Comment by Drblessing

2 years ago

2022 Salaries for those interested: https://projects.propublica.org/nonprofits/organizations/824...

Compensation Key Employees and Officers Base Related Other

Jim O'leary (Vp, Engineering) $666,909 $0 $33,343

Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557

Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500

Graeme Connell (Software Developer) $444,606 $0 $35,208

Greyson Parrelli (Software Developer) $422,972 $0 $35,668

Jonathan Chambers (Software Developer) $420,595 $0 $28,346

Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032

Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104

Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0

82 comments

Drblessing

jillesvangurp 2 years ago

Aside from the salaries, which I agree are a problem, I think there are a lot of architectural issues that are both costly and not so secure.

> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.

6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.

This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.

jwestbury 2 years ago
> which I agree are a problem
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
- waffleiron 2 years ago
  
  > Are they? These salaries are much lower than most tech competitors.
  That really depends on the location these people are working from. In most of the world, those are insanely high salaries.
  A company like this doesn't need to be based in SV.
  
  3 replies →
- i8comments 2 years ago
  
  Salaries for executives in most tech competitors are inflated and should go down, starting with Signal.
  
  1 reply →
- dijkstra_j 2 years ago
  
  I agree, if you lower the salaries now they will probably leave.
- jillesvangurp 2 years ago
  
  Nonsense. Asking for donations as a millionaire (which is what these people are) is a bit awkward.
  This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland. Bay area salaries are vastly inflated in terms of value for money.
  There is lots of talent elsewhere of course. I live in Europe. Lots of smart people here. I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
  And of course the elephant in the room here is that money is running out because this organization has a cost problem. Inflated salaries, insane cost for things that they should arguably get rid off (like the SMS bills), etc. That's a leadership problem. They aren't even getting value for money despite those salaries.
  
  2 replies →
ysnp 2 years ago

Their #1 goal is not to be the most private solution. Their goal is to make day-to-day communications of most people difficult to surveil.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
8organicbits 2 years ago
Have you tried verifying your contacts? It's clunky, but I believe this is how signal handles the problem:
https://support.signal.org/hc/en-us/articles/360007060632-Wh...
Using signal without verifying contacts is like bit like using HTTPS without verifying certificates. It prevents passive monitoring.
- jillesvangurp 2 years ago
  
  Outsourcing identity to operators just moves the problem. And it adds a lot of privacy and security concerns. Besides, other platforms manage just fine without phone number based authentication (which is what this is).
caeril 2 years ago

> This "cost" puts people into danger.
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
prepend 2 years ago
The reason I don’t use signal much is this link to a phone number.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
- Vinnl 2 years ago
  
  > And I don’t want participants to know my phone number.
  They're currently in the testing phase of allowing phone numbers not be known by your conversation partners: https://community.signalusers.org/t/public-username-testing-...
  
  2 replies →

darthrupert 2 years ago

I'll ask the question you're implying out loud.

Why does an organization with about 50 employees need 4 C-level executives, totalling about 2M compensation per year? Or perhaps it's 7 C-level executives (3 hiding under the "Software developer" title) totalling about 3,7M compensation per year?

I'm absolutely not donating money to such a thing without an answer to this question. As a counterpoint, I am a member of a local (Finnish) non-profit organization, one of whose many services is Matrix. This costs me 40 euros per year and none of that money goes to C-level executives.

_ugfj 2 years ago
I find this hypocritical. C executives of tech orgs with world class products often have eight figures compensation -- if not from salary then from stock options. I do not see any excess here. You need to pay to compete.
- pelasaco 2 years ago
  
  > I do not see any excess here. You need to pay to compete.
  What you mean with pay to compete? The goal of Signal to exist is to offer a privacy oriented chat app. Non-profit companies serve a propose, and people not aligned with that, shouldn't be working there in the first place. If you join a non-profit to make money, you are doing it wrong.
  
  11 replies →
- Vinnl 2 years ago
  
  And you get a world-class service that a lot of people can use for free and keeps their communication private in return. I'll happily keep donating for that.
  I'm sure there are some costs that they could theoretically cut without consequence. Because the same holds for any other product I buy.
- OkGoDoIt 2 years ago
  
  Indeed, I’m blown away these numbers are so low. I know multiple senior software engineers at FAANG companies who make more than the software engineers on that list, and they contribute roughly nothing to society. I have zero qualms with Signal executives and employees being paid at that level.
fransje26 2 years ago
> We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate
And from the link: https://projects.propublica.org/nonprofits/organizations/824...
- Other Salaries and Wages $9,665,761 - Executive Compensation $744,037
So about $10,400,000 a year in compensation and wages, or about 21% of their running costs.
- darthrupert 2 years ago
  
  So if I give 5 euros, 1 of this will go to salaries. I'd say not terrible. I wouldn't be surprised if most charities are worse.
  One just have to get over the feeling that I'm donating to a charity of people who make 50x more money than I do with a comparable skill set.
jefozabuss 2 years ago
2M in comp distributed between 4 people is not a lot at this scale in my opinion.
- theshrike79 2 years ago
  
  It is for a non-profit asking for donations. If they want half a mill salaries, they should become for-profit instead.
  
  26 replies →
- pas 2 years ago
  
  we ought to be well past this, if they want to be donation based they need efficiency.
  it's possible to run this from, let's say, Andalusia, and hire competent folks for a fraction of this.
- philjohn 2 years ago
  
  For a nonprofit?
  
  4 replies →
temptemptemp111 2 years ago

[dead]

miclill 2 years ago

Does anyone have an idea why they did not list the combined salaries of all employees? They did seem to list all the other things...

tempestn 2 years ago

They don't break out salaries specifically, but personnel costs are in this paragraph:
> To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

pelasaco 2 years ago

I'm kind of happy to don't see Moxie with such rockstar salary as for instance the CTO one..

viktree 2 years ago
From the same link, it seems like his compensation was much higher in all the preceding years. Not sure what changed this year, but I agree it's a bit refreshing to see. Especially since he's probably made good money throughout his career
- ldayley 2 years ago
  
  I think the lower 2022 numbers reported for Moxie Marlinspike reflect that he was only involved as CEO until February 2022, so $80k would make sense as ~2 months of salary before Meredith Whittaker stepped up to the role.

zynker 2 years ago

Salaries: Pretty abusive salaries for a non profit but that seems to be pretty much the standard nowadays, right?

Bandwidth: I took at quick look and see that chat.signal.org resolves to AWS. If they are paying AWS for a lot of bandwidth, that is very expensive. Let's take a quick look:

   They say they use 20PB per year of bandwidth for voice calls alone, this costs them $1.7M a year.  
   
   According to AWS pricing for great customers (suckers) of over 150TB per month, the cost per GB goes waaaay down to $0.05, yay.  1.6PB per month is 1600000GBs, that's $80K a month and therefore $960K a year.

   Very roughly, a 10Gbp/s link to the Internet, from a Tier-1 provider will be around $800 (eight hundred dollars, you're reading this right) a month in a low-bandwidth-cost country like the US, possibly double that in say Asia.

   A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.

   So we have ~$10K a year (negotiable) for 36PB which is double their bandwidth needs but let's not forget that AWS graciously (geniously) charges for egess only, this means that their actual bandwidth needs are 40PB per year for whatever they are reporting.  So we have $10K for 36PB a year vs $960K a year for 20PB (actually 40PB) of bandwidth from dear Amazon.

   1. Not sure why they are saying the cost is $1.7M per year.
   2. Even at 960K it's daylight robbery.
   3. AWS makes an absolute killing on bandwidth costs.  Best. Business. Model. Ever.
   4. Don't these guys have a Devops pro at $300K+ a year? weird :)

Servers: I won't get into the numbers here as that's a lot more involved, and impossible without more data, but buying and maintaining your own infra, or possibly easier, renting it, would still be quite a lot cheaper than using AWS.

Takeaways: - Storage is something you should buy and maintain (Thanks B!), you swap out old/dying storage devices. See Backblaze.

   - Bandwidth, compute and storage costs at your favorite CSP are absolutely f'ing *outrageous*

   - If you care about your money, your bottom line, do things differently than the *insane* mainstream way of clickity-click on some UIs to provision services without understanding what's really happening under the hood (not saying Signal doesn't understand that part, I'm sure they do), or caring about the added costs of whatever gets so easily "added" to your "infrastructure". 

   - By having your stuff on a CSP you don't even have "infrastructure", but that's juts me.

Anyway, I do love Signal, what they do and what they represent. Keep up the good work.

Signal, mail me at m aaaat zynk.it if you'd like to talk.

mkaszkowiak 2 years ago
> A 10Gbps link fully utilized (minus some overheads), translates roughly to 3 Petabytes per month, that's 36 petabytes per year, almost double their advertized amount of bandwidth needed for calls per year.
I understand this is napkin math, but shouldn't we consider that the load isn't evenly distributed? - in which case 50% average utilization seems extremely high
- zynker 2 years ago
  
  Sure, so multiply it by whatever you want. 10? You still get less than 100k a year and not $1.7M :)
  100k a year for 100GBps, leaving it up to you to calculate how many petabytes per year you can pass with that.
comte7092 2 years ago

>Salaries: Pretty abusive salaries for a non profit
Non profit employees aren’t monks, they don’t need to be talking vows of poverty.