Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.
Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.
The encrypted messaging and calling app Signal has become a one-of-a-kind phenomenon in the tech world: It has grown from the preferred encrypted messenger for the paranoid privacy elite into a legitimately mainstream service with hundreds of millions of installs worldwide. And it has done this entirely as a nonprofit effort, with no venture capital or monetization model, all while holding its own against the best-funded Silicon Valley competitors in the world, like WhatsApp, Facebook Messenger, Gmail, and iMessage.
Today, Signal is revealing something about what it takes to pull that off—and it’s not cheap. For the first time, the Signal Foundation that runs the app has published a full breakdown of Signal’s operating costs: around $40 million this year, projected to hit $50 million by 2025.
Signal’s president, Meredith Whittaker, says her decision to publish the detailed cost numbers in a blog post for the first time—going well beyond the IRS disclosures legally required of nonprofits—was more than just as a frank appeal for year-end donations. By revealing the price of operating a modern communications service, she says, she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
“By being honest about these costs ourselves, we believe that helps provide a view of the engine of the tech industry, the surveillance business model, that is not always apparent to people,” Whittaker tells WIRED. Running a service like Signal—or WhatsApp or Gmail or Telegram—is, she says, “surprisingly expensive. You may not know that, and there’s a good reason you don’t know that, and it’s because it’s not something that companies who pay those expenses via surveillance want you to know.”
Signal pays $14 million a year in infrastructure costs, for instance, including the price of servers, bandwidth, and storage. It uses about 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year. The biggest chunk of those infrastructure costs, fully $6 million annually, goes to telecom firms to pay for the SMS text messages Signal uses to send registration codes to verify new Signal accounts’ phone numbers. That cost has gone up, Signal says, as telecom firms charge more for those text messages in an effort to offset the shrinking use of SMS in favor of cheaper services like Signal and WhatsApp worldwide.
Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago. In 2016, Signal had just three full-time employees working in a single room in a coworking space in San Francisco. “People didn’t take vacations,” Whittaker says. “People didn’t get on planes because they didn’t want to be offline if there was an outage or something.” While that skeleton-crew era is over—Whittaker says it wasn’t sustainable for those few overworked staffers—she argues that a team of 50 people is still a tiny number compared to services with similar-sized user bases, which often have thousands of employees.
Made significantly harder by removing easy ways to donate. Instead I have to add my credit card to their application or log in to PayPal instead of just using Google's Play Store. I use to donate until they removed that option. Now every time I wanted to donate and run into that dialog am just like, yeah I don't have PayPal's password on hand and am not leaving my CC with them. I'll do it later, only to forget.
Get yourself a password manager. You'll always have your PayPal password at hand.
I've been liking bitwarden so far. Works well, seems properly encrypted, no big scandals, etc. But of course anyone reading this should compare a few offers first.
Thanks. I'll look into it. I think I used that as well, but it requires my passwords be on GitHub or something. I do have pass installed in Termux on my phone, but it's not convenient.
I have a simple git repo on my nas for sync because I don't really trust putting passwords on github either. Using a git repo also allows you to easily revert changes which is really nice. I found this guide helpful.
I already have git repo inside of my ~/.password-store directory which am using for company password. Issue is not making it work, just finding time to change it. Thanks for the link though.
Honestly they're both annoying because they take a fee on top of the credit card company fee. Just cut out the middleman and use the credit card option.
They all skim money on top. It's just easier this way. And I'd be happy to increase my donation by the amount Google skims. It's not about that. It's about not having to leave my credit card anywhere.
I could see that being a concern if you were dumb enough to use a debit card, but a credit card? Mine's been stolen a number of times (skimmed at Target once amongst other things) and the bank always caught it before I was even aware it had happened, and they canceled/refunded the transactions. Getting a credit card stolen is unlikely and personally I don't find it to be a particularly significant concern.