Comment by exabrial
2 years ago
Some of these things raise an eyebrow and I'd like them further broken down (but in the mean time, I'm still donating):
* $19 million for 50 staff
- That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.
* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year
- I'd drop these features if possible, or give them to donors.
* Storage: $1.3m, Servers: $2.9m
- I was actually expecting this to be far higher
- Long term storage should probably be donor-only
- Servers could likely be optimized by going hybrid cloud with colocation and owning own hardware, but again, was surprised how "little" they're spending on this.
* Sms registration fees: $6m
- Stop contributing and supporting the "Your phone number is your identity" problem.
- Move towards helping educating society and establishing a set of encryption keys as their long term identity
It's easy to criticize from the bleachers. Still thankful for the app and I'll continue to donate.
You get what you pay for, though. $338k/year seems like a reasonable salary for people working on something as privacy critical as Signal – just because you're working for a nonprofit doesn't mean you have to work for less competitive wages.
> $338k/year seems like a reasonable salary for people
That $19M/year was total employee costs which, as best I understand these things, can often work out to be double the raw salaries which would bring the average down to a slightly less excessive $170k/year.
Whilst competitive salaries are important, it's fair to say that, outside of the US, you can get good people for a lot less than $338k/year.
To give one example of a (not that cheap) market, outside of London average developer salaries are probably under $50k in the UK. Even accounting for additional costs like taxation and equipment, that's likely to be under $100k fully loaded.
> outside of London average developer salaries are probably under $50k in the UK
For top-notch security developers, I call bullshit. Signal would be worthless if it started offshoring development to nickel and dime.
2 replies →
IIRC, employees cost the business ~150% of their salary. That means we're looking at more like a $220k/yr salary on average. For a bay area company, that seems completely reasonable.
Nonprofits, as with for-profits, must pay competitive wages or they will have trouble getting the expertise that they need. $338k/head seems reasonable when you also consider taxes the company must pay for each employee.
"just because you're working for a nonprofit doesn't mean you have to work for less competitive wages"
Actually it does usually. Because when people see real meaning in their work, as opposed to find yet another way to manipulate people on other peoples behalf, then you don't have to buy their consciousness as well.
So sure, it is awesome, that signals employers get to have meaning and money. But I would bet, you would find competent people working for less. (And maybe somewhere else)
But .. they do have a working app and organisation right now and drastic changes could destroy that.
Why shouldn't we want to pay people working at non-profits the same for their labor than they would get at for-profits? If they are doing just as or even more important work, why do we want to bend over backwards to justify them getting paid less for it?
1 reply →
Also, employees cost more than just their salary.
I wouldn't be surprised if overhead turned out 1/3 of that figure.
> That's $338k/head on average.
Oh come on. Just because the organization is non-profit, meaning that it's not out to make a profit for shareholders, is no justification for the staff to be paid below their market worth. In fact, they could definitely earn more by quitting and working at for profit companies. And that is especially true for those who are getting the higher end of the compensation.
And say that staff number was like, $5m/year less? It doesn't change the fact that costs of running are substantial and more donation is needed from those who want it to remain viable.
One thing I question with that is that if you gave features to donors only, wouldn't that mean that signal now needs to track users in ways that aren't privacy preserving? I.e. you'd be able to know if any given user using signal now has given payments to signal. I'm not sure that'd work with what they want to do as an organization.
> far cheaper IT labor outside
This is a product that solves some of the harder problems of engineering, and has a staff of 50. Cheaper isn’t going to get you the best. If you had a staff of 1000, you could make that argument. Besides that’s not a lot of money to begin with. 340k is a senior engineer salary and I am sure the people running the company are far more capable than senior engineers.
> drop those features
That’s a valid argument, but 1.7M for that 20PB of bandwidth is not a lot of money. Dropping or making the features paid, defeats the purpose. If you’re trying to be the privacy first app that competes with WhatsApp and others, this would make it harder to be a viable alternative.
> sms registration fees
Education is a harder problem to solve, but offloading some of the costs to users may make sense here.
It's easy to say that "you should do x" from the bleachers but when you're in the arena you run up against reality. For example, Signal had a blog a while ago about how they tried to avoid the sms features, actually for privacy reasons, but they found people just didn't use other alternatives. Here's a reddit thread of users advocating for SMS support https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... .
So it was the best of all the available options practically, if they wanted to grow and retain the users.
That was for sending SMS via Signal, not for verifiyng users via sms and they did remove that.
https://signal.org/blog/sms-removal-android/
edit: wording, forgot the word remove
< "* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year - I'd drop these features if possible, or give them to donors."
How about they pull their socks up and use peer to peer technology instead? Messages are asynchronous so they need to be temporarily stored but routing real-time audio and video is a technology problem that they have chosen the expensive way to solve.
They are peer-to-peer by default between people in their contacts list. That is for when calling someone that isn't in your contacts list or for people that have enabled the relay all calls option.
Thanks, very interesting. IMO, that is an insane amount of money to pay for a non-default feature of a free product.
If signal adds username only accounts it makes sense to relay calls if users don’t want their IP leaked to the other person.
> I'd drop these features if possible, or give them to donors.
They can't really do that, it deters adoption of something with a network effect.
The real issue here is that direct connections have privacy implications (maybe you don't want the other party to know your IP address), so they relay everything. If they could solve that they could save a lot of money.
For example, detect if the user is connected via a known VPN service (which is likely given Signal's user base) and then let the VPN hide the user's IP address instead of Signal having to pay for it. Or make a deal with popular VPNs to put the relay servers in their data centers, which gives a similar advantage and they might be able to get better pricing from them in general because the VPNs already have a lot of bandwidth, are sympathetic to what Signal does and could use it as PR.
Making it so that only one party need to have a pro account might help a bit
Still doesn't work. Any two people don't have a pro account and they stop using it in favor of a competitor, and then their other contacts use the competitor too. You can't charge for something WhatsApp has for free.
They need to dump sms entirely. Use on device private keys. If users mess it up, it’s on them. People need to get educated about how to manage private keys.
As someone technically savvy, I don't trust myself to manage my own private keys sufficiently for a service that's the point of contact for all my friends and family. I think it's a much taller order for someone without the technical knowhow – remember that Signal's audience includes very non-technical people who don't have time to learn the technical ins and outs but absolutely require its utility, like journalists and dissidents.
Then few will use it and Signal will die. There is this gap between the ideals of the technically-minded and the reality that users live in. They tried to dump SMS - and people responded by not using alternatives. The entire sales pitch of Signal is that it is easy and unobtrusive.
costs for a nonprofit are the same as costs for a forprofit
there’s just a bunch of nonprofit employees or personnel that play on the pauper perception because its convenient, but “nonprofit” and no money is not correlated to anything
so if those employee costs were excessive for any organization, saying non profit doesn’t make them more or less excessive
I think tech talent is undervalued and should at least compete directly with FAANG, for many organizations this is not possible, for organizations with other liquid assets they create (like Signal) it is possible. All employment hasnt risen with cost of living, I’m not familiar with other sectors.
> $19 million for 50 staff. That's $338k/head on average.
How did you compute this? 19/5 is 3.8