP are absolutely f'ing *outrageous*
- If you care about your money, your bottom line, do things differently than the *insane* mainstream way of clickity-click on some UIs to provision services without understanding what's really happening under the hood (not saying Signal doesn't understand that part, I'm sure they do), or caring about the added costs of whatever gets so easily "added" to your "infrastructure".
- By having your stuff on a CSP you don't even have "infrastructure", but that's juts me.
Anyway, I do love Signal, what they do and what they represent. Keep up the good work.
Signal, mail me at m aaaat zynk.it if you'd like to talk.
> A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
I understand this is napkin math, but shouldn't we consider that the load isn't evenly distributed? - in which case 50% average utilization seems extremely high
> I’ve got a recurring donation of $5/mo I set up ages ago
Thanks for that, I did a one off 300 euro donation back in '21 during the bubble market; Meredith has been doing the rounds [0] and she hits on lots of good points, and even went to the UK over their now failed bill during the Summer.
I had an old Apple Store & iTunes gift card laying around so I redeemed it and attempted to use it to donate via Apple Pay, but get "Apple Account - Not enabled for in app payments". Google isn't very helpful about exactly why. Am I missing some KYC somewhere or are payments of this type prohibited from "Apple Account" balances?
I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
Most people using Signal - and particularly most people likely to donate - are not using it to hide their identities, but to decrease the chance of unknown parties reading their conversations. My Signal account has my full name on it, and checking my top contacts, most of them do too (some only have their first name).
> I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
Your payment info is not connected to your account.
There doesn't seem to be a way to pay annually, which I'd prefer to a monthly payment. £5/month is just a little high, but I'd merrily pay half that or £30/year.
There are two forms at https://signal.org/donate/, the second one lets you set a yearly donation at a custom amount (and both forms a monthly donation at a custom amount).
Seriously consider setting up a recurring donation if you prefer Signal. They have delivered consistently over the years. I set the $20/month back when they introduced the option.
I'm curious what the breakdown of donations is. I only have 1 contact with a $10/month and 1 with a $5/month badge. Of course there could be others not displaying the badge. Signal really needs 500,000 people giving $20/month and plus the rich guys giving some millions on top of that to be in a safe financial position.
Maybe something that could be done to encourage donations is have the client estimate how much raw infra costs your usage created and display in the donation screen.
20/month for every chat service I use is very steep. I'd be spending more on chat services than on mobile data + unlimited calling + landline + DSL + streaming services combined!
They actual costs are apparently about 1 USD per year per user. I usually at least double (usually more) my incurred cost when the donation is optional, to cover for those who can't or won't pay, but paying 240× the cost price seems wasteful as well when there are other nonprofits that can do more good with every dollar you give them (be it solving poverty, climate change, whatever you find valuable) rather than one which has mostly fixed fees
I'm not suggesting every chat service get donations. I'm only giving to Signal, the rest of the chat services I have to use get 0.
I'm donating more than my costs deliberately because I fully understand that most users are not going to contribute money, full stop. I need those users though, because they are the people I want to privately communicate with. So the obvious thing to do is pay for as many other users as I can. If there's 50M monthly active users, and if 1% of them are like me and highly value Signal, then each of us 1% users can pay $20/month and cover the entire operation. Then the contributions of the super rich donors can be saved to rebuild the war chest.
$20/month is nothing to me considering the value I get. I understand that most won't feel that way, which is why I'm only appealing to those who do feel as I do to just get that recurring donation going now.
I fail to understand the point of supporting an organization that is completely against self-sovereignty like Signal is. Why would I want to pay someone to develop something that traps me into their platform and does not offer a way out?
Great, you go ahead and get all your friends in family using Matrix. I'll join you there when all that is sorted out and it's practical to get my lawyers and doctors and accountants and friends and family onboard. Until then, we'll keep using Signal.
Given how many activists have used it in overthrowing dictatorial governments, self-sovereignty seems an odd choice of words to claim it doesn’t support.
bro, you're working for one of chat programs, yes? never heard of communick before. won't ever use it. if people ask me about it, i will show them how a person related to communick behaves in public.
I almost skipped reading into this article because I love Signal and it's mission (and their rare commitment to stick to it) and would have known it's good. Yet, the details on expenses and infrastructure was a good read. $1.3M/yr for temporary storage! $6M for verification codes during sign-up!? Toll fraud!? GOOG & FB data center spend, data breaches from GOOG, MSFT, et. al 50 full-time employees vs 3K or 4K for similar apps! All interesting.
The link about the Google "data breach" appears to be about some tax companies being sued for using Google Analytics tracking pixels. Calling this a data breach may be a bit of a stretch.
Thanks. I hadn't dug into that link, but I did based on your comment. It is a Congressional investigation that is rooted on a report from The Markup [1] that, as you note isn't about an accidental breach by Google, but one where multiple companies send extensive PII to Google about site visitors. While not necessarily a "breach", I think this lead of personal data plays to Signal article's point though. The Markup article's git repo with HAR files of what was sent to Google was convincing.[2]
I have held off donating to signal so far exactly because there is no clarity around this token, why it was even added to signal and who profited from that.
It's hard to take this fundraising plea seriously when this financial disaster is never even mentioned. I hope I've just missed whatever Signal has done to try to repair trust after the, but the fact that they haven't even removed it from the app is not promising. Can anyone share updates?
Yeah how can I trust the security of an app which is engaging in potential financial fraud. Like ffs, if your whole thing is trust and principles, don't start fucking around with things for personal financial gain.
Probably not much at all. Thankfully they didn't shove it down user's throats - its kinda hidden behind a setting.
I guess if they did push it harder to users it may have generated more revenue, at the cost of users who won't put up with cryptocurrency rubbish.
Signal had 40 million active users in 2021 [1]. With 14 million in infra cost, that comes to .35 per user/year. Total expenses are about 33 million, so about .825 per user/year. All in all that seems very reasonable.
Mastodon org + Mastodon.social also have costs of 0.6 EUR/year, though they have two orders of magnitude less users [1]. This is really what most social media costs. These rates are even payable by many in poorer countries.
With how much Mastodon.social tends to fall over when Twitter does something stupid (again), their rates are probably a bit too low for a more robust service like Signal.
Signal also intentionally doesn't store too much data, long term data costs will slowly grow over the years. I imagine for a bigger platform, costs can grow to multiples of the rates for Signal and smaller Mastodon servers.
€10 per year should be more than enough for most users, though, and it should be quite affordable for most countries.
Yeah, the issue is more that there is substantial friction in paying any amount of money, especially in poorer countries with no access to e.g. banking or payment cards. I'm sure no one here, and few people even in comparatively poorer countries, would object if Signal/their messenger of choice cost 0.60$ per year to use. The problem is that making the service have a ~1$/yr price tag (as WhatsApp once had) is itself a barrier to a huge portion of the target audience.
It’s beginning to sound like the 1 EUR/year that at some point WhatsApp wanted to charge and it seemed reasonable to me at the time. Signal is even better and even more so justified.
They used to "require" a subscription of 1$/year but it was not enforced. If you missed the deadline, nothing happened. It was basically the WinRAR model but for an online service.
This is kind of the number I was looking for -- "Cover your own costs: $1/year. Cover yourself and five other people: $5/year." I feel like something pointing out that the costs are around $1/year on signing up, maybe with a reminder once a year, would get most people self-funding pretty quickly.
If you pay Signal $1/year, they'll realistically see about 60-70 cents of that – and that's only considering payment processor fees.
Now add the cost of providing support (it's a paid product now!), payment handling on their end (in a privacy-preserving way, which excludes most common payment methods), and top it off with the immense damage to the network effect by excluding all the users that can't or simply don't want to pay $1/year...
I'd pay substantially more for Signal if I could bot accounts.
I'd like a signal daemon on all my servers for alerting which could message me via Signal. This is worth a monthly fee to me.
I know people running small businesses who would really like to have a business Signal account: an ability to send Signal messages as a business identity without tying it to some specific phone number. This would be worth a subscription even if they had to get their customers to install Signal.
Signal need to figure out what product they sell that's going to fund the privacy objective: because there's plenty and they're worth having.
I'd pay much more than $2 if they offered account identifiers other than phone numbers. Trying to get a burner SIM or DID while still staying anonymous is getting increasingly difficult.
But I think it's pretty clear by now that this is a feature for FVEY IC, not a bug. FFS, they burned development resources on stickers, but abjectly refuse to offer alternative account identifiers. The standard apologist response is, "but phone numbers make adoption easier". Sure, but nobody is asking to replace the identifiers, or even to make them nondefault. We're just asking for the option. It could be hidden behind a developer mode for all I care, but it should be there.
The fact that they abjectly refuse to do it is enough to tell you about what their true motivations likely are.
I'm paying what works out to about 15 cents per "booking" in my app due to API fees. Maybe more,.. and I'm just now realizing we'll probably be losing money if people used their accounts to their limits. Like 500 bookings would cost me at least $75 but we charge about 50.
Anyway $1/year is great
Sure, but privacy isn't black or white. A donation to signal does not compromise the content of your messaging.
So what you've leaked is the information that you have an interest in private conversations. This might be a problem in some countries, but I think it's fair to ask folks in affluent countries with working (sorta) democracies to shoulder that burden. I.e. you don't donate if there's elevated threat to your safety, there are enough people who aren't under elevated threat.
There's also the possibility of using a donation mixer like Silent Donor, though I'd evaluate that very carefully. (There's a record of the transfer in, and the mixer needs to keep temporary records for transferring out. There's also the question how you verify the mixer doesn't skim.)
Some donation mixers accept crypto currency, so for maximum paranoia, I suppose crypto->crypto mixer->donation mixer->charity might be workable. Or hand cash to a friend who donates in your stead.
As always, the best path is to set aside paranoia and build a threat model instead to see what the actual risks are.
They take checks by mail. You definitely can do a cashier's check and I'm sure they'd take the "cash in an envelope" method that places like Mullvad do too. Looks like they also support crypto, and that includes Zcash. So I don't think this is a great excuse. The only "can't easily donate" aspect is going to also be tied with the "can't easily get a cashier's check or find an anonymous person to sell me bitcoin for cash" kinda issues, and when you're operating at that level I'm not sure anything is "easy." (but that's not that hard usually)
There are clever ways around that. I use posteo as my mailprovider. They have a system where you can pay anonymously: https://posteo.de/en/site/payment
Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
> Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.
Previous Twitter employees have said that this is incorrect. Because Twitter began as an SMS-only (and then SMS-first) application (remember 40404?), they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets. Twitter still has to maintain that infrastructure, because they didn't get rid of SMS 2FA - they just restricted it to Twitter Blue users, so the overhead is still the same.
Almost nobody else who delivers SMS today has that infrastructure, because it doesn't make sense for most services to build.
The only place where Twitter was paying significant amounts for SMS was due to SMS pump schemes, which is a consequence of Twitter gutting its anti-spam detection, resulting in them paying for SMS pumping which was previously blocked.
... legacy telecom operators have realized that SMS messages are now used primarily for app registration and two-factor authentication in many places, as people switch to calling and texting services that rely on network data. In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
...
These costs vary dramatically from month to month, and the rates that we pay are sometimes inflated due to “toll fraud”—a practice where some network operators split revenue with fraudulent actors to drive increased volumes of SMS and calling traffic on their network. The telephony providers that apps like Signal rely on to send verification codes during the registration process still charge their own customers for this make-believe traffic, which can increase registration costs in ways that are often unpredictable.
SMS has become a kind of real-world PoW (proof of work) mechanism. A phone number typically has a recurring fee to keep it working. So a live number indicates that someone is spending money (a proxy for effort) to maintain it.*
It still seems like a lot of money to spend on simple, old technology, but from the PoW perspective, making it cheaper would defeat its purpose.
*Which is why many sites reject Google Voice numbers, for example, for SMS verification.
> In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
There's nothing that requires tech companies to use SMS for registration or for 2FA. The normal way to do it is by email, which continues to be free. For Signal, there is no need to do 2FA registration at all.
Signal is ideologically committed to publicizing your phone number, and apparently they'd rather pay $6 million to hold to their commitment than just... not do that.
SMS rates are absolutely bonkers considering the technical way they're transmitted. The US is an outlier in SMS rates actually being reasonable (usually unlimited or close to) for consumers - but for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
> for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.
It's not a good solution to either problem, but it's slightly better than nothing (which apparently makes it good enough for many), so I suspect we're stuck with it for now.
> That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
iMessage is not SMS, though. It just uses phone numbers as identifiers, but so do many other popular over-the-top messengers, including the most popular one globally.
Personally, I prefer it over downloading yet another client, dealing with additional credentials, wondering about who can access my messages, and so on and so forth…
And all that just to message the handful of people that I know who use <popular in other country third party app>.
I think I understand your comment, since iMessage isn't SMS, but defaults to SMS for those not using it.
There are opensource self hosted solutions like BlueBubble that allow reasonably secure communication through iMessage to the other chat platforms on desktop/Android etc. I have zero affiliation, but I know others who happily use it. There are also less secure and paid solutions I can't speak to.
For the purpose of 2FA and account registration let’s view it as a tax for fraud prevention, where the real value in SMS is in verifying someone’s identity rather than transmitting messages
Just because consumers get unlimited SMS doesn’t mean businesses get that. The telcos are ruthless about extracting their pound of flesh at business rates.
Phone numbers have become the de facto version of "Internet stamps" for identity verification.
They are near-ubiquitous on a per-user level, but hard to accumulate without significant cost. (Unlike email addresses.)
But the down side is that phone verification tends to be on a per-service level. So, for instance, Signal incurs these costs when they verify their users, and every other service incurs these same costs when they verify _their_ users.
There are a number of businesses out there that are trying to act as clearinghouses, where they verify the users once, then allow the users' verified profiles to be confirmed by multiple services.
I wonder if any of those could be used to reduce these "registration" costs.
I really wonder why it’s so expensive to run. I always hear things about scaling but I used to run a top 500 alexia website and it was just a php app running on a mutualized offer for $5/month. Lots of manual caching though but still.
My wild guess is that either the stack is not really optimal (last I heard it was java) or they do other costly things at scale (sgx?)
You can't send an sms yourself like you can an email. Instead of setting up a server, you have to work with a telco provider (an aggregator specifically). Any SMS service eventually hands off to one of these. Many SaaS SMS providers are just frontends for legacy telco services. They charge insane fees because they can, that is all there is to it.
Sending mass email is still difficult. Its probably easier to pay a provider than set up and establish reputation for yourself. But they don't charge near the rates. Last time I compared rates it was something like 10x-100x to send an sms compared to an email, but it has been a while.
It seems like Session relies on Oxen's network, so while there is no inherent coin it is blockchain backed.
> Session’s onion routing system, known as onion requests, uses Oxen‘s network of Oxen Service Nodes, which also power the $OXEN cryptocurrency. Check out Oxen.io to find more information on the tech behind Session’s onion routing.
I think simpleX[0] is a better choice at this point with all the recent issues around oxen: not coupled to any crypto, no user ids, can host your own servers if need be, etc
> we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure
Moving off cloud services to lower-cost provider like Hetzner, Vultr and DigitalOcean might provide a lot of cost savings.
I also imagine they're using managed SMS services from one of these clouds, and moving off them to a combination of local SMS gateways in each country can also further reduce costs (and in one case I've personally observed, by upto two orders of magnitude). This obviously pushes a lot of complexity on Signal's side, but is usually worth it.
Just wondering, are they relying on these big name cloud providers (AWS/Azure/GCP), known for predative traffic and storage pricing? Have they considered cheaper providers such as Backblaze B2 for storage and Hetzner/OVH for servers? The fees for storage, server and bandwidth could be cut by 80% if they did that.
Signal actually jumps through quite a few hoops in order to let you and your contacts are on Signal without Signal actually having access to a copy of your whole address book. It's even mentioned in TFA.
I do agree about being linked to your phone number - doing it that way means not considering a lot of people's valid threat models. They are working on moving to usernames, though. It's in beta now.
They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.
Why is the security a joke? The data is e2e encrypted, and isn't related to a phone number in any way after registration. Do you know of a better way of combining privacy and anti-abuse measures? If you don't offload identity checks to telecom providers during registration some bad actor will immediately create a million accounts and send millions of spam messages and destroy the slim chance of this type of app to exist for free.
I wish their justification for dropping SMS capability from their Android app to move away from phone numbers was a little more transparent about the obvious cost aspect rather than solely sticking to the patronizing "we're saving insecure messaging users from themselves" messaging they had. I found it pretty obnoxious. I think people generally get "valuable nonprofit + huge expense = not-sustainable = bad."
> their justification for dropping SMS capability from their Android app ... was a little more transparent about the obvious cost aspect
I'm not following. Signal gets stung for the registration SMS costs because they send the SMS to the user. They don't pay when one user sends an SMS to another user. If you send an SMS, you're the one who pays.
(I didn't realise they were moving away from phone numbers. Don't they they stay mandatory when PNP comes along?)
When you control access to the customer you can charge people a lot. Just like Apple can take 30% primarily because they’re the gatekeeper to iPhone users, telecoms are gatekeepers to their users so they can charge you a lot to text them. You don’t really have a choice. L
In the US, shafting customers as hard and fast as you can is the current business model. What are they going to do? Move to 1 or 2 remaining competitors with the exact same business model?
> Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
Particularly when the phone requirement is the biggest weakness in Signal.
Getting rid of it will make it substantially cheaper to operate and much more private. Win-win.
What's it cost to be an SS7 peer for a year? Could they spin up their own "phone company" for the purpose of delivering SMS verification and nothing else, cheaper than they're paying someone else's markup?
The cloud tax is crazy (especially bandwidth). Pretty sure Signal has reached the scale where they would be cheaper by building their infra, maybe starting with the most expensive (storage + bandwidth), and then doing others.
SMS is (unfortunately) core to the product, so I'm not certain how they could make it cheaper, while retaining the same properties (user+pass registration would be a nightmare for spam and change the UX).
Is it not that they’re buying something resistance as well by buying from large infra providers if big adversaries like state actors start pushing hard?
I also think SMS and phone numbers are core, but they must provide a way to communicate without use of phone numbers being kept completely separate from phone numbers even when registration is needed using phone numbers.
> millions upon millions of new people suddenly switched to Signal in January 2021 after WhatsApp updated their Terms of Service
From a footnote of the article. Maybe this is why they've stayed with "infinite scale, infinite costs" (commonly known as "cloud") so long? Surely at some point this is worth considering though, I would also be curious where that point lies
Virtually anyone, also when spending only 100 euros/month on server providers, can save a large percentage of costs by taking it in-house. There might be a gap where you need dedicated personnel and it's briefly cheaper to outsource before you grow and it inverts again, but generally if you've got a stable service then this is nearly always worth it
Maybe a hybrid, where new users onboard onto cloud and they buy hardware for expected loads (i.e. current users), would be the most cost effective. I wonder how hard that is to combine the two worlds, but anything that requires more than one server already has that sort of communication going on so there shouldn't be any real blockers. Maybe the two types of infra add costs/risks again and that's why one rarely sees this setup?
I found that with the bandwidth and storage that my company was using on the cloud, we could get ROI in under 2 months by building a server and running it in house. Now we've scaled up to a dozen servers but it's still just a handful of computers in a closet that saves us $50k/mo in cloud costs. It was dirt cheap to slap together and scale up incrementally.
Fwiw, I've seen users suggest hybrid approaches. Interestingly it could reduce some of the costs they list here and looks like a route one could take to slowly build towards a fully or hybrid federated system instead of jumping straight there. But I am unsure how much the community likes the idea and judging by that last post it doesn't seem like the mods do. But this one takes note as two users were willing to place a bounty on the feature request
Signal and XMPP (via Quickly) have a simple phone number based signup workflow that my family have grown used to.
My family are not happy on having to remember/use passwords/keys. That's a shame, but is ultimately a constraint I have to deal with when persuading them to install/use an IM app.
That’s a very bold statement from an app that still requires a phone number using a broken protocol (gsm) to “verify” your identity and authenticate it, sim swap attacks can be carried out by kids these days. Also, don’t expect privacy when you are using a proprietary OS like iOS or one full of Google services that also have proprietary firmware drivers, they (the adversaries) don’t need to even decrypt these “privacy apps” when it’s easier to access the backdoor-ed OS or hardware, but enjoy the illusion in the meantime.
I'm always intrigued by people that have this POV. Security and privacy are not binary for fucks sake. Improvement on the status quo is great and Signal improves a hell of a lot.
Not to mention that half of your comment is non-issues.
there's a big social cost to trying to get others to use Signal, and it's not worth it if the advertised features don't work as advertised..
that said I stopped using Signal years ago because of basic deliverability being less reliable than SMS.. I switched back to SMS so I could communicate reliably with a loved one during an emergency when Signal randomly stopped letting me respond to messages, and I won't pay the social cost twice of trying to convince contacts to use it after having to abandon the service when I really needed it.
Actually between Element and Signal and the differences between their usability as advertised versus the reality of using them with non-technical users, I've used up all of my social capital for convincing people to use "better" networks and mostly just use SMS/RCS now.
Right, so instead of 20 entities tracking you for example now you 18.. the false sense of privacy is far more dangerous than knowing your messages are not private (Like when Tucker Carlson used Signal thinking it was private to find later all his messages were not, regardless if it was a bugged app or an OS, the false sense of privacy is worse, he probably won’t texted those on iMessage for example). Same argument you can see with “vpn is private and we keep no logs because you can trust us!” plus it can be defeated with browser fingerprinting, or paying a hefty price for this “top private email” provider when the recipient doesn’t even use any privacy settings or anything let alone email as a protocol is not meant to be private, it’s all a business model, and the gullible buys it, you “have” to trust that Signal server is not backdoor-ed in real time, and as the old rule in security, if you can access the physical hardware you can in theory access anything in there, you don’t know the hardware is used there, is there any memory injection exploit that get activated after the so called audits? You can’t know, you have to trust that.
People should be aware that Signal may be able to provide good e2ee and methods to make reading your messages or calls a challenge, they don't do to enough to obfuscate. Therefore censors can identify who is using signal and even block it.
https://github.com/net4people/bbs/issues/63
Privacy tools can make you stand out. Unless methods are used to obfuscate your data.
Which app would they all use and from where would they get it? Signal does not (intentionally) support the official app using other servers or the platform itself supporting federation. [1]
This can be a premium feature. Run your own server and for a little bit of money you can configure your client to use an alternative server. Client code is what make it private and secure, so you want to use their verified client even with your own server.
Offering self-hosted servers would probably just degrade the security guarantees of Signal if people misconfigure them. Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation for a niche user base who cares about self-hosting.
> Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation
It's a bit too late for that. They undermined their reputation when they started permanently keeping sensitive user data in the cloud (like a list of every person you contact), and then again when they refused to update their privacy policy which lies to users about their data collection practices, and then again when they killed off the ability to get both "secure" communications and unsecured SMS, and then again when they started adding weird cryptoshit nobody asked for. Signal seems to be telling people as loudly as they can not to use/trust them.
In my mind, the whole point of using Signal is that I don't have to trust the server. Why would it matter who hosts the server if we can trust that the clients' communications are E2E encrypted?
And the people those friends want to talk to. And the friends of those friends.
To have self-hosted chat services, you either need a niche enough service that you'll never have two parties that would want to talk to each other while being on different servers, or federation. Signal chose the former, so here I am with eight communication apps on my phone.
Maybe the next best thing could be to support multiple servers, like how email clients let you fetch data from more than one email provider, if they're so worried about federation inhibiting their ability to control the ecosystem that they plainly won't go there and hold speeches about how harmful that situation would be. Then we could have self hosting and also Signal wouldn't have to care about federating with my self-hosted server.
I would pay for a few signal features:
1. encrypted backups or backup integration of my chats, photos and videos.
2. business features (backup, directory integration, search)
I have not used:
1. voice and video
Incredible that SMS costs so much. I wonder if it's worth it because it _saves_ so much in spam and other sorts of fraud or bad behavior?
I have some good news: go into the settings and turn on encrypted backups. The clients also all come with a search function, even if it only matches against start-of-word (which includes URLs, so you can't search for domain names which regularly bothers me).
Directory integration, as in, importing a vcard with everyone's phone number into your device such that you can tap on anyone's name and message them on Signal if they've got Signal installed?
>: go into the settings and turn on encrypted backups.
Fair warning: It will...bloat. It usually keeps 3-4 copies of most recent backups in the folders you select and if you send a lot of photos, imagine it eating tens of gigabytes of storage just for backup.
(My current backups are 9.75 gigs each, approx 3 of them)
I started paying for Signal when they rolled out the subscription feature at the $5/mo plan and after reading this post, I just moved to the $10/mo plan because of how much I value this service since I use it every day. I hope other users subscribe if they are able to do so.
Wish they provided some numbers of actual messages, type etc. per day. Seems like a good game plan would be.
1) Get off the major cloud providers that charge insane egress fees.
2) Remove SMS verification. A simple solution might be the app gives you a code and then you dial in to them and punch in the code to them. Like a reverse voice based authentication.
3) Remove voice and video calling for non donating users.
3) Remove media texting until both users allow a p2p connection.
4) Remove no contact list message hosting for non donating users.
Lot of unpleasant trade offs there. But I would rank having a text based private messaging app as the top feature. Everything else is a "very" nice to have. I applaud what they are doing and the sacrifices that have been made so far.
Removing essential features like voice/video calling for non-paying users would be a terrible choice IMHO. This is a communication app, which means it is only useful if others use it too.
And how are you going to convince others to pay for Signal when there are many free alternatives, including WhatsApp, which most people already have and while not as privacy focused as Signal, does have end-to-end encryption. If Signal makes people pay for voice calls, they will simply use WhatsApp, regular phone calls, or whatever is free and popular at the moment.
The success of Signal came from being very low friction, privacy is the "nice to have" feature, at least for most users. But add friction and they will look elsewhere, Signal is not WhatsApp, it doesn't have enough of a critical mass to keep users on its network.
All that will remain will be a small core of cypherpunks and people who really have something to hide. This is bad because one strength of Signal is that it is a mainstream app, making it hard to single out "interesting" people compared to those who just use it because their geek friend told them to and they like the shade of blue.
Valid but if there is no model that is sustainable then who cares if its successful? Some trade offs will have to be made. How can they keep going if the vast majority of people don't pay? They don't have the model of "ok we are going to flip and monetize after we get to X mass". Its like a growth startup but with no end game plan.
About the SMS verification, it depends on the goal. If the goal is to verify a phone number, you can't trust the _sender's_ address in the phone network.
So, you can't trust the address in the "From" on an SMS or the "From" of a phone call.
That means a voice call to Signal would not work to validate phone numbers.
Good point, I guess we are proving why the resorted to using numbers in the first place. Unless you have a verification point that includes a "charge". Indirect or direct, your platform gets flooded with spam/bots. Does anyone have ideas of how this problem can be solved while also preserving privacy?
Problem: A system that enforces a monetary penalty to prevent sign up abuse while also not tying a users identity to said system.
Without doing some pain in the a crypto stuff it seems like there are no easy solutions other than the #
"Registration Fees: $6 million dollars per year." "the registration fees that cover the delivery of verification codes during the sign-up process to help verify phone numbers and prevent spam accounts"
Can you please change Signal to not require a phone number? Requiring a phone number makes me question Signal's privacy. Looks like it can save $6 million dollars.
I am imagining a donate page in the app that incorporates this willingness to be public about the costs.
It offers a way to configure a recurring donation for whatever amount and whatever schedule you want. $100/year for instance, but as you slide the slider or enter a number, it shows you if that number leaves Signal in deficit, covered, or surplus, if all other users who are currently paying anything paid this much.
Instead of just trying to suggest an amount with no explaination of what it means, is $5 still leaving them starving? is $5 5x more generous than needed? You still get to use it for free. But if you are of a mind to be one of the ones chipping in to keep it alive, you see exactly what is the right amount.
When 10k people are paying for 10m other people, that "covered" amount may be pretty high, apparently 5x what the average donater is currently paying. (article says it's 20% of total)
But with that little bit of non-repulsive non-abusive game theory, just honest information but presented in an immediate way, a lot of those other 10m users would start to chip in, and the covered amount would come down. Some users will say, well, I can swallow 5x what I was paying, and others can just leave their donation level in the red. But I think a lot more people would go from 0 to a few bucks if they could see exactly what it means and know that it wasn't a waste.
Maybe the donate function could even have a setting track the current covered value automatically so that your bill automatically comes down as other people start adding to the pool.
Also have it display the 3% or more transaction fee overhead going to the debit card and other payment processors, to show right there graphically how much you're wasting by paying a small amount monthly vs a large amount yearly. Everyone always hides that but I say show it prominently.
Total salary bill: $20m. 50 staff so average salary: $400k. I'd be happy with $200k USD - that's more than I get paid in my country at current exchange rates.
The last one available is from 2020, though. They tend to lag a few years behind. They're required to report key employees plus top-five compensated who aren't "key." Brian Acton and Meredith Whittaker both earn no salary at all. Their COO got $290 in 2020. Moxie Marlinspike and their top five developers/managers were all in the 400-600 range.
I'm sure they pay well (don't have much choice if you're going to be based in San Francisco), but I highly doubt 400 is an average salary. The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
> The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
This is incorrect, reportable compensation on a 990 is the amount in box 5 of the employee's W-2, which does not include health insurance, taxes, etc.
I lost interest in Signal when they started shilling a cryptocurrency that they had invested in. I really want a trustworthy replacement to Whatsapp but if I'm going to shill an app to people I know, it can't be something that has connections to investment fraud.
I've loved Signal. It's been the only consistent way I've been able to send and receive high-quality pictures and videos at all. It's been the only way I've been reliably able to send texts when I'm in an area with poor reception, which is frequent.
The privacy is nice and it's been simple and easy to use.
I hope they stick around. Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
The hardest part has been convincing people to use it, and if I have to get people to jump to another one it'll all just fall apart.
> Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
Signal has not been good. The absolute least we should expect from any "privacy oriented company" is that they're honest and fully transparent about the data they collect and store, and Signal is none of that. Since they started collecting and forever storing sensitive user data in the cloud they've refused to update their privacy policy to alert people to that data collection.
If you advertise your service to human rights activists, journalists, and whistleblowers whose freedom and/or lives are on the line you owe it to them to be extremely clear about what their risks are by using your service, but Signal outright lies to them in the very first line of their privacy policy.
This isn't "perfect being the enemy of good" this is either a massive dead canary warning people not to use/trust Signal, or it's completely immoral and irresponsible.
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.
I know it's unpopular to say this on here but Signal will never be popular as long as they don't add basic features that all other messaging apps have.
- If you lose your phone or it no longer boots, all your messages are irretrievably lost. There's no way to create backups on iOS. Why the hell can't I enable iCloud backups? I know it breaks privacy in some ways but let me choose the trade off. Put a giant warning if you have to.
- The desktop app is awful and requires signing in again all the time. See the Telegram Desktop app for how to do it better. In my opinion it should be the gold standard for desktop messaging apps
- Desktop app keeps losing message history
As long as Signal treats all messages as if they're so important that even super spies should not be able to read them, and as a result, goofing usability in a way that standard features don't work, I 100% understand that the majority of people won't use it.
I admire Signal and everything they do. Basically Software-as-Charity, for the greater cause. Now knowing this charity is actually millions drives me nuts. I hope the less expensive solution can be achieved in decentralization of the whole thing. Im sure it is possible to sustain it ourselves as a public service forever if everyone involved will have to pay with his personal computing resource - just like we are able to sustain decentralized finance now. And of course - the idea of a phone number as identity is very much flawed and unsustainable on itself, hopefully Signal team will be able to break through this problem as well
When will they finally get their donation box working properly (including not showing "weird" symbols, when Google is not informed about my visit by loading fonts from them)? Tried multiple times to donate, but I am unwilling to sacrifice my privacy for donating to a messenger that is supposed to protect my privacy. Once they get that donation box fixed, they stand a good chance to get my donation. Just like the Internet Archive, that still has broken donation box when Google fonts is not loaded ...
2 ideas to limit costs:
Make it a 2 tier plan: free tier is text and images only, paid tier adds audio/video calls
Remove the need for phone number verification
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world. Only a select few of the very largest companies globally are still capable of doing this.
Signal may be “small,” but they’re spending plenty on this. Registration is expensive and hard to do without using one of the large expensive providers. But there’s $7M for servers, storage and bandwidth. These are comparatively easy: servers and storage (especially for a service like this where availability for the substantial majority of the data is not terribly important) come in nice pre-manufactured boxes that can easily saturate 10Gbps and can store quite a few TB at very very high IOPS. [0]. And the forwarding model isn’t very latency sensitive - several hundred ms for most users is fine, and sending media via Signal is quite slow regardless. So having many points of presence doesn’t seem terribly important. I bet that two small colocated facilities could cover all of North America quite nicely.
Bandwidth costs outside the cloud world, at least in North America, are comically cheap compared to the major clouds.
[0] A service like Signal ought to need relatively little processing compared to bandwidth and storage for the data plane. AWS and the like may not have a particular good match in their catalog for this use case.
Is it possible to self host signal? Can signal move towards a model like the fediverse where the software development is decoupled from the hosting costs?
I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations. Even better would be to charge users in a way that reflects the costs.
For instance, maybe verifying a new number over SMS should cost $0.10 if that's going to make up 14% of the operating costs.
Begging for donations to subsidize excessive use by other users just doesn't seem sustainable.
> I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations.
Hard disagree. If you charge, the number of people who will use it shrinks by several magnitudes, and then you lose your network effect, you lose the ability to get your less technically inclined friends to install it.
P2P alternatives are less convenient (always on to deal with notifications, adding contacts typically requires extra steps, etcetera), but the difference in costs is abysmal. In any case, it's been years since I've tried to make my social circles move to any of those platforms (Briar, for example). It's a losing battle.
> Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) [...] At current traffic levels, the amount of outbound bandwidth that is required to support Signal voice and video calls is around 20 petabytes per year (that’s 20 million gigabytes) which costs around $1.7 million dollars per year in bandwidth fees just for calling, and that figure doesn’t include the development costs associated with hiring experienced engineers to maintain our calling software, or the cost of the necessary server infrastructure to support those calls.
20 petabytes per year is around 5000 Mbps only for audio and video calling. So 5000 HD video calls all year round.
Signal is known for the large bandwidth needed for calling but that sounds too much and not really scalable in the future.
Paying 2.8m for 20pb of bandwidth is two orders of magnitude more expensive than it needs to be. You pay significantly more using cloud hosting providers rather than dedicated server resellers. I would recommend signal consider just renting dedicated servers from providers like OVH for their voice relays.
While I would be willing to pay a fee to use Signal, most people won’t and then Signal would turn into a deserted landscape full of privacy nerds who only talk with each other. On the other hand, being better at soliciting donations more often would be more helpful. I’m a regular Signal user and didn’t even know I could donate.
Support for Signal development supports all privacy-oriented software and systems, because Signal is open source.
The Signal Protocol already is an industry standard. What other Signal development - either the components, the code, or the concepts - are used by others?
The only issue I'm aware of is that The Signal Protocol is only really defined in Signal's GPL'd code. So it's almost impossible to write a clean room implementation (e.g. Wire tried and ultimately failed. they ended up also GPL-ing their library).
I feel like investing in p2p approaches and having people donate spare server capacity might be better. For example, relay calling was p2p in the original Skype and worked well. Apple private relay is a similar concept whereby there are two intermediaries to make things private. It gets trickier since in mobile land you can’t run servers really, but I feel like the Signal population has enough spare capacity to offload bandwidth and stuff and could be an easier sell than “please give us money”.
For the sms verification, I feel like forcing the requester to do some bitcoin mining for you could potentially pay for itself.
As a counterpoint imagine instead if the cost of messaging went from $50 million per year to the even more lean $0 per year.
Messaging operations are expensive because they need servers to route your traffic. They need to route your traffic to navigate around the restrictions of IPv4 NAT. In a world of IPv6 there is no NAT (but firewall restrictions still apply).
I have created a relationship model that solves for privacy without need for third party servers and then routes messages based upon that model, but it’s limited by IPv4.
Signal should be able to bring in some revenue other than donations. Premium features that don't compromise the privacy? Premium stickers? Extended emojis only if one paid $1 etc.?
If you really wanted to talk to somebody in a "non-decryptable" fashion, could you set up like a channel that encrypts itself with a ton of different encryption methods, keys, etc. (encrypted payloads inside each other)
Signal encryption is its main feature (I think) and how easy it makes it (abstracts handling key transfer and all that), I'm just trying to think through... if I wanted nobody to read what I was saying , would I use an app/target as popular as Signal or something homegrown?
You don't need multiple security protocols (and in fact that is almost always a bad idea). You just need one good protocol and a way to securely exchange the keys. What signal solved for the most part is the secure key exchange.
If you want to talk to one person, you can give them a USB key in person with a set of crypto keys and then use that to encrypt your messages over any transit method and it will be secure.
You could, but you'd be adding complexity to solve a mostly non-existent problem. Security is rarely broken because the algorithm itself is broken. It's usually because one end has a key logger or other vulnerability. Or they are literally storing the unencrypted text in an unencrypted data store after reading it.
In the meantime, the added complexity adds new places for errors.
I think the biggest risks for most people are going to be around key management, social engineering, and exploitation of terminal devices (i.e. if somebody has compromised your device running signal and can observe the message before encryption or after decryption).
More layers of encryption doesn't really solve those problems.
lots of drug traffickers went with something homegrown (Anom), which turned out to be an FBI front. they'd have been a lot safer sticking to Signal. and you can audit the Signal client's source code, which is enough to verify its secrecy.
They could use a free plus subscription model for really pro features, like “extra privacy”, “faster sending speed”, “create bigger group rooms”, these are bad features but you get it
As soon as there is “extra privacy” for a premium, I would ditch Signal immediately. It’s either provate and secure or it’s not. Certain things cannot be half measured.
Not having to rely on a phone number would be extra privacy.
They are stuck with SMS though because it's a costly... signal that prevents spam.
(Sounds like an opportunity ??)
But then this might solve the funding issue for them, but being tied to most payment systems would only somewhat improve the situation for the users.
I understand now why they dabbled with cryptocurrencies (Monero having proved that these can be anonymous short of having NSA levels of computing power ?). I haven't been keeping up, how did that work out ?
Maybe I'm the only one here but this so-called "transparency" in the form of a single blog post doesn't instill much trust in me. I have been an avid Signal user since the TextSecure days and still recommend Signal over any other messenger. However:
- There were times (e.g. during the introduction of MobileCoin) when the Github repositories hadn't seen any update for months, while they were still releasing new app versions on a regular basis. Heck, last time I checked there were not even public changelogs for any of the apps. Calling Signal "open-source" is a stretch at best.
- The Signal team time and again has failed to react to criticism of the usage of Intel SGX, or of how they completely messed up the introduction of the Signal PIN. And let's not talk about MobileCoin. Yes, being "open-source" or "nonprofit" doesn't imply they need to ask their users for permission or respond to every complaint. However, a minimum amount of openness and debating critical features in public would go a long way here.
- I would like to see some transparency regarding the overall foundation and corporate structure, beyond just silently filing form 990 years with significant delay. For instance, it seems Brian Acton can elect and dissolve the entire board just by himself[0, 1]?
Long story short, before donating to Signal I'd like to see a proper and continuous commitment to transparency, not just a once-in-time blog post.
appreciate their transparency, but boy do their devs make a lot of money. their 2 highest paid engineers make around $750k USD yearly. I guess if that's competitive good for them, I'm mostly jealous.
It seems that with uBlock origin enabled in Firefox, I was unable to fill out either of the 2 donation forms on the page. It wouldn't let me fill in my Name in the first form, nor would it let me enter a custom amount in the 2nd form.
"We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy."
Kind of Exaggeration to say that the other popular messaging apps don't respect your privacy.. all of them do, some more, other less, just not all of them have it as their main feature.
I always wonder what is the level of safety of Signal fron state level actors.
Signal uses telephone numbers as user IDs + sends those verification SMS. Also 50 employees? So how many are monitoring the infaratructure 24/7 (on a side note, a project with 50 employees is probably still better than those with thousands - what do those people even do).
If the data leaks somehow, telephone number as ID sounds very bad.
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world.
This is really the crux of the problem. ~$3M of servers per year is more than enough to start purchasing hardware, I wish there were easier ways for people like me to participate and help Signal on the cheap.
As someone who participated in the builds they complain about being expensive (and ignoring their , I don't think it's a function of centralization or "troubling" as much as it is practical. Meta, Google, etc all have many billions they could be saving if they could figure out how to make it cheaper too.
It’s so well written so long post, I afraid I well never read it as carefully. Tonight I’m too tired to delve into its depths. Tomorrow I won’t remember, possibly. And the day after that I won’t remember for sure.
Sorry everyone for this off-topic, I just think it’s needed to be addressed, but I have no idea what to do here.
Signal already has a very hard time competing against the network effects of WhatsApp and Telegram and getting people on the app, a fee would only increase that. But making it n$/year but with the option for an account withiot a phone number like other people are suggesting sounds nice, peace
> Signal already has a very hard time competing against the network effects of WhatsApp and Telegram
May not be the best thread to say this in, but Signal isn’t as good as Telegram and WhatsApp on features. People can be persuaded to switch, but may have different expectations than what Signal can satisfy.
Their competitors are free. Charging $2 would make Signal a non-alternative for many of their users, and due to how the network effect works, it would greatly reduce the utility for everybody willing to pay as well.
And that's all without even considering the significant overhead of collecting low-value payments internationally.
If you have a sustainable business model, you don't need the network effects. Threema is fine with a smaller userbase because they have a business model that works.
> Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago.
What? I know silicon valley salaries are a thing, but absolutely everywhere else in the world this would be insane. Maybe change the headquarters to somewhere cheaper?
Costs for staff are not just salaries. It's also pensions, taxes, benefits, the offices, software licenses and all the other stuff. I've often heard 50% of total cost going to salary, but it varies.
Pensions aren't a thing in the U.S. anymore, especially not for tech. And when a U.S. company says "staffing costs" that does not include licenses, offices, etc. It's strictly salary and benefits.
According to Signal's 990, it's paying multiple employees over $700k. That's above-market for corporate compensation, and it's way above market for non-profit compensation, to the point where it could be considered private inurement.
I keep re-reading this section of their blog post trying to figure out what I'm missing here. $2.6 million full load per employee on avg? Is this heavily weighted to a few executives? Can somebody explain this to me?
It's an uphill battle. I asked to recommend Session on the privacy subreddit- which the moderators denied because Session lacks a well-documented endorsement from a public figure regarded as an authority with regard to privacy.
That is a non-starter specifically in the context of vetting privacy-enabling software. Anyone got a list of privacy celebrities with enough spare time to vet reddit content?
give the option to sign in without phone number paying a fee in bitcoin (sats on lightning network would be the perfect fit) would solve a lot of economic and privacy problems. Also dont waste money on phds post-quantum bullshits would be great.
Tells you how much faith they have in that "feature"....
I'd love to see some usage numbers on it, and perhaps removal of it when it turns out the usage is near zero... (Or maybe I'm totally wrong, which would be interesting too!)
If they remove it, it would render several hundred dollars I have in that wallet inaccessible without extra work on my part.
Usage numbers are not possible because Signal doesn’t include spyware in the app. There is no indication which transactions on chain came from the Signal app or any other app.
Yeah, you only ever hear the naysayers. So second voice to combat that: I like the integration and use it with (admittedly few) selected friends to split bills. And I think it fits signals mission.
Does anyone else think that this strategy of growing the userbase with a "free" product and then start panhandling for donations is outright dishonest?
There are tons of smaller XMPP or Matrix providers that didn't get access to millions in funding from these big corporations like Signal did. Who have to run a business in a way that requires paying customers from the start. But now that cash is tight (and after they built a sizable user base) and they can no longer just outspend the competition, suddenly they remind you of TANSTAAFL and are asking you to cough up the cash.
It is the same shitty playbook used by VC-funded companies, except that is now dressed as some virtuous thing of "looked at how much it cost to build all this..." It makes some emotional appeal but it tries to hide from the audience that these costs are solely due to them insisting on controlling everything.
If it is so expensive to run Signal, then open it up to let other people run their own servers instead of trying to control everything. Don't give me this bullshit of "we are a non-profit but we are in the same lane of big tech corporations". You are there because it served you. You can not have it both ways.
> open it up to let other people run their own servers instead of trying to control everything.
If you know of a good open architecture that solves the problems of spam and impersonation while maintaining the convenience and ease of use necessary for mass adoption, please share it.
I could get my parents who are nearing their 70s to use Element (Matrix) and it took them less than 10 minutes, even with me asking them to register to a non-default homeserver.
Screw "convenience". It's a poison pill. "Convenience" should never be put above "resilience" (not to mention "freedom") in a value scale. The American obsession with "convenience" is turning us all into cattle and it's getting harder and harder to get the rest of society to function without being controlled by some corporate overlord.
Some of these things raise an eyebrow and I'd like them further broken down (but in the mean time, I'm still donating):
* $19 million for 50 staff
- That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.
* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
- I'd drop these features if possible, or give them to donors.
* Storage: $1.3m, Servers: $2.9m
- I was actually expecting this to be far higher
- Long term storage should probably be donor-only
- Servers could likely be optimized by going hybrid cloud with colocation and owning own hardware, but again, was surprised how "little" they're spending on this.
* Sms registration fees: $6m
- Stop contributing and supporting the "Your phone number is your identity" problem.
- Move towards helping educating society and establishing a set of encryption keys as their long term identity
It's easy to criticize from the bleachers. Still thankful for the app and I'll continue to donate.
- That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.
You get what you pay for, though. $338k/year seems like a reasonable salary for people working on something as privacy critical as Signal – just because you're working for a nonprofit doesn't mean you have to work for less competitive wages.
> $338k/year seems like a reasonable salary for people
That $19M/year was total employee costs which, as best I understand these things, can often work out to be double the raw salaries which would bring the average down to a slightly less excessive $170k/year.
Whilst competitive salaries are important, it's fair to say that, outside of the US, you can get good people for a lot less than $338k/year.
To give one example of a (not that cheap) market, outside of London average developer salaries are probably under $50k in the UK. Even accounting for additional costs like taxation and equipment, that's likely to be under $100k fully loaded.
IIRC, employees cost the business ~150% of their salary. That means we're looking at more like a $220k/yr salary on average. For a bay area company, that seems completely reasonable.
Nonprofits, as with for-profits, must pay competitive wages or they will have trouble getting the expertise that they need. $338k/head seems reasonable when you also consider taxes the company must pay for each employee.
"just because you're working for a nonprofit doesn't mean you have to work for less competitive wages"
Actually it does usually. Because when people see real meaning in their work, as opposed to find yet another way to manipulate people on other peoples behalf, then you don't have to buy their consciousness as well.
So sure, it is awesome, that signals employers get to have meaning and money. But I would bet, you would find competent people working for less. (And maybe somewhere else)
But .. they do have a working app and organisation right now and drastic changes could destroy that.
Oh come on. Just because the organization is non-profit, meaning that it's not out to make a profit for shareholders, is no justification for the staff to be paid below their market worth. In fact, they could definitely earn more by quitting and working at for profit companies. And that is especially true for those who are getting the higher end of the compensation.
And say that staff number was like, $5m/year less? It doesn't change the fact that costs of running are substantial and more donation is needed from those who want it to remain viable.
One thing I question with that is that if you gave features to donors only, wouldn't that mean that signal now needs to track users in ways that aren't privacy preserving? I.e. you'd be able to know if any given user using signal now has given payments to signal. I'm not sure that'd work with what they want to do as an organization.
This is a product that solves some of the harder problems of engineering, and has a staff of 50. Cheaper isn’t going to get you the best. If you had a staff of 1000, you could make that argument. Besides that’s not a lot of money to begin with. 340k is a senior engineer salary and I am sure the people running the company are far more capable than senior engineers.
> drop those features
That’s a valid argument, but 1.7M for that 20PB of bandwidth is not a lot of money. Dropping or making the features paid, defeats the purpose. If you’re trying to be the privacy first app that competes with WhatsApp and others, this would make it harder to be a viable alternative.
> sms registration fees
Education is a harder problem to solve, but offloading some of the costs to users may make sense here.
It's easy to say that "you should do x" from the bleachers but when you're in the arena you run up against reality. For example, Signal had a blog a while ago about how they tried to avoid the sms features, actually for privacy reasons, but they found people just didn't use other alternatives. Here's a reddit thread of users advocating for SMS support https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... .
So it was the best of all the available options practically, if they wanted to grow and retain the users.
< "* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
- I'd drop these features if possible, or give them to donors."
How about they pull their socks up and use peer to peer technology instead? Messages are asynchronous so they need to be temporarily stored but routing real-time audio and video is a technology problem that they have chosen the expensive way to solve.
They are peer-to-peer by default between people in their contacts list. That is for when calling someone that isn't in your contacts list or for people that have enabled the relay all calls option.
> I'd drop these features if possible, or give them to donors.
They can't really do that, it deters adoption of something with a network effect.
The real issue here is that direct connections have privacy implications (maybe you don't want the other party to know your IP address), so they relay everything. If they could solve that they could save a lot of money.
For example, detect if the user is connected via a known VPN service (which is likely given Signal's user base) and then let the VPN hide the user's IP address instead of Signal having to pay for it. Or make a deal with popular VPNs to put the relay servers in their data centers, which gives a similar advantage and they might be able to get better pricing from them in general because the VPNs already have a lot of bandwidth, are sympathetic to what Signal does and could use it as PR.
They need to dump sms entirely. Use on device private keys. If users mess it up, it’s on them. People need to get educated about how to manage private keys.
As someone technically savvy, I don't trust myself to manage my own private keys sufficiently for a service that's the point of contact for all my friends and family. I think it's a much taller order for someone without the technical knowhow – remember that Signal's audience includes very non-technical people who don't have time to learn the technical ins and outs but absolutely require its utility, like journalists and dissidents.
Then few will use it and Signal will die. There is this gap between the ideals of the technically-minded and the reality that users live in. They tried to dump SMS - and people responded by not using alternatives. The entire sales pitch of Signal is that it is easy and unobtrusive.
costs for a nonprofit are the same as costs for a forprofit
there’s just a bunch of nonprofit employees or personnel that play on the pauper perception because its convenient, but “nonprofit” and no money is not correlated to anything
so if those employee costs were excessive for any organization, saying non profit doesn’t make them more or less excessive
I think tech talent is undervalued and should at least compete directly with FAANG, for many organizations this is not possible, for organizations with other liquid assets they create (like Signal) it is possible. All employment hasnt risen with cost of living, I’m not familiar with other sectors.
Signal can be better, IMHO, by separating from phone number requirements. In other words, let users have secure random ids, rather than forcing each user to hand over their phone number for phone company verification.
It turns out the budget shows the phone number registration problem: the costs to deal with phone number verification seem to be $6MM, which seems to be 10% of the entire budget.
If Signal staff are reading this, I'd gladly pay $100/year for a phone-free solution for all users.
A bit handwavy, but allowing sign-up without a phone number could massively increase bot/spam traffic and ultimately increase hosting costs for Signal.
Just charge $10 to create an account without a phone number and accept Bitcoin. Most people can avoid the $10 by providing a phone number, privacy-conscious people only have to pay $10, it generates revenue, and the $10 puts the spammers out of business because they don't pay $10 once, they pay $10 every time they get banned, which happens multiple times a day.
You could even automate the bans by banning anyone who gets blocked by more than two people they sent messages to, which anybody can avoid by not sending messages to people who would block them, and if it happens to someone innocent, it's still only another $10 to reactivate your account.
The phone number requirement is why WhatsApp won the space over in the first place. There were loads of username+password-based services before it, but none reached the market it did. Why? An incredibly wide user funnel, singing up is frictionless.
You might understand that it's a bad idea, but that makes you an outlier.
No, WhatsApp won because it successfully replicated and replaced the SMS experience in the developing world, where the cost of data was dirt cheap in comparison to the cost of a single SMS message.
I don't really buy this argument. Is signing up with a phone number really that much easier for the average user than using a username/email account? Billions of people seemed to have no problems making a Facebook or Google account.
Requiring a phone number also seems like a decent way increase friction for automated account creation - obviously it can be overcome, but it probably reduces automated account creation by a few orders of magnitudes, which I would imagine reduces the amount of botting/phishing/ban evasion, which could all add up to be pretty expensive to an org.
Using phone numbers as identifiers (and by extension users' phone books as a contact discovery mechanism) is probably at least equally significant as a factor for WhatsApp's success.
Focusing on app features is one thing but the bigger picture is that Signal is at risk of not existing without capital… (just donated $20 today and I wish I could buy stickers off of them).
I don't understand the concern. Signal has never been about anonymity. If you need to be anonymous, use a different tool. I like the fact that a phone number provides an additional verification that the person I am chatting with is who they say they are. As far as risk associated with having your phone number leaked to bad actors, that ship sailed years ago. I guarantee your number has been leaked a thousand other ways starting with by your phone provider.
It would have very particular ethical trade-offs, but they could just make signing up without a phone number a paid option. That has the advantage of actually turning a cost center into a profit center, at the distinct disadvantage of creating a moral hazard by the exact same virtue.
$6 million per year on outgoing SMS?
Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.
Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).
Or just kill SMS entirely. SMS is old tech from the 1990s. We have better things now, like e-mail over LTE/5G, that work across countries, across devices (whoa!), across providers, across SIM cards (wow!) allow more than 140 characters (wow wow!), and allows easy-to-remember alphanumeric identifiers for user ids (wow wow wow is this the future!). I hate SMS confirmations, I don't want to use my phone number as a username, and I will most certainly never donate to an organization that is using my donations to pay for stupid SMS texts after e-mail was invented.
Personally, I refuse to financially support Signal so long as they're still holding my chat logs hostage on my old iPhone and seem not at all concerned about solving this problem, which has existed for years.
There was (and still is, so far as I know) no upfront warning to users that if they don't first sync with a desktop client, and their phone gets lost or stolen, their iTunes backups do not (unlike most iPhone applications) contain their Signal chats. And furthermore, there's no way to export those chats in backup format from an old phone.
(You can transfer, but the transfer deletes the data from the original source, which is extremely foolish and dangerous IMO, and anyways isn't a proper export accessible from other applications. Furthermore, so far as I know there's no support for transferring from very old versions of the Signal client.)
This has been a critical bug for years [1], it's one of the most complained about issues, and Signal has done (and intends to do) absolutely nothing to fix it. It is absolutely unacceptable to have our own data held hostage by them in this way, especially without any upfront warning.
I completely agree with you, even though the situation is at least a tad better on the Android side... However, it's worth noting that Signal seems to consider this a feature and not a bug.
I hate that. I use signal to chat with my friends. We trade pictures of our cats. I am not a whistleblower who needs my data deleted instantly for safety. I provide the noise that acts as cover for those people. And I would have a LOT easier time bringing onto the network if they were able to keep that chat history. (I take a backup on Android and export it and clean my Signal install periodically because it gets large and starts taking up too much space on my device.)
I love Signal. I want it to succeed. I think they have a little bit of problem understanding who their users actually are though, or perhaps just a disconnect with telling us who the users they want to have are...
Interesting, I always saw this as a deliberate feature aligned with what I first came across Signal for (sensitive communications between trusted parties that may need wiping at a moment's notice). If a journo reporting in a less than hospitable regime had their phone confiscated then they need not worry about their chat logs compromising them.
Sorry, how is this any safer for the journalist? If their phone is compromised in a way such that someone can login and control their Signal app, their chat logs are already compromised. I’m just saying there should be the ability to export those logs once you’ve logged in.
But if they don’t want to provide that, then:
1) Why does the Android app support this?
2) They should warn users of this BEFORE holding their data hostage, and not market Signal like it’s the right solution for everyone.
Perhaps Signal is not the right choice for you? It seems odd to be so concerned about data retention from a system which prominently features support for disappearing messages!
I expect messages to disappear when I turn on disappearing messages and not when I don’t turn them on.
But yes, I agree it’s not the right choice for me and many others who want to have full ownership over our data, and they should make that clear in advance.
Love the product. Had a monthly recurring donation for many years. Dropped it over what I consider to be their serial mishandling of open source. See https://github.com/signalapp/Signal-Desktop/pull/6186 for the latest chapter in the, "we won't implement desktop GIPHY that we announced in 2016, and also won't merge it when someone else thoughtfully implements it for us" saga.
I feel like they've made their position here quite clear and it's well-reasoned. I understand the disappointment, but this doesn't give any indications to me of "serial mishandling" unless there's some other context I'm missing?
Open source != open to contributions. Signal has made it pretty clear that their motivations for open source are visibility and verifiability, not to get people to do work for them for free. It seems like the action item to update the CONTRIBUTING.md to make those expectations more clear is a reasonable one.
They announced the feature coming to desktop "shortly" seven (7) years ago [1]. It has been implemented on mobile for ages, and is generally one of the most-popular features of any modern messaging service. In the years since, things like in-app cryptocurrency were implemented. Issues on GitHub dating back to 2017 were unceremoniously locked [2]. A community feature request has been open since 2018 [3]. When more issues on GitHub were created, they were told to discuss it in the one that was already locked, and didn't respond further once that was noted to be impossible [4].
When the PR was thoughtfully created long after it was clear that they wouldn't be honoring their own announcement, they said (approximately a year ago) that they would review and implement it with credit. After 6 months of darkness and petitioning, it was dismissed as being harder to review than to implement while disingenuously counting things like SVGs and license text as LOC. When some specific concerns were finally provided, the author responded point-by-point in how they were already researched and addressed, with a polite request for evidence so that they could correct any misunderstandings. The subsequent response ignored everything in that but the suggestion to update the contribution guide to align with their previously-unstated intent.
Serially mishandled. I'm not moving off of that position.
Why would you ever want to raise the bar for what constitutes open source, all the way up to "Must be open to spending their time reviewing and integrating massive contributions from 3rd parties"?
I don't understand how storage can cost a million dollars when they don't store anything. Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine... even if you receive and send trillions of messages I don't think you would end up storing much at all.
As for registration fees, it sounds like they should use authenticator instead of SMS... and stop requiring a phone number to sign up. That is why I left Signal (went with Matrix). I don't see why anyone would want to tie their Signal to a phone. If you value privacy, why would you do that?
Servers cost seems excessive as well. I don't believe you need that many servers, even if you served a boat load of requests.
As for bandwidth.. okay, that may be the case. I am not sure how you can get that cost down.
> Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine...
The details are there in this post, but I can offer a few guesses. Users may be using multiple devices. And the service has to deliver to all the linked devices before ejecting the message from its storage. The time limit for storing and waiting for linked devices to come online is about a month. With tens of millions of users, this could add up.
Even if every user had dozens of queued up messages, I don't think it equals millions in storage costs. Maybe I'm naive, but I have a storage/database/queue with billions of records and it costs <$700/month.
If Signal drops the requirement to have a phone number I'll support them with money. If they allow me to change the name of a contact to what makes sense to me, I'll donate again. Follow the example of Session on this!
I'm seeing all the comments about the $6m Twilio expense, but nothing commenting on how their cost per employee is $380,000 totaling $19m. I think they could optimize this easier if the will was there. I know HN is very SV/tech centric, and that number makes sense there given the run up of VC money, etc. but I'm willing to bet they could source talent from cheaper places and slash this in half; if they wanted to. Just an observation, not my place to tell anyone how to run their business, but for a nonprofit that is trying to drum up donations to fund their operations, I'd think they would want to be leaner.
This number includes taxes, benefits, etc, not just raw salary.
Notably Signal employees do not get equity, so the salary must be higher to remain competitive.
Signal is probably the hardest class of product to build. Name an optimization/distributed systems problem, they probably have it. And quite literally, a Signal bug could jeopardize an activist/journalist’s life.
So for a <$200k salary and no equity, how many world-class engineers do you think you could hire?
I simply wouldn’t trust the product, if it had mediocre engineers.
I interviewed at Signal for a senior developer. They do not pay well. I didn't even get past the phone interview because they were nowhere near my range. No idea where the $380k comes from, executives maybe?
If you want to hire the best talent - engineering and ethics, you need to pay top dollar. 380k is senior engineer comp at most FAANG adjacent companies. It's not a lot.
This is SV tech logic that I mentioned. I’m just not usually of the opinion it’s necessary. There’s a lot of talent around the world. And I’d guess only a few really “top talent” folks are needed to build the unusual problems/cryptographic parts of their app. A lot of it could likely be build by an average dev with some oversight.
I say this as a person that regularly and successfully hires devs from low COL areas. I know the common pitfalls of it and know it’s completely possible to manage and get high quality outcomes. It requires a management approach that’s slightly different than having 100% top tier talent from high COL areas but it’s possible all the same.
I'd never advocate for unfair compensation. Only that what's fair is highly variable when the world is your potential labor pool. A lot of people and companies think or behave like only a few areas of the world produce quality software. It's absolutely false. I'd also want to question if a company full of Master Craftsmen are needed (if that's what's implied by the $380k/employee). To keep with the construction metaphor, most labor on a typical construction site is Craftsmen supervising unskilled/lower skilled labor; otherwise cost would be a major issue (more than it is already).
Are you the same kind of people that think that NGO workers should work for free or for a small wage that is not representative of the market wage for their positions?
No, I’m the type of person who thinks tech salaries are bloated in certain areas and certain companies and that does not follow the distribution of talent. It’s followed the distribution of VC money and profits of large companies. The evidence of such is that the median software engineer in the US is in the low-mid $100s (depending on what source I want to believe it’s $110k-$140k). But I also believe that same talent can be sourced outside the US is many cases and for far less expense.
I also view most apps/tech as not very novel. It’s largely the same engineering “problems” that are known and well documented. A lot of it can be done by average developers and “top tier” talent isn’t usually needed other than probably the cryptographic components in Signal’s case. Scale is certainly a concern, but that is a familiar problem that’s has a lot of documentation solutions and approaches.
I could be wrong. Maybe they’re already doing this and it just happens most of their expense is going to a couple high paid execs. Could be that I’m underestimating the complexity as well. But I find my statements to be true in many cases. I can even point to the number of times I’ve talked to consultants and top tier devs about building things for me. What they would charge $1m for I can often piece together for less than $50k by hiring a few folks in low COL areas and then just spending a little effort refactoring their code to be as pretty as I like it to be; sometimes I outsource that too but the point is having a whole company of top tier talent isn’t usually necessary, it’s a choice. Just like believing that top tier talent only exists in the high cost tech hub cities is a choice more so than the truth.
OP didn't mentioned to slash salaries just by half not by 75%. Most IT people in western countries in Europe are not making even 200k per year. Even in London is hard to get 120k unless you maybe working as a contractor.
A lot of those SV talents are not american but migrated from europe or elsewhere - there are still talented people in EU who just simply don't want to move to USA these days even if salaries are at least 2x. You wouldn't have a problem finding real talent in eastern europe for 150k.
Well I don’t get paid to hack, it’s a hobby and sometimes I’m and entrepreneur so I don’t have the same bias as thinking all devs should be making $500k+. I actually think of cost controls and how to build more with less, so kind of polar opposite motives.
Cheap is also a relative concept. I have a guy on full time that I pay $1500 a month. It’s more than twice than he’s ever made in his life and he’s an excellent dev. If I needed to, I could find 50 more like him. Sure if I was FAANG scale trying to hire 30,000 of these people it might get tough. But, I could probably create an entire training program and just apprentice people for less than they paid new grads out of 2-4 schools they normally hire from.
Silicon Valley is not the only place to find engineers who know what they're doing. Some of us want to stay in our home country and/or don't want to jump through the hoops that American tech companies demand.
It's amazing what they produce with their headcount:
First, we have three distinct client teams, one for each platform (Android, Desktop, and iOS). These teams are constantly working: adjusting to operating system updates, building new features, and making sure the app works on a wide variety of devices and hardware configurations. We also have dedicated engineering teams that handle the development and maintenance of the Signal Server and all of its infrastructure, our calling libraries like RingRTC, and core libraries like libsignal. These also need constant development and monitoring.
Product and design teams help shape the future of the app and determine how it will look and function, while our localization team coordinates translation efforts across more than sixty languages. We even have a full-time, in-house support group that interfaces with people who use Signal and provides detailed technical feedback and real-time troubleshooting information to every other team. This is an essential function, particularly at Signal, because we don’t collect analytics or telemetry data about how people are using Signal.
--------
How many people does it take to perform all that?
In total, around 50 full-time employees currently work on Signal ...
FB only wanted whatsapp to preempt a potential competitor. They are happy to give the service for free (at a loss)
There is no room for monetization because of FB. In other words, you can't compete with a monopoly, even if you are in a different business. They simply take all
FB is getting and using some metadata from WhatsApp. FB also said it would be introducing ads in WhatsApp. While WhatsApp may not be raking in a lot of money, it’s not a complete loss for Meta either.
An entirely peer-to-peer instant messaging network, which doesn't rely on a central authority, is technically possible. A $50M/yr burn rate to implement that authority as an act of charity is simply unsustainable. Why do we insist on continuing down this path?
Attempts to decentralize or federate Signal are met with hostility. The Signal Foundation tells us that this is the only possible way; "the ecosystem is moving", and we must exist in competition with commercial offerings, rather than build something small, sustainable, and decentralized. This is great, until the AWS bill is due.
Because peer-to-peer messaging is not a solved issue. People want asynchronous conversations and not have to expose their location to everyone they talk to.
There are other platforms that are working on federated e2ee services (it's not easy. matrix was completely broken a year ago).
I'm not suggesting that it's a solved problem, but it's a solvable problem, and the Signal Foundation should be using its (significant) resources to solve it, rather than slowly bleeding them out to AWS, GCP, Azure, and Twilio. Unfortunately, solving that problem also significantly reduces the scope of the Foundation, so there's little incentive.
Nothing seems out of the ordinary in terms of costs. But there some features that would be pertinent to their core mission of providing a secure messenger, and stories and payments aren’t some of those. Stories button takes up half of the bottom navigation bar, I have not seen anyone using that feature.
Their non-product approach is what prevents men from becoming a recurring donors. They are finally testing a build with usernames, but it has been long over due.
I'll probably donate, but I find it annoying that Signal only offers Linux packages for Debian-based distros. I've had headaches with the Flatpak. I would think that the Linux desktop audience - while not huge - would be the most interested in Signal. That is, might not be a lot of Linux users but percentage-wise I'd bet more Linux users are interested in Signal than macOS or Windows users.
> she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
There is also a third alternative: Threema (https://play.google.com/store/apps/details?id=ch.threema.app...) is a privacy-focused messenger app that tries to cover its costs by *gasp* asking for money for the app! But of course those notoriously financially-conservative Swiss can't hold a candle to Signal, who first decided to give away their app, same as those other messenger-making companies flush with cash, and then found out that supporting all those users who download your free app actually costs money...
I would use Signal, but it ties to a mobile number, that is why I don't use it. Been using Element/Matrix instead. I'd consider switching if I could primarily use it on a Desktop decoupled from a mobile device.
Contact this company if you're looking Best IP-TV Provider
Whats-app: (+12023675323)
I buy from him every year and I don't find any problems with the server, worth encouraging
This was a nice, detailed read. At some point, Signal would have to move out of cloud providers at least for a few things to manage costs better.
I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinately user unfriendly on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal ignoring the user and UX issues completely.
> Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages.
This is not the only case where Signal has decided that users should not be in control of their own data. For example an Apple Store or authorised repair shop may need to reset the phone, or an OS upgrade goes badly and needs a restore will also lead to data loss even if there is a full local encrypted backup made.
It is really orthogonal to the much of what Signal claims to stand for them to so boneheadedly insist that users should not be allowed to own and control their own data.
It's crazy, 400,000k per person. It would feel like nothing but an unfair waste of my "cheap-country" money to fuel "overpriced-county" with a donation.
But that's not salary, that's the total cost per employee. So if you factor in ~40% cost for healthcare, pension, perks, and various taxes, then the average salary is closer to $240,000 which will still a bit high, is probably less than market for the average engineer working at the company.
Back in the day Signal was called TextSecure and it did everything over SMS which required no centralized infrastructure aside from the cellular networks. They transitioned to internet-based messaging to support Apple devices. It seems that decision is now a 50 million dollar per year step backwards.
It's not a step backwards for me. Our organization uses signal in many situations where SMS isn't an option. When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages. We had a widespread cell outage in my area last year. Signal not being on cell/SMS meant that I could still communicate with family without need of cell towers. This is a big step forwards imho.
> When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages.
WiFi calling is a standard feature that does exactly what you describe for texts and calls, without using a third-party. I have cell connectivity turned off constantly on my phone and yet receive texts and calls via WiFi.
It is actually an awesome feature for receiving 2FA SMS at my parent's place where there is great internet but poor cell coverage.
Right, I totally hate being able to text, voice, video, send files, and screen share with individuals or groups of people, including half my contacts who use iPhone. Also, fuck them for making all of it sync to all my computers. And I especially hate the fact that I was not billed by telecom carriers for the tens of thousands of messages I've sent and thousands of calls I've made over it over the last 10 years.
Yes, indeed, how backwards. I wish I only used software that spied on me, or permitted others to spy on me, for those features.
Every time I hear about Signal's donation notices I start thinking about ways they might generate revenue. I'm sure Signal staff have considered a ton of options already. Anyway,
- can't do personalized ads or geo-specific ads, so doing generic ads wouldn't drive a ton of revenue anyways
- can't require users payment because when payment (most forms, including bitcoin!) can be used to identify people
- No real benefit to themed group chats (like discord nitro) since it doesn't focus on community groups
I'd love for someone to figure this out, though, because a nonprofit structure for an app is not sustainable.
Who is the active user base for signal these days? Everyone I knew who was using it dropped off after the SMS debacle, which was a shame.
Edit:
Wow some weird haters on HN today. I was honestly curious as an active signal user that was no longer able to use it to message people in North America and had never seen anyone using it in East Asia. Apparently this makes some other signal users very angry.
I've been to a lot of meetups in the last year and exchanged contacts with people. As a nerdy idealist running a deGoogled Android with no proprietary software, I always have to tell them that I don’t have WhatsApp, just Signal. Again and again I have heard the reply, “Oh, yeah, I’ve got Signal, I use it to buy drugs.”
So, that’s some of the active user base in my city, but none of those users are very motivated to use Signal with their network of contacts in general. There WhatsApp reigns.
That's been similar to my experience in the last year. WhatsApp or even worse, Snapchat, seems to be the preferred "private" messaging platforms, which is depressing to say the least.
those users probably have a far lower impact on Signal's operating costs because they're only sending the occasional message instead of using it as a broadcast platform.
The SMS issue was mainly a problem in the US where people used it for SMS and therefore never mattered since that communication was never secure. Those people probably never even cared for security since they, as you said even went out there and actually uninstalled an app. Something people seem to rarely do.
I use it for friends, family and colleagues. People now started asking me for it (or safe alternatives to Facebook Messenger) since Facebook started asking people to pay for non-targeted ads recently. They actually got people to think about the data they share with an outdated social network.
Yep, the whole point of Signal for me was the SMS component. I put up with the old-fashioned UI for that reason. Now it just looks and acts like a Telegram clone.
I have yet to find a replacement that both I like and other people use. Matrix and Session I have yet to find anyone using, telegram seems to be almost entirely bots in my area, and WhatsApp etc are owned by Meta.
I've converted all of my friends and family to using it. It's the "social media" for my world now. I'm probably an outlier for that, but it makes me happy!
For instance, 1.3$ million per year for storage??? Apparently, they have 40 million users, so 1 MB per user (seems reasonable for Signal) means 40TB. You can buy a 4TB SSD for $200, which means you need $2000 one-time for 1MB per user.
How they get from $2000 to 1.3$ million is a mystery.
As for SMS registration, if they are spending 6 million, maybe they should find some way of doing it for free, e.g. Google might be offering it with Firebase, Twitter used to have it, etc. It's not great for privacy, but if they care about that they should just stop using phone numbers.
Routing video calls through a server to obscure IP address seems totally pointless while you are revealing the phone number anyway. And again there might be a way to do this for free, e.g. perhaps using one of free WebRTC STUN/TURN servers that e.g. Google seems to run.
As for bandwidth, a very conservative estimate seems 100 MB per month for each of 40 million users, giving 4 PB per month (though I guess the real usage is 1/10 that at most). Hetzner charges $1/TB, so that gives $4000 per month or $40k per year, overestimated.
Again a mystery how they get from $40k per month to $2.7 million.
Maybe the problem is that they use AWS/GCP/Azure/etc.? They have to be real idiots to use them since everyone knows they are insanely overpriced and should never be used unless a large corporation or deep-pocketed investors are footing the bills or they is no other possible solution.
Perhaps they need to consider stopping dumping money down the drain before asking for donations.
Sorry, how does 1 mb per user seem reasonable? I’m sending tons of videos, documents and pictures, probably beyond a gigabyte daily. Just one video is like 40Mb. 1Mb assumption seems absurd
I really, really, want to go into a bunch of detail on exactly why this calculation is so incredibly naive. More as a personal thought exercise than for internet fame (since this will be buried under a buried comment).
Maybe I'll find the time...
But, like everyone else is saying, putting things in a datacenter in a resilient way for a high profile, high bandwidth, multi-national app is not the same as buying some ssd, or even running a hetzner instance.
Yes like paying 30$ for Tylenol in a hospital. You didn’t pay that much for the pill but for a nurse to enter that you need that into a schedule and then actually deliver it to you.
You have to appreciate the complete transparency, gently nudging towards giving without ever begging for it.
Refreshing compared to the alternative that Wikipedia is showing, with the tantrum-like emails we receive from their CEO like "LAST REMINDER" or "We've had enough" ; which they ironically send to people who gave.
Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
I would much prefer the Wikipedia endowment model of non-profit orgs. They have a standard operating procedure with a predictable budget, and endowment that let's them run indefinitely, and we just have to suffer through pledge drives. I just block them with ublock filters. I gave them 6 dollars back in 2012, and according to their marketing that is enough for life.
> Don't take them personally
No. They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.
More broadly, I don't have to excuse bad behavior just because somebody's making money off it or because it makes some too-narrow metric go up. Yes, it's a complex and imperfect world. But to me that's a reason to work harder to make things better, not a reason for people to say, "fuck it" and make the world worse.
13 replies →
> Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them.
I don't take them personally, of course, but they do encourage me to avoid forking over any money.
5 replies →
So...is Wikipedia at the level where they can invest to ensure they're sustained indefinitely?
3 replies →
> Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.
It's still shitty, even if it's a shitty "standard practice" and not a shitty thing being done to me particularly.
Honestly, it seems like Wikipedia's goodwill is seen as an exploitable resource, that people in Wikimedia are using to do other, unnecessary things (probably building little personal fiefdoms).
Sort of like Mozilla, actually. IIRC, they literally won't let you give them money to fund Firefox development, and any donations you give them go to fiefdoms almost certainty entirely unrelated to why you gave them money.
1 reply →
It's basically a attempt at sql injection to the brain. Can't wait for AI glasses to filter that crap once and for all from reality.
[dead]
I donated to the Southern Poverty Law Center a few years ago. A physical address was a required field on the donation form. I have never stopped regretting it, because GODDAMN! They started hammering me with physical mail asking for more money immediately and have not stopped.
I had this happen years ago, ironically I'm pretty sure they spent more hounding me for the next dollar than i gave them (like $25).
In case you're still giving money to them, perhaps consider not donating to an organization that marks people as bigots for speaking against religious extremism.
edit They do do a lot of good work in marking actual hate groups though, so I suppose it's a net positive still even if they miss a few strikes.
Just curious why you used an address that's associated with you. Choosing the address of a place like a park, which is a real address that has no mailbox or direct association with you, ought to be the default if you don't want to be spammed to hell and back.
3 replies →
Apologies in advance as I may be saying contrary to the sentiments here against Wikipedia fund raising. I also get the same emails and the banners. I diligently donate what I can. I don’t know where my funds will go. But what I do know is that I use that website practically twenty times a day and get something of value.
Wikipedia is particularly insulting because they make enough money to cover the actual costs of running Wikipedia (the site) in days if not hours, and could operate for years without any additional donations: https://news.ycombinator.com/item?id=32840097
Is it personally insulting to you that a completely free high quality services sometimes ask if you want to donate what ever small amount you'd like?
You'll be proper mad when you realize how much money that other company, whom you regularly pay for access to their services, has in the bank.
4 replies →
Is that including staff + trying to do new stuff or just the servers.
13 replies →
https://wikimediafoundation.org/about/annualreport/2022-annu...
Seems almost mundane, as if they’re running a very effective foundation that’s actively achieving their goals. See the recent Cambridge study that explored how their governance has been effective at promoting moderate discourse while suppressing misinformation and hateful content: https://www.cambridge.org/core/journals/american-political-s...
2 replies →
> which they ironically send to people who gave
I'm a lifetime member of my university's alumni association. This means I routinely get physical mail with headlines like, "YOUR OFFER INSIDE," and then the "offer" is to give them more money.
Sigh.
There was a comic I've never been able to find about wikipedia asking for money, it basically had them being that one crazy dude yelling at you to donate, and getting worse as time passed and you tried to ignore them. Then it showed a raw screenshot of wikipedias nag screen. Unsure who drew it or where it went, but I regret not archiving it, because it conveys what it feels like every time. I just don't want to donate if I have 0 control of where my money goes. If it's straight to paying the bill for the infrastructure, then sure.
Is it this one? https://bigmemes99.funnyjunk.com/pictures/4chan_1bff07_28908...
1 reply →
2022 Salaries for those interested: https://projects.propublica.org/nonprofits/organizations/824...
Compensation Key Employees and Officers Base Related Other
Jim O'leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104
Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0
Aside from the salaries, which I agree are a problem, I think there are a lot of architectural issues that are both costly and not so secure.
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.
6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.
This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.
> which I agree are a problem
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
10 replies →
Their #1 goal is not to be the most private solution. Their goal is to make day-to-day communications of most people difficult to surveil.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
Have you tried verifying your contacts? It's clunky, but I believe this is how signal handles the problem:
https://support.signal.org/hc/en-us/articles/360007060632-Wh...
Using signal without verifying contacts is like bit like using HTTPS without verifying certificates. It prevents passive monitoring.
1 reply →
> This "cost" puts people into danger.
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
The reason I don’t use signal much is this link to a phone number.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
3 replies →
I'll ask the question you're implying out loud.
Why does an organization with about 50 employees need 4 C-level executives, totalling about 2M compensation per year? Or perhaps it's 7 C-level executives (3 hiding under the "Software developer" title) totalling about 3,7M compensation per year?
I'm absolutely not donating money to such a thing without an answer to this question. As a counterpoint, I am a member of a local (Finnish) non-profit organization, one of whose many services is Matrix. This costs me 40 euros per year and none of that money goes to C-level executives.
I find this hypocritical. C executives of tech orgs with world class products often have eight figures compensation -- if not from salary then from stock options. I do not see any excess here. You need to pay to compete.
14 replies →
> We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate
And from the link: https://projects.propublica.org/nonprofits/organizations/824...
- Other Salaries and Wages $9,665,761 - Executive Compensation $744,037
So about $10,400,000 a year in compensation and wages, or about 21% of their running costs.
1 reply →
2M in comp distributed between 4 people is not a lot at this scale in my opinion.
33 replies →
[dead]
Does anyone have an idea why they did not list the combined salaries of all employees? They did seem to list all the other things...
They don't break out salaries specifically, but personnel costs are in this paragraph:
> To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
I'm kind of happy to don't see Moxie with such rockstar salary as for instance the CTO one..
From the same link, it seems like his compensation was much higher in all the preceding years. Not sure what changed this year, but I agree it's a bit refreshing to see. Especially since he's probably made good money throughout his career
1 reply →
Salaries: Pretty abusive salaries for a non profit but that seems to be pretty much the standard nowadays, right?
Bandwidth: I took at quick look and see that chat.signal.org resolves to AWS. If they are paying AWS for a lot of bandwidth, that is very expensive. Let's take a quick look:
Servers: I won't get into the numbers here as that's a lot more involved, and impossible without more data, but buying and maintaining your own infra, or possibly easier, renting it, would still be quite a lot cheaper than using AWS.
Takeaways: - Storage is something you should buy and maintain (Thanks B!), you swap out old/dying storage devices. See Backblaze.
Anyway, I do love Signal, what they do and what they represent. Keep up the good work.
Signal, mail me at m aaaat zynk.it if you'd like to talk.
> A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
I understand this is napkin math, but shouldn't we consider that the load isn't evenly distributed? - in which case 50% average utilization seems extremely high
1 reply →
>Salaries: Pretty abusive salaries for a non profit
Non profit employees aren’t monks, they don’t need to be talking vows of poverty.
I just donated $10 to Signal. Here's how to do so on iPhone in less than a minute:
1. Open Signal and click on your user icon in the upper left.
2. Go to "Settings" --> "Donate to Signal".
3. Click "Donate", select your donation options, and pay with Apple Pay.
Thanks, I just setup a $5 a month donation.
Love what signal's doing for the world.
I’ve got a recurring donation of $5/mo I set up ages ago
Me too! Set it up once and forget. I love their work and Unlike any other charity/nonprofit that I've donated to, they never bother me any further.
> I’ve got a recurring donation of $5/mo I set up ages ago
Thanks for that, I did a one off 300 euro donation back in '21 during the bubble market; Meredith has been doing the rounds [0] and she hits on lots of good points, and even went to the UK over their now failed bill during the Summer.
0: https://www.youtube.com/watch?v=ykfABSBeAVo
Me too
Does this entail a 30% cut to Apple/Google?
https://support.signal.org/hc/en-us/articles/360031949872-Do...
Easy google , but no it doesn't
2 replies →
Not on apple, at least
https://developer.apple.com/apple-pay/nonprofits/
Does it matter. 70% of something is better than 100% of nothing.
3 replies →
I had an old Apple Store & iTunes gift card laying around so I redeemed it and attempted to use it to donate via Apple Pay, but get "Apple Account - Not enabled for in app payments". Google isn't very helpful about exactly why. Am I missing some KYC somewhere or are payments of this type prohibited from "Apple Account" balances?
Also a reminder, your work might have a donation matching system. All the major tech companies do, so you can really boost your effect.
I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
It is not meant as a anonymous messager, but an encrypted one, you can trust to not sell you out.
2 replies →
Most people using Signal - and particularly most people likely to donate - are not using it to hide their identities, but to decrease the chance of unknown parties reading their conversations. My Signal account has my full name on it, and checking my top contacts, most of them do too (some only have their first name).
> I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?
Your payment info is not connected to your account.
https://support.signal.org/hc/en-us/articles/360031949872-Do...
2 replies →
Signal is not for anonymity.
It's for security.
1 reply →
There doesn't seem to be a way to pay annually, which I'd prefer to a monthly payment. £5/month is just a little high, but I'd merrily pay half that or £30/year.
There are two forms at https://signal.org/donate/, the second one lets you set a yearly donation at a custom amount (and both forms a monthly donation at a custom amount).
If you really need a lower tier, you can switch currencies to JPY, there's a monthly option for 500JPY which is about 2.67GBP.
Thanks for the suggestion; I just signed up for the $5/month plan. I have been using Signal for years, but never considered donating anything before.
:thumbs_up
So you donated to Apple too in the process?
Seriously consider setting up a recurring donation if you prefer Signal. They have delivered consistently over the years. I set the $20/month back when they introduced the option.
I'm curious what the breakdown of donations is. I only have 1 contact with a $10/month and 1 with a $5/month badge. Of course there could be others not displaying the badge. Signal really needs 500,000 people giving $20/month and plus the rich guys giving some millions on top of that to be in a safe financial position.
Maybe something that could be done to encourage donations is have the client estimate how much raw infra costs your usage created and display in the donation screen.
20/month for every chat service I use is very steep. I'd be spending more on chat services than on mobile data + unlimited calling + landline + DSL + streaming services combined!
They actual costs are apparently about 1 USD per year per user. I usually at least double (usually more) my incurred cost when the donation is optional, to cover for those who can't or won't pay, but paying 240× the cost price seems wasteful as well when there are other nonprofits that can do more good with every dollar you give them (be it solving poverty, climate change, whatever you find valuable) rather than one which has mostly fixed fees
I'm not suggesting every chat service get donations. I'm only giving to Signal, the rest of the chat services I have to use get 0.
I'm donating more than my costs deliberately because I fully understand that most users are not going to contribute money, full stop. I need those users though, because they are the people I want to privately communicate with. So the obvious thing to do is pay for as many other users as I can. If there's 50M monthly active users, and if 1% of them are like me and highly value Signal, then each of us 1% users can pay $20/month and cover the entire operation. Then the contributions of the super rich donors can be saved to rebuild the war chest.
$20/month is nothing to me considering the value I get. I understand that most won't feel that way, which is why I'm only appealing to those who do feel as I do to just get that recurring donation going now.
how many chat services do you use? and how many are making money off of you in other ways?
2 replies →
I fail to understand the point of supporting an organization that is completely against self-sovereignty like Signal is. Why would I want to pay someone to develop something that traps me into their platform and does not offer a way out?
Great, you go ahead and get all your friends in family using Matrix. I'll join you there when all that is sorted out and it's practical to get my lawyers and doctors and accountants and friends and family onboard. Until then, we'll keep using Signal.
5 replies →
Just don't use it, don't generate cost for them, don't be trapped by them. Everyone wins.
8 replies →
Given how many activists have used it in overthrowing dictatorial governments, self-sovereignty seems an odd choice of words to claim it doesn’t support.
10 replies →
Yeah this is the one thing I have against signal and why I always advise against it. Their stance against third party clients and federation.
Not completely ? Their server seems to be open source too now (with the exception of the spam filter) ?
19 replies →
bro, you're working for one of chat programs, yes? never heard of communick before. won't ever use it. if people ask me about it, i will show them how a person related to communick behaves in public.
3 replies →
Same. I have been doing the recurring payment since they offered it. Even though I'm effectively only using it with my partner. But that is every day
It feels good supporting something worthwhile.
I almost skipped reading into this article because I love Signal and it's mission (and their rare commitment to stick to it) and would have known it's good. Yet, the details on expenses and infrastructure was a good read. $1.3M/yr for temporary storage! $6M for verification codes during sign-up!? Toll fraud!? GOOG & FB data center spend, data breaches from GOOG, MSFT, et. al 50 full-time employees vs 3K or 4K for similar apps! All interesting.
The link about the Google "data breach" appears to be about some tax companies being sued for using Google Analytics tracking pixels. Calling this a data breach may be a bit of a stretch.
Thanks. I hadn't dug into that link, but I did based on your comment. It is a Congressional investigation that is rooted on a report from The Markup [1] that, as you note isn't about an accidental breach by Google, but one where multiple companies send extensive PII to Google about site visitors. While not necessarily a "breach", I think this lead of personal data plays to Signal article's point though. The Markup article's git repo with HAR files of what was sent to Google was convincing.[2]
[1]: https://themarkup.org/pixel-hunt/2022/11/22/tax-filing-websi... [2]: https://github.com/the-markup/meta-pixel-taxes
Didn't they do some sort of cryptocurrency thing. How is that going?
edit: it was called MobileCoin right
edit2: they do
https://support.signal.org/hc/en-us/articles/360057625692-In...
is that generating any revenue?
I have held off donating to signal so far exactly because there is no clarity around this token, why it was even added to signal and who profited from that.
And they stopped updating the server code repo for a year, apparently to hide the launch of this token: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
It's hard to take this fundraising plea seriously when this financial disaster is never even mentioned. I hope I've just missed whatever Signal has done to try to repair trust after the, but the fact that they haven't even removed it from the app is not promising. Can anyone share updates?
4 replies →
Yeah how can I trust the security of an app which is engaging in potential financial fraud. Like ffs, if your whole thing is trust and principles, don't start fucking around with things for personal financial gain.
Probably not much at all. Thankfully they didn't shove it down user's throats - its kinda hidden behind a setting. I guess if they did push it harder to users it may have generated more revenue, at the cost of users who won't put up with cryptocurrency rubbish.
Signal had 40 million active users in 2021 [1]. With 14 million in infra cost, that comes to .35 per user/year. Total expenses are about 33 million, so about .825 per user/year. All in all that seems very reasonable.
[1] https://www.businessofapps.com/data/signal-statistics/
Mastodon org + Mastodon.social also have costs of 0.6 EUR/year, though they have two orders of magnitude less users [1]. This is really what most social media costs. These rates are even payable by many in poorer countries.
[1] https://news.ycombinator.com/item?id=38117385
IIRC WhatsApp used to charge $1 per year
https://venturebeat.com/mobile/whatsapp-subscription/
With how much Mastodon.social tends to fall over when Twitter does something stupid (again), their rates are probably a bit too low for a more robust service like Signal.
Signal also intentionally doesn't store too much data, long term data costs will slowly grow over the years. I imagine for a bigger platform, costs can grow to multiples of the rates for Signal and smaller Mastodon servers.
€10 per year should be more than enough for most users, though, and it should be quite affordable for most countries.
1 reply →
Yeah, the issue is more that there is substantial friction in paying any amount of money, especially in poorer countries with no access to e.g. banking or payment cards. I'm sure no one here, and few people even in comparatively poorer countries, would object if Signal/their messenger of choice cost 0.60$ per year to use. The problem is that making the service have a ~1$/yr price tag (as WhatsApp once had) is itself a barrier to a huge portion of the target audience.
2 replies →
It’s beginning to sound like the 1 EUR/year that at some point WhatsApp wanted to charge and it seemed reasonable to me at the time. Signal is even better and even more so justified.
They used to "require" a subscription of 1$/year but it was not enforced. If you missed the deadline, nothing happened. It was basically the WinRAR model but for an online service.
2 replies →
This is kind of the number I was looking for -- "Cover your own costs: $1/year. Cover yourself and five other people: $5/year." I feel like something pointing out that the costs are around $1/year on signing up, maybe with a reminder once a year, would get most people self-funding pretty quickly.
Reminds me of ... WhatsApp :D
(Originally WhatsApp charged $1/year.)
2 replies →
I'd be happy to pay $1/year for signal, and I'd pay $2/year if it were decoupled from my phone number.
If you pay Signal $1/year, they'll realistically see about 60-70 cents of that – and that's only considering payment processor fees.
Now add the cost of providing support (it's a paid product now!), payment handling on their end (in a privacy-preserving way, which excludes most common payment methods), and top it off with the immense damage to the network effect by excluding all the users that can't or simply don't want to pay $1/year...
Donations seem like the much better option here.
8 replies →
I'd pay substantially more for Signal if I could bot accounts.
I'd like a signal daemon on all my servers for alerting which could message me via Signal. This is worth a monthly fee to me.
I know people running small businesses who would really like to have a business Signal account: an ability to send Signal messages as a business identity without tying it to some specific phone number. This would be worth a subscription even if they had to get their customers to install Signal.
Signal need to figure out what product they sell that's going to fund the privacy objective: because there's plenty and they're worth having.
3 replies →
I'd pay much more than $2 if they offered account identifiers other than phone numbers. Trying to get a burner SIM or DID while still staying anonymous is getting increasingly difficult.
But I think it's pretty clear by now that this is a feature for FVEY IC, not a bug. FFS, they burned development resources on stickers, but abjectly refuse to offer alternative account identifiers. The standard apologist response is, "but phone numbers make adoption easier". Sure, but nobody is asking to replace the identifiers, or even to make them nondefault. We're just asking for the option. It could be hidden behind a developer mode for all I care, but it should be there.
The fact that they abjectly refuse to do it is enough to tell you about what their true motivations likely are.
2 replies →
Based on App Store downloads on both platforms, they are well over 200M at this point.
A lot of people, myself included, have it installed but never use it after they dropped SMS support.
Only a tiny fraction of my contacts use Signal, and most of those are also on Whatsapp, Telegram, Discord, and others.
Signal offers essentially nothing to me.
24 replies →
WhatsApp in 2013 spent 148 M$/y with 400 MAU, or about 0.375 $/user-year. That's remarkably similar!
https://en.wikipedia.org/w/index.php?title=WhatsApp&oldid=11...
(Small difference is that WhatsApp had a profitability of –93 %.)
Whatsapp got pretty big at 1 eur/year (iOS) and 1 eur for lifetime (Android) here in the netherlands.
I do fear they'll loose most tech un-savvy users because they don't know how to pay (safely).
That doesn't mean they were actually profitable at those rates though. They could have been in growth hacking mode with venture backing.
3 replies →
I wonder how many people paid the $5 for WhatsApp back in the day. It gave you nothing but you were able to do it. I think I did.
Whatsapp was asking for $1/year [1]
[1] https://www.theguardian.com/technology/2016/jan/18/whatsapp-...
4 replies →
I have an old receipt in my Google Pay for whatsapp at a whopping 99 cents :)
I'm paying what works out to about 15 cents per "booking" in my app due to API fees. Maybe more,.. and I'm just now realizing we'll probably be losing money if people used their accounts to their limits. Like 500 bookings would cost me at least $75 but we charge about 50. Anyway $1/year is great
Definitely reasonable but the ultra privacy-conscious/paranoid can't easily donate or pay privately.
Sure, but privacy isn't black or white. A donation to signal does not compromise the content of your messaging.
So what you've leaked is the information that you have an interest in private conversations. This might be a problem in some countries, but I think it's fair to ask folks in affluent countries with working (sorta) democracies to shoulder that burden. I.e. you don't donate if there's elevated threat to your safety, there are enough people who aren't under elevated threat.
There's also the possibility of using a donation mixer like Silent Donor, though I'd evaluate that very carefully. (There's a record of the transfer in, and the mixer needs to keep temporary records for transferring out. There's also the question how you verify the mixer doesn't skim.)
Some donation mixers accept crypto currency, so for maximum paranoia, I suppose crypto->crypto mixer->donation mixer->charity might be workable. Or hand cash to a friend who donates in your stead.
As always, the best path is to set aside paranoia and build a threat model instead to see what the actual risks are.
1 reply →
They take checks by mail. You definitely can do a cashier's check and I'm sure they'd take the "cash in an envelope" method that places like Mullvad do too. Looks like they also support crypto, and that includes Zcash. So I don't think this is a great excuse. The only "can't easily donate" aspect is going to also be tied with the "can't easily get a cashier's check or find an anonymous person to sell me bitcoin for cash" kinda issues, and when you're operating at that level I'm not sure anything is "easy." (but that's not that hard usually)
https://support.signal.org/hc/en-us/articles/360031949872-Do...
8 replies →
There are clever ways around that. I use posteo as my mailprovider. They have a system where you can pay anonymously: https://posteo.de/en/site/payment
Signal requires a real phone number to open an account, you are not anonymous to Signal.
5 replies →
Very reasonable with only 40 million users?! It's shockingly expensive.
> Storage: $1.3 million dollars per year.
> Servers: $2.9 million dollars per year.
> Registration Fees: $6 million dollars per year.
> Total Bandwidth: $2.8 million dollars per year.
> Additional Services: $700,000 dollars per year.
Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.
https://www.cnn.com/2023/02/18/business/twitter-blue-two-fac...
> Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.
Previous Twitter employees have said that this is incorrect. Because Twitter began as an SMS-only (and then SMS-first) application (remember 40404?), they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets. Twitter still has to maintain that infrastructure, because they didn't get rid of SMS 2FA - they just restricted it to Twitter Blue users, so the overhead is still the same.
Almost nobody else who delivers SMS today has that infrastructure, because it doesn't make sense for most services to build.
The only place where Twitter was paying significant amounts for SMS was due to SMS pump schemes, which is a consequence of Twitter gutting its anti-spam detection, resulting in them paying for SMS pumping which was previously blocked.
16 replies →
Signal agrees: (from the article:)
... legacy telecom operators have realized that SMS messages are now used primarily for app registration and two-factor authentication in many places, as people switch to calling and texting services that rely on network data. In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
...
These costs vary dramatically from month to month, and the rates that we pay are sometimes inflated due to “toll fraud”—a practice where some network operators split revenue with fraudulent actors to drive increased volumes of SMS and calling traffic on their network. The telephony providers that apps like Signal rely on to send verification codes during the registration process still charge their own customers for this make-believe traffic, which can increase registration costs in ways that are often unpredictable.
SMS has become a kind of real-world PoW (proof of work) mechanism. A phone number typically has a recurring fee to keep it working. So a live number indicates that someone is spending money (a proxy for effort) to maintain it.*
It still seems like a lot of money to spend on simple, old technology, but from the PoW perspective, making it cheaper would defeat its purpose.
*Which is why many sites reject Google Voice numbers, for example, for SMS verification.
> In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.
There's nothing that requires tech companies to use SMS for registration or for 2FA. The normal way to do it is by email, which continues to be free. For Signal, there is no need to do 2FA registration at all.
Signal is ideologically committed to publicizing your phone number, and apparently they'd rather pay $6 million to hold to their commitment than just... not do that.
SMS rates are absolutely bonkers considering the technical way they're transmitted. The US is an outlier in SMS rates actually being reasonable (usually unlimited or close to) for consumers - but for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
> for the rest of the world the insane mark up on that communication method has mostly obsoleted it...
For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.
It's not a good solution to either problem, but it's slightly better than nothing (which apparently makes it good enough for many), so I suspect we're stuck with it for now.
> That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.
iMessage is not SMS, though. It just uses phone numbers as identifiers, but so do many other popular over-the-top messengers, including the most popular one globally.
28 replies →
> stubbornly use iMessange.
Personally, I prefer it over downloading yet another client, dealing with additional credentials, wondering about who can access my messages, and so on and so forth…
And all that just to message the handful of people that I know who use <popular in other country third party app>.
17 replies →
I think I understand your comment, since iMessage isn't SMS, but defaults to SMS for those not using it.
There are opensource self hosted solutions like BlueBubble that allow reasonably secure communication through iMessage to the other chat platforms on desktop/Android etc. I have zero affiliation, but I know others who happily use it. There are also less secure and paid solutions I can't speak to.
https://bluebubbles.app/faq/
For the purpose of 2FA and account registration let’s view it as a tax for fraud prevention, where the real value in SMS is in verifying someone’s identity rather than transmitting messages
1 reply →
Just because consumers get unlimited SMS doesn’t mean businesses get that. The telcos are ruthless about extracting their pound of flesh at business rates.
[dead]
Phone numbers have become the de facto version of "Internet stamps" for identity verification.
They are near-ubiquitous on a per-user level, but hard to accumulate without significant cost. (Unlike email addresses.)
But the down side is that phone verification tends to be on a per-service level. So, for instance, Signal incurs these costs when they verify their users, and every other service incurs these same costs when they verify _their_ users.
There are a number of businesses out there that are trying to act as clearinghouses, where they verify the users once, then allow the users' verified profiles to be confirmed by multiple services.
I wonder if any of those could be used to reduce these "registration" costs.
> but hard to accumulate without significant cost
Varies heavily by region. The shop opposite my house has ~50 SIM cards on the shelf, for £0.99/ea.
Phone number verification is used to verify the user's registration intent, so not really.
7 replies →
A service that requires a telephone number simply shouldn't be called an Internet service. It can't be used purely over the Internet.
Telephone numbers are fundamentally incompatible with privacy. Signal's leadership knows this, but they don't appear to care.
I really wonder why it’s so expensive to run. I always hear things about scaling but I used to run a top 500 alexia website and it was just a php app running on a mutualized offer for $5/month. Lots of manual caching though but still.
My wild guess is that either the stack is not really optimal (last I heard it was java) or they do other costly things at scale (sgx?)
I guess, then the question is how real time was the website. Was it as real time as supporting, instant messaging, voice/video calls etc
3 replies →
> the stack is not really optimal (last I heard it was java)
how's java relevant here?
3 replies →
You can't send an sms yourself like you can an email. Instead of setting up a server, you have to work with a telco provider (an aggregator specifically). Any SMS service eventually hands off to one of these. Many SaaS SMS providers are just frontends for legacy telco services. They charge insane fees because they can, that is all there is to it.
Sending mass email is still difficult. Its probably easier to pay a provider than set up and establish reputation for yourself. But they don't charge near the rates. Last time I compared rates it was something like 10x-100x to send an sms compared to an email, but it has been a while.
7 replies →
how is that in any way comparable? it's not about java vs php
Java is likely the most optimized part of the stack.
Many startups move up to the jam when there is little else that has optimized performance and efficiency like the jvm for 20-30 years.
Of courses this is a moot conversation if you’ve never used Java at scale. Apple and others are Java houses.
2 replies →
I did my part to help reduce costs by switching to the decentralized alternative, Session.[0]
Bonus: Session does not demand users' phone number. Also no bundled cryptocurrency.[1]
[0] https://getsession.org/
[1] https://www.stephendiehl.com/blog/signal.html
> Also no bundled cryptocurrency.[1]
It seems like Session relies on Oxen's network, so while there is no inherent coin it is blockchain backed.
> Session’s onion routing system, known as onion requests, uses Oxen‘s network of Oxen Service Nodes, which also power the $OXEN cryptocurrency. Check out Oxen.io to find more information on the tech behind Session’s onion routing.
https://getsession.org/faq#onion-routing
Cool, glad to hear about this - However, it is still coupled to a cryptocurrency (https://oxen.io/) even if not bundled wechat-style
I think simpleX[0] is a better choice at this point with all the recent issues around oxen: not coupled to any crypto, no user ids, can host your own servers if need be, etc
[0] https://simplex.chat/
And as a bonus Session has the best line ever: "Send (encrypted) Messages, not metadata".
They've given Signal quite the fork.
Session depends on the Loki blockchain, so I dispute point 1.
1 reply →
> we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure
Moving off cloud services to lower-cost provider like Hetzner, Vultr and DigitalOcean might provide a lot of cost savings.
I also imagine they're using managed SMS services from one of these clouds, and moving off them to a combination of local SMS gateways in each country can also further reduce costs (and in one case I've personally observed, by upto two orders of magnitude). This obviously pushes a lot of complexity on Signal's side, but is usually worth it.
Any idea what prevents Signal from using cheaper alternatives?
Edit: I meant moving off cloud to Hetzner, Vultr, DigitalOcean.
6 replies →
So ... hire staff to manage that complexity?
2 replies →
Out of interest, their top vendor costs on their 2021 form 990:
$7m Twilio
$4m Microsoft
$3m AWS
$1.3m Google
https://projects.propublica.org/nonprofits/organizations/824...
Just wondering, are they relying on these big name cloud providers (AWS/Azure/GCP), known for predative traffic and storage pricing? Have they considered cheaper providers such as Backblaze B2 for storage and Hetzner/OVH for servers? The fees for storage, server and bandwidth could be cut by 80% if they did that.
Sounds like a great case to get the fuck away from SMS and phone numbers.
But hey, they still want your whole address book, and announce you're on signal to everyone else on signal.
The whole "secure" thing is a joke. Its all linked to your identity via your phone#.
Signal doesn't learn your contact list. See https://signal.org/blog/private-contact-discovery/ and https://signal.org/blog/building-faster-oram/
Signal actually jumps through quite a few hoops in order to let you and your contacts are on Signal without Signal actually having access to a copy of your whole address book. It's even mentioned in TFA.
I do agree about being linked to your phone number - doing it that way means not considering a lot of people's valid threat models. They are working on moving to usernames, though. It's in beta now.
1 reply →
They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.
Why is the security a joke? The data is e2e encrypted, and isn't related to a phone number in any way after registration. Do you know of a better way of combining privacy and anti-abuse measures? If you don't offload identity checks to telecom providers during registration some bad actor will immediately create a million accounts and send millions of spam messages and destroy the slim chance of this type of app to exist for free.
1 reply →
I wish their justification for dropping SMS capability from their Android app to move away from phone numbers was a little more transparent about the obvious cost aspect rather than solely sticking to the patronizing "we're saving insecure messaging users from themselves" messaging they had. I found it pretty obnoxious. I think people generally get "valuable nonprofit + huge expense = not-sustainable = bad."
> their justification for dropping SMS capability from their Android app ... was a little more transparent about the obvious cost aspect
I'm not following. Signal gets stung for the registration SMS costs because they send the SMS to the user. They don't pay when one user sends an SMS to another user. If you send an SMS, you're the one who pays.
(I didn't realise they were moving away from phone numbers. Don't they they stay mandatory when PNP comes along?)
It's a lot more nuanced than that: https://news.ycombinator.com/item?id=33258684
1 reply →
Why is it that SMS is so damn expensive? (or more specifically, what is it about Twilio et al's businesses that makes them cost so much?)
When you control access to the customer you can charge people a lot. Just like Apple can take 30% primarily because they’re the gatekeeper to iPhone users, telecoms are gatekeepers to their users so they can charge you a lot to text them. You don’t really have a choice. L
In the US, shafting customers as hard and fast as you can is the current business model. What are they going to do? Move to 1 or 2 remaining competitors with the exact same business model?
2 replies →
Nothing just profit and existing system access costs set by the incumbents.
> Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.
Particularly when the phone requirement is the biggest weakness in Signal.
Getting rid of it will make it substantially cheaper to operate and much more private. Win-win.
I wonder if you could do something clever such that you can have people volunteer their SIM for sending 2FA?
Funny, because that's the reason I can't use Signal - I don't have a phone number.
In case one isn't aware, you can get a $1/month throwaway phone number from Twilio for that purpose.
5 replies →
What's it cost to be an SS7 peer for a year? Could they spin up their own "phone company" for the purpose of delivering SMS verification and nothing else, cheaper than they're paying someone else's markup?
What's expensive isn't (just) the technical infrastructure, it's termination/interconnection fees charged by the destination mobile networks.
1 reply →
is there any way they can reduce that cost?
Yeah, decouple Signal user identity from the phone number.
15 replies →
Send them via whatsapp. A lot of online services give an option to send OTP via whatsapp along with SMS/Email.
1 reply →
All things considered. Pretty impressive how cheap it is to run given the adoption of the Signal.
Second time around benefits too, and the guest time was pretty efficient in WhatsApp too.
The cloud tax is crazy (especially bandwidth). Pretty sure Signal has reached the scale where they would be cheaper by building their infra, maybe starting with the most expensive (storage + bandwidth), and then doing others.
SMS is (unfortunately) core to the product, so I'm not certain how they could make it cheaper, while retaining the same properties (user+pass registration would be a nightmare for spam and change the UX).
Is it not that they’re buying something resistance as well by buying from large infra providers if big adversaries like state actors start pushing hard?
I also think SMS and phone numbers are core, but they must provide a way to communicate without use of phone numbers being kept completely separate from phone numbers even when registration is needed using phone numbers.
The usernames are coming (alpha was announced), but it won't reduce cost since the account is still phone number-based.
Anyone know much does it become worth it to build your own? They spend around $3-4m on storage and bandwidth
> millions upon millions of new people suddenly switched to Signal in January 2021 after WhatsApp updated their Terms of Service
From a footnote of the article. Maybe this is why they've stayed with "infinite scale, infinite costs" (commonly known as "cloud") so long? Surely at some point this is worth considering though, I would also be curious where that point lies
Virtually anyone, also when spending only 100 euros/month on server providers, can save a large percentage of costs by taking it in-house. There might be a gap where you need dedicated personnel and it's briefly cheaper to outsource before you grow and it inverts again, but generally if you've got a stable service then this is nearly always worth it
Maybe a hybrid, where new users onboard onto cloud and they buy hardware for expected loads (i.e. current users), would be the most cost effective. I wonder how hard that is to combine the two worlds, but anything that requires more than one server already has that sort of communication going on so there shouldn't be any real blockers. Maybe the two types of infra add costs/risks again and that's why one rarely sees this setup?
1 reply →
I found that with the bandwidth and storage that my company was using on the cloud, we could get ROI in under 2 months by building a server and running it in house. Now we've scaled up to a dozen servers but it's still just a handful of computers in a closet that saves us $50k/mo in cloud costs. It was dirt cheap to slap together and scale up incrementally.
Data centers cost billions. Signal, and pretty much everyone else who isn't already in the data center business, is far away from breakeven on that.
5 replies →
I'd prefer a federated solution, but XMPP doesn't yet have decent support for group chat that doesn't depend on being connected. https://xmpp.org/extensions/attic/xep-0369-0.1.html is still experimental.
Bravo to Signal for being easy enough for my family to use!
Fwiw, I've seen users suggest hybrid approaches. Interestingly it could reduce some of the costs they list here and looks like a route one could take to slowly build towards a fully or hybrid federated system instead of jumping straight there. But I am unsure how much the community likes the idea and judging by that last post it doesn't seem like the mods do. But this one takes note as two users were willing to place a bounty on the feature request
https://community.signalusers.org/t/signal-airdrop/37402
Matrix fixes that issue (and also the issue of the server your group chat is hosted on disappearing). It has plenty of other issues, of course.
What about Matrix?
I've tried a few times. It always felt... clunky?
I tried Element. UI felt slow, I was unable to find notifications in scrollback. Clicking the notification button would take me to random messages.
3 replies →
I remembered another issue with Matrix.
Signal and XMPP (via Quickly) have a simple phone number based signup workflow that my family have grown used to.
My family are not happy on having to remember/use passwords/keys. That's a shame, but is ultimately a constraint I have to deal with when persuading them to install/use an IM app.
1 reply →
>Privacy
That’s a very bold statement from an app that still requires a phone number using a broken protocol (gsm) to “verify” your identity and authenticate it, sim swap attacks can be carried out by kids these days. Also, don’t expect privacy when you are using a proprietary OS like iOS or one full of Google services that also have proprietary firmware drivers, they (the adversaries) don’t need to even decrypt these “privacy apps” when it’s easier to access the backdoor-ed OS or hardware, but enjoy the illusion in the meantime.
I'm always intrigued by people that have this POV. Security and privacy are not binary for fucks sake. Improvement on the status quo is great and Signal improves a hell of a lot.
Not to mention that half of your comment is non-issues.
there's a big social cost to trying to get others to use Signal, and it's not worth it if the advertised features don't work as advertised..
that said I stopped using Signal years ago because of basic deliverability being less reliable than SMS.. I switched back to SMS so I could communicate reliably with a loved one during an emergency when Signal randomly stopped letting me respond to messages, and I won't pay the social cost twice of trying to convince contacts to use it after having to abandon the service when I really needed it.
Actually between Element and Signal and the differences between their usability as advertised versus the reality of using them with non-technical users, I've used up all of my social capital for convincing people to use "better" networks and mostly just use SMS/RCS now.
1 reply →
Right, so instead of 20 entities tracking you for example now you 18.. the false sense of privacy is far more dangerous than knowing your messages are not private (Like when Tucker Carlson used Signal thinking it was private to find later all his messages were not, regardless if it was a bugged app or an OS, the false sense of privacy is worse, he probably won’t texted those on iMessage for example). Same argument you can see with “vpn is private and we keep no logs because you can trust us!” plus it can be defeated with browser fingerprinting, or paying a hefty price for this “top private email” provider when the recipient doesn’t even use any privacy settings or anything let alone email as a protocol is not meant to be private, it’s all a business model, and the gullible buys it, you “have” to trust that Signal server is not backdoor-ed in real time, and as the old rule in security, if you can access the physical hardware you can in theory access anything in there, you don’t know the hardware is used there, is there any memory injection exploit that get activated after the so called audits? You can’t know, you have to trust that.
2 replies →
People should be aware that Signal may be able to provide good e2ee and methods to make reading your messages or calls a challenge, they don't do to enough to obfuscate. Therefore censors can identify who is using signal and even block it. https://github.com/net4people/bbs/issues/63
Privacy tools can make you stand out. Unless methods are used to obfuscate your data.
Has anyone tried setting up their own Signal server? Be cool to do this, and then give all your friends the ip for truly private messaging.
https://github.com/signalapp
Seems like all their stuff is open source.
Which app would they all use and from where would they get it? Signal does not (intentionally) support the official app using other servers or the platform itself supporting federation. [1]
[1]: https://signal.org/blog/the-ecosystem-is-moving/
This can be a premium feature. Run your own server and for a little bit of money you can configure your client to use an alternative server. Client code is what make it private and secure, so you want to use their verified client even with your own server.
This makes sense and in the same time it doesn't. You're supposed to pay to use your infra, not theirs?
Offering self-hosted servers would probably just degrade the security guarantees of Signal if people misconfigure them. Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation for a niche user base who cares about self-hosting.
> Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation
It's a bit too late for that. They undermined their reputation when they started permanently keeping sensitive user data in the cloud (like a list of every person you contact), and then again when they refused to update their privacy policy which lies to users about their data collection practices, and then again when they killed off the ability to get both "secure" communications and unsecured SMS, and then again when they started adding weird cryptoshit nobody asked for. Signal seems to be telling people as loudly as they can not to use/trust them.
In my mind, the whole point of using Signal is that I don't have to trust the server. Why would it matter who hosts the server if we can trust that the clients' communications are E2E encrypted?
unlikely the people i want to talk will bother setting this up
And the people those friends want to talk to. And the friends of those friends.
To have self-hosted chat services, you either need a niche enough service that you'll never have two parties that would want to talk to each other while being on different servers, or federation. Signal chose the former, so here I am with eight communication apps on my phone.
Maybe the next best thing could be to support multiple servers, like how email clients let you fetch data from more than one email provider, if they're so worried about federation inhibiting their ability to control the ecosystem that they plainly won't go there and hold speeches about how harmful that situation would be. Then we could have self hosting and also Signal wouldn't have to care about federating with my self-hosted server.
1 reply →
I mean the idea would be you download the app but use my server instead of of the default ones.
I would pay for a few signal features: 1. encrypted backups or backup integration of my chats, photos and videos. 2. business features (backup, directory integration, search)
I have not used: 1. voice and video
Incredible that SMS costs so much. I wonder if it's worth it because it _saves_ so much in spam and other sorts of fraud or bad behavior?
I have some good news: go into the settings and turn on encrypted backups. The clients also all come with a search function, even if it only matches against start-of-word (which includes URLs, so you can't search for domain names which regularly bothers me).
Directory integration, as in, importing a vcard with everyone's phone number into your device such that you can tap on anyone's name and message them on Signal if they've got Signal installed?
>: go into the settings and turn on encrypted backups.
Fair warning: It will...bloat. It usually keeps 3-4 copies of most recent backups in the folders you select and if you send a lot of photos, imagine it eating tens of gigabytes of storage just for backup.
(My current backups are 9.75 gigs each, approx 3 of them)
The backup option is Android-only.
1 reply →
Understood, $7 CAD per month are heading your way since I use Signal quite a bit.
I started paying for Signal when they rolled out the subscription feature at the $5/mo plan and after reading this post, I just moved to the $10/mo plan because of how much I value this service since I use it every day. I hope other users subscribe if they are able to do so.
Wish they provided some numbers of actual messages, type etc. per day. Seems like a good game plan would be.
1) Get off the major cloud providers that charge insane egress fees. 2) Remove SMS verification. A simple solution might be the app gives you a code and then you dial in to them and punch in the code to them. Like a reverse voice based authentication. 3) Remove voice and video calling for non donating users. 3) Remove media texting until both users allow a p2p connection. 4) Remove no contact list message hosting for non donating users.
Lot of unpleasant trade offs there. But I would rank having a text based private messaging app as the top feature. Everything else is a "very" nice to have. I applaud what they are doing and the sacrifices that have been made so far.
Removing essential features like voice/video calling for non-paying users would be a terrible choice IMHO. This is a communication app, which means it is only useful if others use it too.
And how are you going to convince others to pay for Signal when there are many free alternatives, including WhatsApp, which most people already have and while not as privacy focused as Signal, does have end-to-end encryption. If Signal makes people pay for voice calls, they will simply use WhatsApp, regular phone calls, or whatever is free and popular at the moment.
The success of Signal came from being very low friction, privacy is the "nice to have" feature, at least for most users. But add friction and they will look elsewhere, Signal is not WhatsApp, it doesn't have enough of a critical mass to keep users on its network.
All that will remain will be a small core of cypherpunks and people who really have something to hide. This is bad because one strength of Signal is that it is a mainstream app, making it hard to single out "interesting" people compared to those who just use it because their geek friend told them to and they like the shade of blue.
Valid but if there is no model that is sustainable then who cares if its successful? Some trade offs will have to be made. How can they keep going if the vast majority of people don't pay? They don't have the model of "ok we are going to flip and monetize after we get to X mass". Its like a growth startup but with no end game plan.
1 reply →
About the SMS verification, it depends on the goal. If the goal is to verify a phone number, you can't trust the _sender's_ address in the phone network.
So, you can't trust the address in the "From" on an SMS or the "From" of a phone call.
That means a voice call to Signal would not work to validate phone numbers.
Good point, I guess we are proving why the resorted to using numbers in the first place. Unless you have a verification point that includes a "charge". Indirect or direct, your platform gets flooded with spam/bots. Does anyone have ideas of how this problem can be solved while also preserving privacy?
Problem: A system that enforces a monetary penalty to prevent sign up abuse while also not tying a users identity to said system.
Without doing some pain in the a crypto stuff it seems like there are no easy solutions other than the #
You can charge for SMS. You send a message to signal, charged at an amount to cover the return message which contains a code.
does the dial-in suggestion work? Seems like spoofing phone numbers is trivial, while spoofing numbers for inbound SMS is harder.
> Get off the major cloud providers that charge insane egress fees
At on demand prices, yeah. But companies of sufficient demand can enter into volume discount programmes.
> Get off the major cloud providers that charge insane egress fees.
And run their own DCs? Cool, they'll just need a lot of upfront capital aaaaaand they're back in the "need money" boat. Except more so.
There's a ton of options between paying premium cloud prices on egress and running your own data centers.
Signal is centralized, expensive, and desperate.
It results in decisions like this:
1. MobileCoin premines 250m coins
2. Moxie is paid for being on their board
3. Moxie directs non-profit Signal to integrate MobileCoin
4. MobileCoin offers 50% of their premine for sale.
5. Signal/Mobilecoin news spikes price to $60
This is why we need decentralization.
"Registration Fees: $6 million dollars per year." "the registration fees that cover the delivery of verification codes during the sign-up process to help verify phone numbers and prevent spam accounts"
Can you please change Signal to not require a phone number? Requiring a phone number makes me question Signal's privacy. Looks like it can save $6 million dollars.
I am imagining a donate page in the app that incorporates this willingness to be public about the costs.
It offers a way to configure a recurring donation for whatever amount and whatever schedule you want. $100/year for instance, but as you slide the slider or enter a number, it shows you if that number leaves Signal in deficit, covered, or surplus, if all other users who are currently paying anything paid this much.
Instead of just trying to suggest an amount with no explaination of what it means, is $5 still leaving them starving? is $5 5x more generous than needed? You still get to use it for free. But if you are of a mind to be one of the ones chipping in to keep it alive, you see exactly what is the right amount.
When 10k people are paying for 10m other people, that "covered" amount may be pretty high, apparently 5x what the average donater is currently paying. (article says it's 20% of total)
But with that little bit of non-repulsive non-abusive game theory, just honest information but presented in an immediate way, a lot of those other 10m users would start to chip in, and the covered amount would come down. Some users will say, well, I can swallow 5x what I was paying, and others can just leave their donation level in the red. But I think a lot more people would go from 0 to a few bucks if they could see exactly what it means and know that it wasn't a waste.
Maybe the donate function could even have a setting track the current covered value automatically so that your bill automatically comes down as other people start adding to the pool.
Also have it display the 3% or more transaction fee overhead going to the debit card and other payment processors, to show right there graphically how much you're wasting by paying a small amount monthly vs a large amount yearly. Everyone always hides that but I say show it prominently.
Total salary bill: $20m. 50 staff so average salary: $400k. I'd be happy with $200k USD - that's more than I get paid in my country at current exchange rates.
I've actually posted Signal's tax return before, but a great thing about US nonprofits is the tax return is publicly available from the IRS website: https://apps.irs.gov/pub/epostcard/cor/824506840_202012_990_...
The last one available is from 2020, though. They tend to lag a few years behind. They're required to report key employees plus top-five compensated who aren't "key." Brian Acton and Meredith Whittaker both earn no salary at all. Their COO got $290 in 2020. Moxie Marlinspike and their top five developers/managers were all in the 400-600 range.
I'm sure they pay well (don't have much choice if you're going to be based in San Francisco), but I highly doubt 400 is an average salary. The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
> The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.
This is incorrect, reportable compensation on a 990 is the amount in box 5 of the employee's W-2, which does not include health insurance, taxes, etc.
https://www.irs.gov/charities-non-profits/exempt-organizatio...
Probably includes taxes, social security, health insurance, etc
I lost interest in Signal when they started shilling a cryptocurrency that they had invested in. I really want a trustworthy replacement to Whatsapp but if I'm going to shill an app to people I know, it can't be something that has connections to investment fraud.
I would say that is the only mistake they have done during their existence.
Paying over 100 USD per 1 TB of data transfer is just stupidly expensive. That's insane pricing...
There they go, saying Whatsapp is using their tech without proof they haven't tampered with it. Doing propaganda for proprietary shovelware.
Every thread that Signal is mentioned, we relish this comment :)
Guess who created WhatsApp.
I've loved Signal. It's been the only consistent way I've been able to send and receive high-quality pictures and videos at all. It's been the only way I've been reliably able to send texts when I'm in an area with poor reception, which is frequent.
The privacy is nice and it's been simple and easy to use.
I hope they stick around. Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
The hardest part has been convincing people to use it, and if I have to get people to jump to another one it'll all just fall apart.
> Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.
Signal has not been good. The absolute least we should expect from any "privacy oriented company" is that they're honest and fully transparent about the data they collect and store, and Signal is none of that. Since they started collecting and forever storing sensitive user data in the cloud they've refused to update their privacy policy to alert people to that data collection.
If you advertise your service to human rights activists, journalists, and whistleblowers whose freedom and/or lives are on the line you owe it to them to be extremely clear about what their risks are by using your service, but Signal outright lies to them in the very first line of their privacy policy.
This isn't "perfect being the enemy of good" this is either a massive dead canary warning people not to use/trust Signal, or it's completely immoral and irresponsible.
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.
Either way, that seems quite good to me.
3 replies →
I know it's unpopular to say this on here but Signal will never be popular as long as they don't add basic features that all other messaging apps have.
- If you lose your phone or it no longer boots, all your messages are irretrievably lost. There's no way to create backups on iOS. Why the hell can't I enable iCloud backups? I know it breaks privacy in some ways but let me choose the trade off. Put a giant warning if you have to.
- The desktop app is awful and requires signing in again all the time. See the Telegram Desktop app for how to do it better. In my opinion it should be the gold standard for desktop messaging apps
- Desktop app keeps losing message history
As long as Signal treats all messages as if they're so important that even super spies should not be able to read them, and as a result, goofing usability in a way that standard features don't work, I 100% understand that the majority of people won't use it.
I admire Signal and everything they do. Basically Software-as-Charity, for the greater cause. Now knowing this charity is actually millions drives me nuts. I hope the less expensive solution can be achieved in decentralization of the whole thing. Im sure it is possible to sustain it ourselves as a public service forever if everyone involved will have to pay with his personal computing resource - just like we are able to sustain decentralized finance now. And of course - the idea of a phone number as identity is very much flawed and unsustainable on itself, hopefully Signal team will be able to break through this problem as well
When will they finally get their donation box working properly (including not showing "weird" symbols, when Google is not informed about my visit by loading fonts from them)? Tried multiple times to donate, but I am unwilling to sacrifice my privacy for donating to a messenger that is supposed to protect my privacy. Once they get that donation box fixed, they stand a good chance to get my donation. Just like the Internet Archive, that still has broken donation box when Google fonts is not loaded ...
2 ideas to limit costs: Make it a 2 tier plan: free tier is text and images only, paid tier adds audio/video calls Remove the need for phone number verification
I'd be happy to pay 10 bucks a year for Signal.
They do that and everyone moves to WhatsApp or Telegram. Your comment ignores the whole private chat app landscape.
I find this surprising:
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world. Only a select few of the very largest companies globally are still capable of doing this.
Signal may be “small,” but they’re spending plenty on this. Registration is expensive and hard to do without using one of the large expensive providers. But there’s $7M for servers, storage and bandwidth. These are comparatively easy: servers and storage (especially for a service like this where availability for the substantial majority of the data is not terribly important) come in nice pre-manufactured boxes that can easily saturate 10Gbps and can store quite a few TB at very very high IOPS. [0]. And the forwarding model isn’t very latency sensitive - several hundred ms for most users is fine, and sending media via Signal is quite slow regardless. So having many points of presence doesn’t seem terribly important. I bet that two small colocated facilities could cover all of North America quite nicely.
Bandwidth costs outside the cloud world, at least in North America, are comically cheap compared to the major clouds.
[0] A service like Signal ought to need relatively little processing compared to bandwidth and storage for the data plane. AWS and the like may not have a particular good match in their catalog for this use case.
I wish I could use signal without a phone and phone number. Otherwise it is useless to me.
Is it possible to self host signal? Can signal move towards a model like the fediverse where the software development is decoupled from the hosting costs?
They are actively working against self hosting, which is why I want matrix to succeed and signal to die
I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations. Even better would be to charge users in a way that reflects the costs.
For instance, maybe verifying a new number over SMS should cost $0.10 if that's going to make up 14% of the operating costs.
Begging for donations to subsidize excessive use by other users just doesn't seem sustainable.
> I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations.
Hard disagree. If you charge, the number of people who will use it shrinks by several magnitudes, and then you lose your network effect, you lose the ability to get your less technically inclined friends to install it.
I would certainly prefer the donation begging - chance of getting family and friends to use it with an upfront cost: 0.
How are you going to charge users $0.10? Micropayments is a huge unsolved problem.
Buy 50 invite codes for $5
Yes, let’s tie every user of this privacy-focused messaging platform to a credit card number.
P2P alternatives are less convenient (always on to deal with notifications, adding contacts typically requires extra steps, etcetera), but the difference in costs is abysmal. In any case, it's been years since I've tried to make my social circles move to any of those platforms (Briar, for example). It's a losing battle.
> Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) [...] At current traffic levels, the amount of outbound bandwidth that is required to support Signal voice and video calls is around 20 petabytes per year (that’s 20 million gigabytes) which costs around $1.7 million dollars per year in bandwidth fees just for calling, and that figure doesn’t include the development costs associated with hiring experienced engineers to maintain our calling software, or the cost of the necessary server infrastructure to support those calls.
20 petabytes per year is around 5000 Mbps only for audio and video calling. So 5000 HD video calls all year round.
Signal is known for the large bandwidth needed for calling but that sounds too much and not really scalable in the future.
Paying 2.8m for 20pb of bandwidth is two orders of magnitude more expensive than it needs to be. You pay significantly more using cloud hosting providers rather than dedicated server resellers. I would recommend signal consider just renting dedicated servers from providers like OVH for their voice relays.
While I would be willing to pay a fee to use Signal, most people won’t and then Signal would turn into a deserted landscape full of privacy nerds who only talk with each other. On the other hand, being better at soliciting donations more often would be more helpful. I’m a regular Signal user and didn’t even know I could donate.
I thought this was an article explaining how they move out of the cloud and saved millions using bare metal servers.
> millions upon millions of new people suddenly switched to Signal in January 2021 after WhatsApp updated their Terms of Service.
https://archive.ph/wbF3T
Support for Signal development supports all privacy-oriented software and systems, because Signal is open source.
The Signal Protocol already is an industry standard. What other Signal development - either the components, the code, or the concepts - are used by others?
The only issue I'm aware of is that The Signal Protocol is only really defined in Signal's GPL'd code. So it's almost impossible to write a clean room implementation (e.g. Wire tried and ultimately failed. they ended up also GPL-ing their library).
It's used by many major services, such as WhatsApp. How could it be that hard to define and implement?
I feel like investing in p2p approaches and having people donate spare server capacity might be better. For example, relay calling was p2p in the original Skype and worked well. Apple private relay is a similar concept whereby there are two intermediaries to make things private. It gets trickier since in mobile land you can’t run servers really, but I feel like the Signal population has enough spare capacity to offload bandwidth and stuff and could be an easier sell than “please give us money”.
For the sms verification, I feel like forcing the requester to do some bitcoin mining for you could potentially pay for itself.
As a counterpoint imagine instead if the cost of messaging went from $50 million per year to the even more lean $0 per year.
Messaging operations are expensive because they need servers to route your traffic. They need to route your traffic to navigate around the restrictions of IPv4 NAT. In a world of IPv6 there is no NAT (but firewall restrictions still apply).
I have created a relationship model that solves for privacy without need for third party servers and then routes messages based upon that model, but it’s limited by IPv4.
Signal should be able to bring in some revenue other than donations. Premium features that don't compromise the privacy? Premium stickers? Extended emojis only if one paid $1 etc.?
If you really wanted to talk to somebody in a "non-decryptable" fashion, could you set up like a channel that encrypts itself with a ton of different encryption methods, keys, etc. (encrypted payloads inside each other)
Signal encryption is its main feature (I think) and how easy it makes it (abstracts handling key transfer and all that), I'm just trying to think through... if I wanted nobody to read what I was saying , would I use an app/target as popular as Signal or something homegrown?
You don't need multiple security protocols (and in fact that is almost always a bad idea). You just need one good protocol and a way to securely exchange the keys. What signal solved for the most part is the secure key exchange.
If you want to talk to one person, you can give them a USB key in person with a set of crypto keys and then use that to encrypt your messages over any transit method and it will be secure.
The hard part is the key exchange.
It's a bit off topic, but I've wondered the same.
We could stack a hundred layers of encryption algorithms, and if just one of them works, then the whole stack is secure.
You could, but you'd be adding complexity to solve a mostly non-existent problem. Security is rarely broken because the algorithm itself is broken. It's usually because one end has a key logger or other vulnerability. Or they are literally storing the unencrypted text in an unencrypted data store after reading it.
In the meantime, the added complexity adds new places for errors.
1 reply →
I think the biggest risks for most people are going to be around key management, social engineering, and exploitation of terminal devices (i.e. if somebody has compromised your device running signal and can observe the message before encryption or after decryption).
More layers of encryption doesn't really solve those problems.
lots of drug traffickers went with something homegrown (Anom), which turned out to be an FBI front. they'd have been a lot safer sticking to Signal. and you can audit the Signal client's source code, which is enough to verify its secrecy.
They could use a free plus subscription model for really pro features, like “extra privacy”, “faster sending speed”, “create bigger group rooms”, these are bad features but you get it
As soon as there is “extra privacy” for a premium, I would ditch Signal immediately. It’s either provate and secure or it’s not. Certain things cannot be half measured.
Not having to rely on a phone number would be extra privacy.
They are stuck with SMS though because it's a costly... signal that prevents spam.
(Sounds like an opportunity ??)
But then this might solve the funding issue for them, but being tied to most payment systems would only somewhat improve the situation for the users.
I understand now why they dabbled with cryptocurrencies (Monero having proved that these can be anonymous short of having NSA levels of computing power ?). I haven't been keeping up, how did that work out ?
Or the extra privacy could be the current misfeature where you can't properly sync messages across devices. No reason to ditch over that?
I would pay a subscription fee if only to get back SMS capabilities.
Maybe I'm the only one here but this so-called "transparency" in the form of a single blog post doesn't instill much trust in me. I have been an avid Signal user since the TextSecure days and still recommend Signal over any other messenger. However:
- There were times (e.g. during the introduction of MobileCoin) when the Github repositories hadn't seen any update for months, while they were still releasing new app versions on a regular basis. Heck, last time I checked there were not even public changelogs for any of the apps. Calling Signal "open-source" is a stretch at best.
- The Signal team time and again has failed to react to criticism of the usage of Intel SGX, or of how they completely messed up the introduction of the Signal PIN. And let's not talk about MobileCoin. Yes, being "open-source" or "nonprofit" doesn't imply they need to ask their users for permission or respond to every complaint. However, a minimum amount of openness and debating critical features in public would go a long way here.
- I would like to see some transparency regarding the overall foundation and corporate structure, beyond just silently filing form 990 years with significant delay. For instance, it seems Brian Acton can elect and dissolve the entire board just by himself[0, 1]?
Long story short, before donating to Signal I'd like to see a proper and continuous commitment to transparency, not just a once-in-time blog post.
[0]: (German) https://www.spektrum.de/news/mythos-signal-licht-und-schatte...
[1]: https://projects.propublica.org/nonprofits/organizations/824...
appreciate their transparency, but boy do their devs make a lot of money. their 2 highest paid engineers make around $750k USD yearly. I guess if that's competitive good for them, I'm mostly jealous.
https://projects.propublica.org/nonprofits/organizations/824...
I just tried donating at https://signal.org/donate/
It seems that with uBlock origin enabled in Firefox, I was unable to fill out either of the 2 donation forms on the page. It wouldn't let me fill in my Name in the first form, nor would it let me enter a custom amount in the 2nd form.
Disabling uBlock origin seems to resolve.
"We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy."
Kind of Exaggeration to say that the other popular messaging apps don't respect your privacy.. all of them do, some more, other less, just not all of them have it as their main feature.
I always wonder what is the level of safety of Signal fron state level actors. Signal uses telephone numbers as user IDs + sends those verification SMS. Also 50 employees? So how many are monitoring the infaratructure 24/7 (on a side note, a project with 50 employees is probably still better than those with thousands - what do those people even do).
If the data leaks somehow, telephone number as ID sounds very bad.
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world.
This is really the crux of the problem. ~$3M of servers per year is more than enough to start purchasing hardware, I wish there were easier ways for people like me to participate and help Signal on the cheap.
As someone who participated in the builds they complain about being expensive (and ignoring their , I don't think it's a function of centralization or "troubling" as much as it is practical. Meta, Google, etc all have many billions they could be saving if they could figure out how to make it cheaper too.
Related: https://news.ycombinator.com/item?id=38291490, but we merged the comments hither)
I know they have a Paypal account but I can't find a link via their site. I found https://www.paypal.com/US/fundraiser/charity/3675786 on Paypal, but I'm not sure it's legit.
Ok, have they decoupled my identity from my phone number yet?
I mean, to donate to them I'd have to use it. I don't need another WhatsApp.
almost, usernames and phone number privacy are in testing now
That’s only phone number privacy from other users. Registration would still require a phone number, which is what GP seems to be unhappy about.
2 replies →
19M for ~50 people is quite a good compensation
https://archive.is/k90dC
It’s so well written so long post, I afraid I well never read it as carefully. Tonight I’m too tired to delve into its depths. Tomorrow I won’t remember, possibly. And the day after that I won’t remember for sure.
Sorry everyone for this off-topic, I just think it’s needed to be addressed, but I have no idea what to do here.
Signal is one of the non-profits I happily donate to. Myself, my family, and my friends use it almost exclusively.
This was the nudge I needed - super easy to donate $5 a month via the app using Apple Pay.
Same. I'd donated here and there in the past, but I easily get $7CAD/month of usage and would be sad if it didn't exist.
I would say at least 30% savings if they move out of Bay Area.
Also the salary seems to be high for a nonprofit , I get paid much higher than their VP but would happily take that job than my current one.
So charge everyone $2 per month to use it? shrug
If you're not going to show how much money you get via donations, I'm not donating. I'm not going to donate more than you actually need, for example.
Signal already has a very hard time competing against the network effects of WhatsApp and Telegram and getting people on the app, a fee would only increase that. But making it n$/year but with the option for an account withiot a phone number like other people are suggesting sounds nice, peace
> Signal already has a very hard time competing against the network effects of WhatsApp and Telegram
May not be the best thread to say this in, but Signal isn’t as good as Telegram and WhatsApp on features. People can be persuaded to switch, but may have different expectations than what Signal can satisfy.
https://projects.propublica.org/nonprofits/organizations/824...
Their competitors are free. Charging $2 would make Signal a non-alternative for many of their users, and due to how the network effect works, it would greatly reduce the utility for everybody willing to pay as well.
And that's all without even considering the significant overhead of collecting low-value payments internationally.
If you have a sustainable business model, you don't need the network effects. Threema is fine with a smaller userbase because they have a business model that works.
1 reply →
Quit using SMS and phone numbers.
How hard would it be to use a different signal server?
I love what Signal does.
Perhaps they should try with a p2p approach, where every client provides bandwidth, storage, compute, in exchange for using the app.
[dupe]
More discussion over here: https://news.ycombinator.com/item?id=38291427
Given the few fees, what about charging/giving the option to pay $1/year? Whatsapp had this in practice before they got acquired.
> Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago.
What? I know silicon valley salaries are a thing, but absolutely everywhere else in the world this would be insane. Maybe change the headquarters to somewhere cheaper?
Costs for staff are not just salaries. It's also pensions, taxes, benefits, the offices, software licenses and all the other stuff. I've often heard 50% of total cost going to salary, but it varies.
Still does seem high though.
Pensions aren't a thing in the U.S. anymore, especially not for tech. And when a U.S. company says "staffing costs" that does not include licenses, offices, etc. It's strictly salary and benefits.
According to Signal's 990, it's paying multiple employees over $700k. That's above-market for corporate compensation, and it's way above market for non-profit compensation, to the point where it could be considered private inurement.
3 replies →
I keep re-reading this section of their blog post trying to figure out what I'm missing here. $2.6 million full load per employee on avg? Is this heavily weighted to a few executives? Can somebody explain this to me?
Edit: I'm stupid and did the math backwards.
You mathed backwards. It's $380K per person fully loaded. Which is pretty inline with decent tech salary these days.
2 replies →
A few employees and their compensation are listed on their Form 990, page 7. Sidenote: did "Moxie" legally change his name from Matthew Rosenfeld?
https://projects.propublica.org/nonprofits/organizations/824...
3 replies →
Isn't it 380k per person in average? Seems like in-line with FAANG salaries in major US cities.
Only thing I can think of is it incentives them not to put backdoors into Signal/get fired.
I think your math is off? $19M/50 people = $380,000?
You're doing that division backwards.
You can easily donate once a month via the in-app purchase subscription on iOS. Shows a nice little badge on your profile
I always wonder why no one ever mentions Session. Is there some defect in its tech, or is it just not a comparable product?
It's an uphill battle. I asked to recommend Session on the privacy subreddit- which the moderators denied because Session lacks a well-documented endorsement from a public figure regarded as an authority with regard to privacy.
That is a non-starter specifically in the context of vetting privacy-enabling software. Anyone got a list of privacy celebrities with enough spare time to vet reddit content?
It really comes down to that? Wow.
Thanks for answering though, it really bugged me, and I couldn't find anything on it.
1 reply →
Can they require users to send them a SMS instead for verification or that more easily spoofed?
give the option to sign in without phone number paying a fee in bitcoin (sats on lightning network would be the perfect fit) would solve a lot of economic and privacy problems. Also dont waste money on phds post-quantum bullshits would be great.
...we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure...
What if that provider stop Signal to access to their services from whatever reson? It's not very independent service then.
Decentralised, federated Matrix.org has more sense and looks more future-proof to me.
Registration Fees: $6 million dollars per year... how come sending sms cost so much?
It’s somewhat puzzling that Signal doesn’t let me donate with Mobilecoin.
Tells you how much faith they have in that "feature".... I'd love to see some usage numbers on it, and perhaps removal of it when it turns out the usage is near zero... (Or maybe I'm totally wrong, which would be interesting too!)
If they remove it, it would render several hundred dollars I have in that wallet inaccessible without extra work on my part.
Usage numbers are not possible because Signal doesn’t include spyware in the app. There is no indication which transactions on chain came from the Signal app or any other app.
Yeah, you only ever hear the naysayers. So second voice to combat that: I like the integration and use it with (admittedly few) selected friends to split bills. And I think it fits signals mission.
How do they contrive to spend over a million bucks a year on storage?
Just donated $100. I’ve gotten way more than $100 of value from them.
If your employer matches don't forget that ... Easy way to double your donation
Worked for me. $10/month seems reasonable.
Love Signal over Telegram, Wickr, etc.
Does anyone else think that this strategy of growing the userbase with a "free" product and then start panhandling for donations is outright dishonest?
There are tons of smaller XMPP or Matrix providers that didn't get access to millions in funding from these big corporations like Signal did. Who have to run a business in a way that requires paying customers from the start. But now that cash is tight (and after they built a sizable user base) and they can no longer just outspend the competition, suddenly they remind you of TANSTAAFL and are asking you to cough up the cash.
It is the same shitty playbook used by VC-funded companies, except that is now dressed as some virtuous thing of "looked at how much it cost to build all this..." It makes some emotional appeal but it tries to hide from the audience that these costs are solely due to them insisting on controlling everything.
If it is so expensive to run Signal, then open it up to let other people run their own servers instead of trying to control everything. Don't give me this bullshit of "we are a non-profit but we are in the same lane of big tech corporations". You are there because it served you. You can not have it both ways.
> open it up to let other people run their own servers instead of trying to control everything.
If you know of a good open architecture that solves the problems of spam and impersonation while maintaining the convenience and ease of use necessary for mass adoption, please share it.
I could get my parents who are nearing their 70s to use Element (Matrix) and it took them less than 10 minutes, even with me asking them to register to a non-default homeserver.
Screw "convenience". It's a poison pill. "Convenience" should never be put above "resilience" (not to mention "freedom") in a value scale. The American obsession with "convenience" is turning us all into cattle and it's getting harder and harder to get the rest of society to function without being controlled by some corporate overlord.
10 replies →
I donated $5.
but what does this mean in terms of VISA vs MasterCard?
Just a reminder, many of the places you work will match your donations.
Edit: Not sure why people downvoted this. Boss, is that you? I'm increasing my donation.
Some of these things raise an eyebrow and I'd like them further broken down (but in the mean time, I'm still donating):
* $19 million for 50 staff
* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
* Storage: $1.3m, Servers: $2.9m
* Sms registration fees: $6m
It's easy to criticize from the bleachers. Still thankful for the app and I'll continue to donate.
You get what you pay for, though. $338k/year seems like a reasonable salary for people working on something as privacy critical as Signal – just because you're working for a nonprofit doesn't mean you have to work for less competitive wages.
> $338k/year seems like a reasonable salary for people
That $19M/year was total employee costs which, as best I understand these things, can often work out to be double the raw salaries which would bring the average down to a slightly less excessive $170k/year.
Whilst competitive salaries are important, it's fair to say that, outside of the US, you can get good people for a lot less than $338k/year.
To give one example of a (not that cheap) market, outside of London average developer salaries are probably under $50k in the UK. Even accounting for additional costs like taxation and equipment, that's likely to be under $100k fully loaded.
3 replies →
IIRC, employees cost the business ~150% of their salary. That means we're looking at more like a $220k/yr salary on average. For a bay area company, that seems completely reasonable.
Nonprofits, as with for-profits, must pay competitive wages or they will have trouble getting the expertise that they need. $338k/head seems reasonable when you also consider taxes the company must pay for each employee.
"just because you're working for a nonprofit doesn't mean you have to work for less competitive wages"
Actually it does usually. Because when people see real meaning in their work, as opposed to find yet another way to manipulate people on other peoples behalf, then you don't have to buy their consciousness as well.
So sure, it is awesome, that signals employers get to have meaning and money. But I would bet, you would find competent people working for less. (And maybe somewhere else)
But .. they do have a working app and organisation right now and drastic changes could destroy that.
2 replies →
Also, employees cost more than just their salary.
1 reply →
> That's $338k/head on average.
Oh come on. Just because the organization is non-profit, meaning that it's not out to make a profit for shareholders, is no justification for the staff to be paid below their market worth. In fact, they could definitely earn more by quitting and working at for profit companies. And that is especially true for those who are getting the higher end of the compensation.
And say that staff number was like, $5m/year less? It doesn't change the fact that costs of running are substantial and more donation is needed from those who want it to remain viable.
One thing I question with that is that if you gave features to donors only, wouldn't that mean that signal now needs to track users in ways that aren't privacy preserving? I.e. you'd be able to know if any given user using signal now has given payments to signal. I'm not sure that'd work with what they want to do as an organization.
> far cheaper IT labor outside
This is a product that solves some of the harder problems of engineering, and has a staff of 50. Cheaper isn’t going to get you the best. If you had a staff of 1000, you could make that argument. Besides that’s not a lot of money to begin with. 340k is a senior engineer salary and I am sure the people running the company are far more capable than senior engineers.
> drop those features
That’s a valid argument, but 1.7M for that 20PB of bandwidth is not a lot of money. Dropping or making the features paid, defeats the purpose. If you’re trying to be the privacy first app that competes with WhatsApp and others, this would make it harder to be a viable alternative.
> sms registration fees
Education is a harder problem to solve, but offloading some of the costs to users may make sense here.
It's easy to say that "you should do x" from the bleachers but when you're in the arena you run up against reality. For example, Signal had a blog a while ago about how they tried to avoid the sms features, actually for privacy reasons, but they found people just didn't use other alternatives. Here's a reddit thread of users advocating for SMS support https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... .
So it was the best of all the available options practically, if they wanted to grow and retain the users.
That was for sending SMS via Signal, not for verifiyng users via sms and they did remove that.
https://signal.org/blog/sms-removal-android/
edit: wording, forgot the word remove
< "* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year - I'd drop these features if possible, or give them to donors."
How about they pull their socks up and use peer to peer technology instead? Messages are asynchronous so they need to be temporarily stored but routing real-time audio and video is a technology problem that they have chosen the expensive way to solve.
They are peer-to-peer by default between people in their contacts list. That is for when calling someone that isn't in your contacts list or for people that have enabled the relay all calls option.
1 reply →
If signal adds username only accounts it makes sense to relay calls if users don’t want their IP leaked to the other person.
> I'd drop these features if possible, or give them to donors.
They can't really do that, it deters adoption of something with a network effect.
The real issue here is that direct connections have privacy implications (maybe you don't want the other party to know your IP address), so they relay everything. If they could solve that they could save a lot of money.
For example, detect if the user is connected via a known VPN service (which is likely given Signal's user base) and then let the VPN hide the user's IP address instead of Signal having to pay for it. Or make a deal with popular VPNs to put the relay servers in their data centers, which gives a similar advantage and they might be able to get better pricing from them in general because the VPNs already have a lot of bandwidth, are sympathetic to what Signal does and could use it as PR.
Making it so that only one party need to have a pro account might help a bit
1 reply →
They need to dump sms entirely. Use on device private keys. If users mess it up, it’s on them. People need to get educated about how to manage private keys.
As someone technically savvy, I don't trust myself to manage my own private keys sufficiently for a service that's the point of contact for all my friends and family. I think it's a much taller order for someone without the technical knowhow – remember that Signal's audience includes very non-technical people who don't have time to learn the technical ins and outs but absolutely require its utility, like journalists and dissidents.
Then few will use it and Signal will die. There is this gap between the ideals of the technically-minded and the reality that users live in. They tried to dump SMS - and people responded by not using alternatives. The entire sales pitch of Signal is that it is easy and unobtrusive.
costs for a nonprofit are the same as costs for a forprofit
there’s just a bunch of nonprofit employees or personnel that play on the pauper perception because its convenient, but “nonprofit” and no money is not correlated to anything
so if those employee costs were excessive for any organization, saying non profit doesn’t make them more or less excessive
I think tech talent is undervalued and should at least compete directly with FAANG, for many organizations this is not possible, for organizations with other liquid assets they create (like Signal) it is possible. All employment hasnt risen with cost of living, I’m not familiar with other sectors.
> $19 million for 50 staff. That's $338k/head on average.
How did you compute this? 19/5 is 3.8
Signal can be better, IMHO, by separating from phone number requirements. In other words, let users have secure random ids, rather than forcing each user to hand over their phone number for phone company verification.
It turns out the budget shows the phone number registration problem: the costs to deal with phone number verification seem to be $6MM, which seems to be 10% of the entire budget.
If Signal staff are reading this, I'd gladly pay $100/year for a phone-free solution for all users.
A bit handwavy, but allowing sign-up without a phone number could massively increase bot/spam traffic and ultimately increase hosting costs for Signal.
The deal could just be: no phone number, but you have to pay $x/year (I guess this doesn't work with 501c3?)
2 replies →
Just charge $10 to create an account without a phone number and accept Bitcoin. Most people can avoid the $10 by providing a phone number, privacy-conscious people only have to pay $10, it generates revenue, and the $10 puts the spammers out of business because they don't pay $10 once, they pay $10 every time they get banned, which happens multiple times a day.
You could even automate the bans by banning anyone who gets blocked by more than two people they sent messages to, which anybody can avoid by not sending messages to people who would block them, and if it happens to someone innocent, it's still only another $10 to reactivate your account.
The phone number requirement is why WhatsApp won the space over in the first place. There were loads of username+password-based services before it, but none reached the market it did. Why? An incredibly wide user funnel, singing up is frictionless.
You might understand that it's a bad idea, but that makes you an outlier.
No, WhatsApp won because it successfully replicated and replaced the SMS experience in the developing world, where the cost of data was dirt cheap in comparison to the cost of a single SMS message.
This is why it still has a stronghold as well…
3 replies →
Why not support both?
Let one communicate from a computer (or phone) with a username+password account, with people who use the service with phone number account.
This without the mechanism Whatsapp uses, where you can use it in a web browser, but it's still linked to your phone.
1 reply →
I don't really buy this argument. Is signing up with a phone number really that much easier for the average user than using a username/email account? Billions of people seemed to have no problems making a Facebook or Google account.
5 replies →
Requiring a phone number also seems like a decent way increase friction for automated account creation - obviously it can be overcome, but it probably reduces automated account creation by a few orders of magnitudes, which I would imagine reduces the amount of botting/phishing/ban evasion, which could all add up to be pretty expensive to an org.
Using phone numbers as identifiers (and by extension users' phone books as a contact discovery mechanism) is probably at least equally significant as a factor for WhatsApp's success.
What did WhatsApp win? I've never used it, so I'm not sure what anyone uses it for.
2 replies →
You could do both, no?
Focusing on app features is one thing but the bigger picture is that Signal is at risk of not existing without capital… (just donated $20 today and I wish I could buy stickers off of them).
You're in luck: https://www.theverge.com/2023/11/9/23953603/signal-username-...
They will still require a phone number, it's just a alias.
1 reply →
I don't understand the concern. Signal has never been about anonymity. If you need to be anonymous, use a different tool. I like the fact that a phone number provides an additional verification that the person I am chatting with is who they say they are. As far as risk associated with having your phone number leaked to bad actors, that ship sailed years ago. I guarantee your number has been leaked a thousand other ways starting with by your phone provider.
Phone verification does have value in adopting the network effects of phone numbers and integrity by making it harder to mass create accounts.
It would have very particular ethical trade-offs, but they could just make signing up without a phone number a paid option. That has the advantage of actually turning a cost center into a profit center, at the distinct disadvantage of creating a moral hazard by the exact same virtue.
Right, it's a way to create a cost barrier without anyone giving Signal a credit card directly.
That exists, and is called Threema
How would it be better? Is there anything beyond not having to provide a phone number?
How would it be worse?
Session.app solved this problem well
Typical HN comment saying I will pay $ for xyz feature (which everyone, including the poster, knows to be BS)
$6 million per year on outgoing SMS? Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.
Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).
This is correct; anyone with relatively basic knowledge of VOIP can spoof any number (and CID name) they want.
1 reply →
It would be great if Signal wouldn't require a phone number for account setup at all
this is in testing and coming to you early next year.
6 replies →
Or just kill SMS entirely. SMS is old tech from the 1990s. We have better things now, like e-mail over LTE/5G, that work across countries, across devices (whoa!), across providers, across SIM cards (wow!) allow more than 140 characters (wow wow!), and allows easy-to-remember alphanumeric identifiers for user ids (wow wow wow is this the future!). I hate SMS confirmations, I don't want to use my phone number as a username, and I will most certainly never donate to an organization that is using my donations to pay for stupid SMS texts after e-mail was invented.
> We have better things now, like e-mail.
Funny how email, being from the 70s, is actually better.
1 reply →
Personally, I refuse to financially support Signal so long as they're still holding my chat logs hostage on my old iPhone and seem not at all concerned about solving this problem, which has existed for years.
There was (and still is, so far as I know) no upfront warning to users that if they don't first sync with a desktop client, and their phone gets lost or stolen, their iTunes backups do not (unlike most iPhone applications) contain their Signal chats. And furthermore, there's no way to export those chats in backup format from an old phone.
(You can transfer, but the transfer deletes the data from the original source, which is extremely foolish and dangerous IMO, and anyways isn't a proper export accessible from other applications. Furthermore, so far as I know there's no support for transferring from very old versions of the Signal client.)
This has been a critical bug for years [1], it's one of the most complained about issues, and Signal has done (and intends to do) absolutely nothing to fix it. It is absolutely unacceptable to have our own data held hostage by them in this way, especially without any upfront warning.
[1] https://community.signalusers.org/t/ios-backup-keeping-messa...
I completely agree with you, even though the situation is at least a tad better on the Android side... However, it's worth noting that Signal seems to consider this a feature and not a bug.
I hate that. I use signal to chat with my friends. We trade pictures of our cats. I am not a whistleblower who needs my data deleted instantly for safety. I provide the noise that acts as cover for those people. And I would have a LOT easier time bringing onto the network if they were able to keep that chat history. (I take a backup on Android and export it and clean my Signal install periodically because it gets large and starts taking up too much space on my device.)
I love Signal. I want it to succeed. I think they have a little bit of problem understanding who their users actually are though, or perhaps just a disconnect with telling us who the users they want to have are...
Interesting, I always saw this as a deliberate feature aligned with what I first came across Signal for (sensitive communications between trusted parties that may need wiping at a moment's notice). If a journo reporting in a less than hospitable regime had their phone confiscated then they need not worry about their chat logs compromising them.
Sorry, how is this any safer for the journalist? If their phone is compromised in a way such that someone can login and control their Signal app, their chat logs are already compromised. I’m just saying there should be the ability to export those logs once you’ve logged in.
But if they don’t want to provide that, then:
1) Why does the Android app support this?
2) They should warn users of this BEFORE holding their data hostage, and not market Signal like it’s the right solution for everyone.
2 replies →
Perhaps Signal is not the right choice for you? It seems odd to be so concerned about data retention from a system which prominently features support for disappearing messages!
I expect messages to disappear when I turn on disappearing messages and not when I don’t turn them on.
But yes, I agree it’s not the right choice for me and many others who want to have full ownership over our data, and they should make that clear in advance.
3 replies →
> It is absolutely unacceptable to have our own data held hostage by them
Most likely this is just one of the walls of the walled garden.
Love the product. Had a monthly recurring donation for many years. Dropped it over what I consider to be their serial mishandling of open source. See https://github.com/signalapp/Signal-Desktop/pull/6186 for the latest chapter in the, "we won't implement desktop GIPHY that we announced in 2016, and also won't merge it when someone else thoughtfully implements it for us" saga.
I feel like they've made their position here quite clear and it's well-reasoned. I understand the disappointment, but this doesn't give any indications to me of "serial mishandling" unless there's some other context I'm missing?
Open source != open to contributions. Signal has made it pretty clear that their motivations for open source are visibility and verifiability, not to get people to do work for them for free. It seems like the action item to update the CONTRIBUTING.md to make those expectations more clear is a reasonable one.
They announced the feature coming to desktop "shortly" seven (7) years ago [1]. It has been implemented on mobile for ages, and is generally one of the most-popular features of any modern messaging service. In the years since, things like in-app cryptocurrency were implemented. Issues on GitHub dating back to 2017 were unceremoniously locked [2]. A community feature request has been open since 2018 [3]. When more issues on GitHub were created, they were told to discuss it in the one that was already locked, and didn't respond further once that was noted to be impossible [4].
When the PR was thoughtfully created long after it was clear that they wouldn't be honoring their own announcement, they said (approximately a year ago) that they would review and implement it with credit. After 6 months of darkness and petitioning, it was dismissed as being harder to review than to implement while disingenuously counting things like SVGs and license text as LOC. When some specific concerns were finally provided, the author responded point-by-point in how they were already researched and addressed, with a polite request for evidence so that they could correct any misunderstandings. The subsequent response ignored everything in that but the suggestion to update the contribution guide to align with their previously-unstated intent.
Serially mishandled. I'm not moving off of that position.
1: https://signal.org/blog/giphy-experiment/ 2: https://github.com/signalapp/Signal-Desktop/issues/1862 3: https://community.signalusers.org/t/add-gif-search-giphy-to-... 4: https://github.com/signalapp/Signal-Desktop/issues/4841
That's too bad. I'm surprised they have that much internal process for the desktop app. Using the app, it really feels like it's an afterthought.
Why would you ever want to raise the bar for what constitutes open source, all the way up to "Must be open to spending their time reviewing and integrating massive contributions from 3rd parties"?
I don't understand how storage can cost a million dollars when they don't store anything. Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine... even if you receive and send trillions of messages I don't think you would end up storing much at all.
As for registration fees, it sounds like they should use authenticator instead of SMS... and stop requiring a phone number to sign up. That is why I left Signal (went with Matrix). I don't see why anyone would want to tie their Signal to a phone. If you value privacy, why would you do that?
Servers cost seems excessive as well. I don't believe you need that many servers, even if you served a boat load of requests.
As for bandwidth.. okay, that may be the case. I am not sure how you can get that cost down.
> Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine...
The details are there in this post, but I can offer a few guesses. Users may be using multiple devices. And the service has to deliver to all the linked devices before ejecting the message from its storage. The time limit for storing and waiting for linked devices to come online is about a month. With tens of millions of users, this could add up.
Even if every user had dozens of queued up messages, I don't think it equals millions in storage costs. Maybe I'm naive, but I have a storage/database/queue with billions of records and it costs <$700/month.
shrugs
1 reply →
If Signal drops the requirement to have a phone number I'll support them with money. If they allow me to change the name of a contact to what makes sense to me, I'll donate again. Follow the example of Session on this!
I'm seeing all the comments about the $6m Twilio expense, but nothing commenting on how their cost per employee is $380,000 totaling $19m. I think they could optimize this easier if the will was there. I know HN is very SV/tech centric, and that number makes sense there given the run up of VC money, etc. but I'm willing to bet they could source talent from cheaper places and slash this in half; if they wanted to. Just an observation, not my place to tell anyone how to run their business, but for a nonprofit that is trying to drum up donations to fund their operations, I'd think they would want to be leaner.
This number includes taxes, benefits, etc, not just raw salary.
Notably Signal employees do not get equity, so the salary must be higher to remain competitive.
Signal is probably the hardest class of product to build. Name an optimization/distributed systems problem, they probably have it. And quite literally, a Signal bug could jeopardize an activist/journalist’s life.
So for a <$200k salary and no equity, how many world-class engineers do you think you could hire?
I simply wouldn’t trust the product, if it had mediocre engineers.
I interviewed at Signal for a senior developer. They do not pay well. I didn't even get past the phone interview because they were nowhere near my range. No idea where the $380k comes from, executives maybe?
If you want to hire the best talent - engineering and ethics, you need to pay top dollar. 380k is senior engineer comp at most FAANG adjacent companies. It's not a lot.
This is SV tech logic that I mentioned. I’m just not usually of the opinion it’s necessary. There’s a lot of talent around the world. And I’d guess only a few really “top talent” folks are needed to build the unusual problems/cryptographic parts of their app. A lot of it could likely be build by an average dev with some oversight.
I say this as a person that regularly and successfully hires devs from low COL areas. I know the common pitfalls of it and know it’s completely possible to manage and get high quality outcomes. It requires a management approach that’s slightly different than having 100% top tier talent from high COL areas but it’s possible all the same.
Craftsmen's compensation is a non negotiable matter IMHO.
It's not someone's fault if they happen to live in a particular economic climate.
The real root cause isn't the engineering or infrastructure cost.
It is about people paying their fair share myself included.
I'd never advocate for unfair compensation. Only that what's fair is highly variable when the world is your potential labor pool. A lot of people and companies think or behave like only a few areas of the world produce quality software. It's absolutely false. I'd also want to question if a company full of Master Craftsmen are needed (if that's what's implied by the $380k/employee). To keep with the construction metaphor, most labor on a typical construction site is Craftsmen supervising unskilled/lower skilled labor; otherwise cost would be a major issue (more than it is already).
Are you the same kind of people that think that NGO workers should work for free or for a small wage that is not representative of the market wage for their positions?
No, I’m the type of person who thinks tech salaries are bloated in certain areas and certain companies and that does not follow the distribution of talent. It’s followed the distribution of VC money and profits of large companies. The evidence of such is that the median software engineer in the US is in the low-mid $100s (depending on what source I want to believe it’s $110k-$140k). But I also believe that same talent can be sourced outside the US is many cases and for far less expense.
I also view most apps/tech as not very novel. It’s largely the same engineering “problems” that are known and well documented. A lot of it can be done by average developers and “top tier” talent isn’t usually needed other than probably the cryptographic components in Signal’s case. Scale is certainly a concern, but that is a familiar problem that’s has a lot of documentation solutions and approaches.
I could be wrong. Maybe they’re already doing this and it just happens most of their expense is going to a couple high paid execs. Could be that I’m underestimating the complexity as well. But I find my statements to be true in many cases. I can even point to the number of times I’ve talked to consultants and top tier devs about building things for me. What they would charge $1m for I can often piece together for less than $50k by hiring a few folks in low COL areas and then just spending a little effort refactoring their code to be as pretty as I like it to be; sometimes I outsource that too but the point is having a whole company of top tier talent isn’t usually necessary, it’s a choice. Just like believing that top tier talent only exists in the high cost tech hub cities is a choice more so than the truth.
This idea that an equivalent level of talent to SV is readily available in Indiana or Costa Rica for cheaper pay is deeply flawed.
OP didn't mentioned to slash salaries just by half not by 75%. Most IT people in western countries in Europe are not making even 200k per year. Even in London is hard to get 120k unless you maybe working as a contractor.
A lot of those SV talents are not american but migrated from europe or elsewhere - there are still talented people in EU who just simply don't want to move to USA these days even if salaries are at least 2x. You wouldn't have a problem finding real talent in eastern europe for 150k.
1 reply →
It grinds my gears when people on a hacker forum lobby for hackers to make less.
When it’s people who are running a worldwide communications network on the cheap without getting hacked all the time? Absolute pros.
I don’t downvote, let alone flag, but I hate this comment.
Well I don’t get paid to hack, it’s a hobby and sometimes I’m and entrepreneur so I don’t have the same bias as thinking all devs should be making $500k+. I actually think of cost controls and how to build more with less, so kind of polar opposite motives.
Cheap is also a relative concept. I have a guy on full time that I pay $1500 a month. It’s more than twice than he’s ever made in his life and he’s an excellent dev. If I needed to, I could find 50 more like him. Sure if I was FAANG scale trying to hire 30,000 of these people it might get tough. But, I could probably create an entire training program and just apprentice people for less than they paid new grads out of 2-4 schools they normally hire from.
Silicon Valley is not the only place to find engineers who know what they're doing. Some of us want to stay in our home country and/or don't want to jump through the hoops that American tech companies demand.
Think from the perspective of the non profit. $19m/year is a lot of money to raise year after year from donations.
What’s the game plan if the donations stops coming in ?
Or they lobby for more hackers to make more, which can happen with a change in location with an overall reduction in budget
It's amazing what they produce with their headcount:
First, we have three distinct client teams, one for each platform (Android, Desktop, and iOS). These teams are constantly working: adjusting to operating system updates, building new features, and making sure the app works on a wide variety of devices and hardware configurations. We also have dedicated engineering teams that handle the development and maintenance of the Signal Server and all of its infrastructure, our calling libraries like RingRTC, and core libraries like libsignal. These also need constant development and monitoring.
Product and design teams help shape the future of the app and determine how it will look and function, while our localization team coordinates translation efforts across more than sixty languages. We even have a full-time, in-house support group that interfaces with people who use Signal and provides detailed technical feedback and real-time troubleshooting information to every other team. This is an essential function, particularly at Signal, because we don’t collect analytics or telemetry data about how people are using Signal.
--------
How many people does it take to perform all that?
In total, around 50 full-time employees currently work on Signal ...
!
FB only wanted whatsapp to preempt a potential competitor. They are happy to give the service for free (at a loss)
There is no room for monetization because of FB. In other words, you can't compete with a monopoly, even if you are in a different business. They simply take all
FB is getting and using some metadata from WhatsApp. FB also said it would be introducing ads in WhatsApp. While WhatsApp may not be raking in a lot of money, it’s not a complete loss for Meta either.
An entirely peer-to-peer instant messaging network, which doesn't rely on a central authority, is technically possible. A $50M/yr burn rate to implement that authority as an act of charity is simply unsustainable. Why do we insist on continuing down this path?
Attempts to decentralize or federate Signal are met with hostility. The Signal Foundation tells us that this is the only possible way; "the ecosystem is moving", and we must exist in competition with commercial offerings, rather than build something small, sustainable, and decentralized. This is great, until the AWS bill is due.
Because peer-to-peer messaging is not a solved issue. People want asynchronous conversations and not have to expose their location to everyone they talk to.
There are other platforms that are working on federated e2ee services (it's not easy. matrix was completely broken a year ago).
I'm not suggesting that it's a solved problem, but it's a solvable problem, and the Signal Foundation should be using its (significant) resources to solve it, rather than slowly bleeding them out to AWS, GCP, Azure, and Twilio. Unfortunately, solving that problem also significantly reduces the scope of the Foundation, so there's little incentive.
Nothing seems out of the ordinary in terms of costs. But there some features that would be pertinent to their core mission of providing a secure messenger, and stories and payments aren’t some of those. Stories button takes up half of the bottom navigation bar, I have not seen anyone using that feature. Their non-product approach is what prevents men from becoming a recurring donors. They are finally testing a build with usernames, but it has been long over due.
I'll probably donate, but I find it annoying that Signal only offers Linux packages for Debian-based distros. I've had headaches with the Flatpak. I would think that the Linux desktop audience - while not huge - would be the most interested in Signal. That is, might not be a lot of Linux users but percentage-wise I'd bet more Linux users are interested in Signal than macOS or Windows users.
Even an AppImage would be lovely.
The Flatpak works fine for me on Fedora, though of course it's an Electron app, and it periodically has to be re-connected if I don't use it much.
Seconded, the Flatpak is the way to go.
Signal Desktop is available in the Arch repositories. https://archlinux.org/packages/extra/x86_64/signal-desktop/
That would be very helpful... if I ran Arch.
> she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
There is also a third alternative: Threema (https://play.google.com/store/apps/details?id=ch.threema.app...) is a privacy-focused messenger app that tries to cover its costs by *gasp* asking for money for the app! But of course those notoriously financially-conservative Swiss can't hold a candle to Signal, who first decided to give away their app, same as those other messenger-making companies flush with cash, and then found out that supporting all those users who download your free app actually costs money...
[dead]
I would use Signal, but it ties to a mobile number, that is why I don't use it. Been using Element/Matrix instead. I'd consider switching if I could primarily use it on a Desktop decoupled from a mobile device.
Contact this company if you're looking Best IP-TV Provider Whats-app: (+12023675323) I buy from him every year and I don't find any problems with the server, worth encouraging
[dead]
This was a nice, detailed read. At some point, Signal would have to move out of cloud providers at least for a few things to manage costs better.
I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinately user unfriendly on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal ignoring the user and UX issues completely.
Edit: Removed some hard words.
[1]: https://github.com/signalapp/Signal-iOS/issues/4590#issue-72...
> Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages.
This is not the only case where Signal has decided that users should not be in control of their own data. For example an Apple Store or authorised repair shop may need to reset the phone, or an OS upgrade goes badly and needs a restore will also lead to data loss even if there is a full local encrypted backup made.
It is really orthogonal to the much of what Signal claims to stand for them to so boneheadedly insist that users should not be allowed to own and control their own data.
[flagged]
[flagged]
[flagged]
[flagged]
[flagged]
Did I read that right $19m people cost for 50 people.
Would you actually want Signal to be cheaping out on the developers that are maintaining the cryptography software that protects millions of people?
Someone with that level of expertise is going to be expensive.
It's crazy, 400,000k per person. It would feel like nothing but an unfair waste of my "cheap-country" money to fuel "overpriced-county" with a donation.
But that's not salary, that's the total cost per employee. So if you factor in ~40% cost for healthcare, pension, perks, and various taxes, then the average salary is closer to $240,000 which will still a bit high, is probably less than market for the average engineer working at the company.
4 replies →
Would be interesting to know exec salaries, the latest nonprofit disclosure I could find was from 2019
Form 990 from Dec 2021: https://projects.propublica.org/nonprofits/organizations/824...
Back in the day Signal was called TextSecure and it did everything over SMS which required no centralized infrastructure aside from the cellular networks. They transitioned to internet-based messaging to support Apple devices. It seems that decision is now a 50 million dollar per year step backwards.
It's not a step backwards for me. Our organization uses signal in many situations where SMS isn't an option. When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages. We had a widespread cell outage in my area last year. Signal not being on cell/SMS meant that I could still communicate with family without need of cell towers. This is a big step forwards imho.
> When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages.
WiFi calling is a standard feature that does exactly what you describe for texts and calls, without using a third-party. I have cell connectivity turned off constantly on my phone and yet receive texts and calls via WiFi.
It is actually an awesome feature for receiving 2FA SMS at my parent's place where there is great internet but poor cell coverage.
1 reply →
SMS would be a complete non-starter in Europe. Many (no?) countries lack unlimited texting plans.
Wait, still ?? Which countries ?
Right, I totally hate being able to text, voice, video, send files, and screen share with individuals or groups of people, including half my contacts who use iPhone. Also, fuck them for making all of it sync to all my computers. And I especially hate the fact that I was not billed by telecom carriers for the tens of thousands of messages I've sent and thousands of calls I've made over it over the last 10 years.
Yes, indeed, how backwards. I wish I only used software that spied on me, or permitted others to spy on me, for those features.
If you check their costs, SMS (used for registration) is the most expensive part of their operation.
There was no "registration" and TextSecure never sent you messages. It was strictly peer-to-peer.
2 replies →
You misunderstand how textsecure worked.
TextSecure! Wow this took me back to 2011.
Every time I hear about Signal's donation notices I start thinking about ways they might generate revenue. I'm sure Signal staff have considered a ton of options already. Anyway,
- can't do personalized ads or geo-specific ads, so doing generic ads wouldn't drive a ton of revenue anyways
- can't require users payment because when payment (most forms, including bitcoin!) can be used to identify people
- No real benefit to themed group chats (like discord nitro) since it doesn't focus on community groups
I'd love for someone to figure this out, though, because a nonprofit structure for an app is not sustainable.
Who is the active user base for signal these days? Everyone I knew who was using it dropped off after the SMS debacle, which was a shame.
Edit: Wow some weird haters on HN today. I was honestly curious as an active signal user that was no longer able to use it to message people in North America and had never seen anyone using it in East Asia. Apparently this makes some other signal users very angry.
I've been to a lot of meetups in the last year and exchanged contacts with people. As a nerdy idealist running a deGoogled Android with no proprietary software, I always have to tell them that I don’t have WhatsApp, just Signal. Again and again I have heard the reply, “Oh, yeah, I’ve got Signal, I use it to buy drugs.”
So, that’s some of the active user base in my city, but none of those users are very motivated to use Signal with their network of contacts in general. There WhatsApp reigns.
That's been similar to my experience in the last year. WhatsApp or even worse, Snapchat, seems to be the preferred "private" messaging platforms, which is depressing to say the least.
> “Oh, yeah, I’ve got Signal, I use it to buy drugs.”
Funny, people around here in Germany say that about Telegram.
1 reply →
those users probably have a far lower impact on Signal's operating costs because they're only sending the occasional message instead of using it as a broadcast platform.
Same people who use WhatsApp for example.
The SMS issue was mainly a problem in the US where people used it for SMS and therefore never mattered since that communication was never secure. Those people probably never even cared for security since they, as you said even went out there and actually uninstalled an app. Something people seem to rarely do.
I use it for friends, family and colleagues. People now started asking me for it (or safe alternatives to Facebook Messenger) since Facebook started asking people to pay for non-targeted ads recently. They actually got people to think about the data they share with an outdated social network.
Yep, the whole point of Signal for me was the SMS component. I put up with the old-fashioned UI for that reason. Now it just looks and acts like a Telegram clone.
I still use it, and ask my friends & family to use it as well.
What would you recommend to use instead of Signal?
I have yet to find a replacement that both I like and other people use. Matrix and Session I have yet to find anyone using, telegram seems to be almost entirely bots in my area, and WhatsApp etc are owned by Meta.
I've converted all of my friends and family to using it. It's the "social media" for my world now. I'm probably an outlier for that, but it makes me happy!
Lots people are replacing meta/insta/WhatsApp with signal chats
Especially for long term chats with friends and fam.
I happened to start using it with my spouse only to apple just one kind of messaging notification to come thru.
I am too cynical by far, but Signal being run by an ex-Googler is not at all reassuring me of its long-term commitments to security and privacy.
To be cynical in another direction, if it wasn't run by an ex-Googler it would probably cost 1/3 of what it does now to run it :)
These costs seem absurd.
For instance, 1.3$ million per year for storage??? Apparently, they have 40 million users, so 1 MB per user (seems reasonable for Signal) means 40TB. You can buy a 4TB SSD for $200, which means you need $2000 one-time for 1MB per user.
How they get from $2000 to 1.3$ million is a mystery.
As for SMS registration, if they are spending 6 million, maybe they should find some way of doing it for free, e.g. Google might be offering it with Firebase, Twitter used to have it, etc. It's not great for privacy, but if they care about that they should just stop using phone numbers.
Routing video calls through a server to obscure IP address seems totally pointless while you are revealing the phone number anyway. And again there might be a way to do this for free, e.g. perhaps using one of free WebRTC STUN/TURN servers that e.g. Google seems to run.
As for bandwidth, a very conservative estimate seems 100 MB per month for each of 40 million users, giving 4 PB per month (though I guess the real usage is 1/10 that at most). Hetzner charges $1/TB, so that gives $4000 per month or $40k per year, overestimated.
Again a mystery how they get from $40k per month to $2.7 million.
Maybe the problem is that they use AWS/GCP/Azure/etc.? They have to be real idiots to use them since everyone knows they are insanely overpriced and should never be used unless a large corporation or deep-pocketed investors are footing the bills or they is no other possible solution.
Perhaps they need to consider stopping dumping money down the drain before asking for donations.
I'm starting to suspect there's more to securely stowing user data than throwing it on a bunch of 4TB SSDs!
Sorry, how does 1 mb per user seem reasonable? I’m sending tons of videos, documents and pictures, probably beyond a gigabyte daily. Just one video is like 40Mb. 1Mb assumption seems absurd
It's not stored on the server, except perhaps transiently.
2 replies →
I really, really, want to go into a bunch of detail on exactly why this calculation is so incredibly naive. More as a personal thought exercise than for internet fame (since this will be buried under a buried comment).
Maybe I'll find the time...
But, like everyone else is saying, putting things in a datacenter in a resilient way for a high profile, high bandwidth, multi-national app is not the same as buying some ssd, or even running a hetzner instance.
1MB per User? People share tons of pictures and videos, I‘d guess that the average is more in the 0.5 to 2GB range.
I assume they only need to store it between the time it is sent and the time it is received by the recipient.
Maybe the problem is that the Signal app doesn't eagerly download messages upon notification? They should start doing that given the money issues.
3 replies →
Signal doesn't save history so at any given time most users use 0 storage
> How they get from $2000 to 1.3$ million is a mystery.
$1.3M seems excessive, but your calculation is really, really naive.
Storage for a business doesn't really compare to buying a 4TB SSD for your personal use.
Surely 1MB/user for the whole year is more than enough.
It’s in the realm of “64KB of RAM should be more than enough for any computer”
Did they also add their cost of dev, admin, etc. into the calculation? This could have a big impact as well.
Yes like paying 30$ for Tylenol in a hospital. You didn’t pay that much for the pill but for a nurse to enter that you need that into a schedule and then actually deliver it to you.
1mb per user? What is this 1992?
Was this intended as satire? I honestly can't tell.
I think it's satire? Or perhaps they didn't know one can send pictures and videos on Signal and assumed it was only text.
3 replies →