Privacy is Priceless, but Signal is Expensive
Privacy is Priceless, but Signal is Expensive
signal.org
Privacy is Priceless, but Signal is Expensive
176 comments
-
Crazy how decentralization improves both, but they are vehemently against that. I trust them in terms of privacy, but their insistence on centralization, blocking third party apps, removing SMS, and refusal to support fdroid, I'm not a fan of the direction they've gone recently.
-
Removing SMS support makes sense. The potential for a user sending something through SMS that they thought was going over Signal is high. Even for the savvier users who would install Signal in the first place.
-
It killed adoption, since now it's just another messaging app. Most of my contacts still use SMS, and will stay on it, so being able to use Signal was a smooth all-in-one experience. Now I have no point in keeping it installed because like 3 of my contacts use it, so it has no use to me, thus killing potential adoption.
-
-
- Signal wants to be as secure as possible
- F droid has security issues
- It makes perfect sense to me
-
I haven't been able to trust them since the get go, to be honest. Their whole stance against federation is.. FUDdy to stay polite: https://gultsch.de/objection.html
-
A more accurate title could be "Privacy is Priceless, but Centralization is Expensive": with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.
-
Decentralization is expensive too judging by some of the sentiment I've seen around running Mastodon and Lemmy/Kbin instances.
-
Right? People simply expect someone else to pay the bills.
-
At some point society needs to figure out how we can subsidize the costs of data storage, remote servers, and provision of internet to people for free.
-
Yup, it has a cost, but there's perhaps a one or two orders of magnitude cost difference between hosting instant messaging + calls with something like XMPP, and hosting mastodon/Lemmy/Kbin (or why I do the former but not the later, and why I'm ok to pay for the service, esp. considering that my instance's business model isn't, unlike Reddit, to re-sell influence and data).
-
-
-
Decentralisation would just spread the costs over more individuals. Those individuals would have to collect contributions from their respective communities. The total amount people who would have to chip in to make the system sustainable won't change dramatically. Decentralisation isn't some magic wand that makes infrastructure and labor costs disappear into thin air.
-
Decentralisation would just spread the costs
...the costs and the risks: let's jump forward a few years into financing issues, at what point does Signal become a liability and start operating against their stated mission, if the alternative is that they cannot survive? We are witnessing enough contemporary examples of enshittification to know that it's a real possibility, and that all centralized providers, but in particular the ones not charging for service, are at risk.
Some would even argue that this has already started in the case of Signal with their crypto payments and blocking of 3rd party clients which are clearly user-hostile.
Those individuals would have to collect contributions from their respective communities.
Perhaps, or perhaps not. Running costs get exponential with scale. You can host 1000 users on a shoebox computer/raspberry pi, but delivering a service for millions requires datacenter-level infrastructure and tons of engineering know-how.
Most people into self hosting or having a NAS at home can already accommodate their families, friends and more, which means millions of potential users, without the problem of trust from a single organization
-
-
Have any suggestions for "normies" on iPhone and Android that aren't Signal?
-
SimpleX or any XMPP with OMEMO
-
matrix comes to mind, get element on iOS and Android (Fdroid or play store)
-
If those "normies" aren't turned away by the creation of an account (and if they can use Amazon, I doubt it's an issue), they can certainly use XMPP :)
Here to pick a provider:
https://providers.xmpp.net/Here for the software:
https://xmpp.org/software/?platform=android -
I surely do!
Try Session or SimpleX or Threema.
Threema is the oldest and most polished option. You do have to buy a license for a one-time fee though. It's entirely worth the play store credit I spent, but if I were to buy now, I'd use their website store so I could use the open source app instead.
-
-
-
The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.
That's pretty crazy. Wonder which third party providers they are using. Maybe the identity verification methods we have today is due for some significant changes?
-
Yeah, I wasn't expecting that to be the bulk of their spending. Maybe they should remove the need for phone numbers now they removed SMS.
-
Without SMS verification, spam would be so much worse that they've been kind of obliged to keep it, even though it defeats/undoes most of the privacy features they like to advertise about
-
identity verification is trash anyways, we don't need it
-
The article says it's to limit spam. I don't feel platforms like Lemmy (or the other platform) are particularly spammy though. On the other hand I get a lot more spam on Whatsapp, even though it's phone number bound.
Signal is pretty good in terms of limited spam, but I'm curious about the impact if they A/B test the removal and see how much spam would arise. Obviously that could only be implemented after they remove the need to add contact via phone number.
-
-
-
I would never have guessed that an app like signal would spend almost 20 million in salaries. I wonder what is the salary of the executives.
-
I wonder what is the salary of the executives.
Wonder no more, they have it in their 2022 tax filing:
Compensation
Key Employees and Officers Base Related Other
Jim O'leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104
Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0
from https://projects.propublica.org/nonprofits/organizations/824506840
-
I mean, without browsing levels.fyi or anything like that you can get 4 to 10 software engineers for 1 million (anything from 100k to 250k depending on location, experience, etc.).
Not all employees are engineers but that would imply 80 to 200 staff for the 20 million they state.
That's only the component paid to the actual staff though. There are additional costs like Healthcare, unemployment, social security, etc, and other benefits that may not be included in wages (though some portion may be deducted from salaries), but they are including in that statement / summary.
-
For an app like signal you would/should be at the top of that range. You want to acquire and maintain talent. Not every dev has the chops.
-
It says that they have 50 full time employees.
-
-
It's not only salaries:
about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
-
It's an absolutely surprising amount, because Matrix spends less than that if you just count the people working on the open source offerings.
And that project has significantly more features, is federated, and has a much larger scope.
-
-
Step 1. Make it federative Step 2. Stop fucking hosting your shit on Amazon servers. Step 3. Profit
-
Even if they federated (which I doubt they will do), someone would have to foot the bill for those servers. Same thing on lemmy, someone's eating the server costs here even if it isn't a major corporation.
-
-
I kind of liked WhatsApp’s initial monetization model. It was free for the first year and then $1 per year after that. With 400 million users, that’s a good chunk of change. Assuming only 25% of people would pay, that’s still a good chunk of change. I think Signal should adopt something similar.
-
I think just like Proton provides free services for the greater good, Signal should do something similar. Even special emojis works well IMO. They give you a badge at least
-
Agreed. Not ideal vs. a federation, because Signal would still be in a position of total control over the network, but with less incentive to go against its users.
-
-
They should post a average price per user so we'll know what's the minimum to donate (probably 5$ which is the minimum in the app IIRC)
-
"As of January 2022, the platform had approximately 40 million monthly active users."[0]
In 2022 they had $30M expenses, so the cost is somewhat under $1/user/year.
They said the minimum donation is there to reduce the viability of scammers using it to check if a stolen credit card number is valid.
-
-
Make the server open source maybe?
-
-
Signal isn't a federated protocol, so even if they were incentivized to release all the server bits and pieces, it would not help. You could run your own, but wouldn't be able to reach-out to your friends running theirs.
-
pUt iT oN tHe BlOcKcHaiN bRo!
-
-
Ehhhh
Signal lost a lot of my love when they removed SMS support
-
Get with the times.
Signal stands for privacy and not selling your data to be spied on and sold, and you're STILL using SMS, spam ridden, high cost, old infrastructure, easily read, technology.
I suppose you want email in your Signal client too?
-
It's not about that. It's about moving people over.
You know why RCS is picking up steam? Because it's 1 app. If the person you're talking to has RCS, you'll send messages via RCS. If they don't, it'll fall back to SMS. If RCS was a separate app from SMS, adoption would be really low.
Older people especially don't want to juggle 2 apps. If you get your dad on signal, and then his friend who uses SMS messages him, he'll be back in his SMS app and won't go back to signal, meaning the next time he messages you, or anyone else that has signal, he'll instead just send an SMS since he's already in the SMS app.
Removing SMS fallback was a surefire way to kill adoption of signal.
-
-
Especially when your identity on Signal is STILL only tied to a phone number, instead of a username, and there is nothing less private than actually giving out your real phone number.
Absolutely baffling.
-
I heard they gonna introduce usernames for sharing your acc. but to make one u still need a phone to create an acc. which I understand.
-
Giving out a phone number harms anonymity, which is something they never claimed to give you.
I'd like not having to use my number as much as you, but lets be angry about it for the right reasons, at least
-
-
WDYM SMS support?
-
Support for SMS
-
-
Lol, that was the worst feature ever. If you forgot disabling it at install, it was nearly impossible to see it's going to be a sms or signal message. (Especially for people who aren't tech savvy)
-
To dislike the feature is one thing, to not understand why ithers valued it is a whole pther ball game of ignorance
-
-
That is dumb that they'd remove a feature, but I tried it and switched back to a dedicated texting app. The feature wasn't full featured enough for me to want to use it.
-
Not being able to copy my SMS message history into Signal kept me from switching... Well, I might have anyway if googie didn't make it so their app only lets you see your message history if you make it the default
-
-
That was the day I stopped donating
-
-
What is a better alternative than signal?
-
Try out any of these:
Session @session
SimpleX @simplex
Threema @threemaappThey all don't require a phone number, which makes them immediately better than Signal, for devices that don't have a SIM.
-
XMPP
As I wrote elsewhere in this thread, XMPP would be my preference. It just works. In fact that's what the other messengers (at facebook, Google, …) already use, but chose to put behind a walled-garden.
What matters is that whatever comes next (or, from the past in the case of XMPP) is federated, so no single organization has a single-handed control/monopoly over the network. Matrix and SimpleX are federated alternatives to XMPP, but I don't see Matrix stabilizing any time soon, and SimpleX just isn't ready yet. XMPP can offer you today an experience that's comparable to WhatsApp/Signal/Telegram/…-
What's the issue with Matrix? I've tried both Matrix and XMPP but stuck with Matrix because it just works. XMPP is also good but it lacks a good Android client (The available clients look very outdated, and honestly, pretty ugly). It's also kinda hard to know if your client or server even supports all the extensions that are needed.
-
I love XMPP, but I can't recommend it as a reliable alternative to Signal. I find that encrypted communication is hit or miss with it. I had a problem just this week with it. I got a message delivered to a dormant Movim account I use, and I received it in my mobile xmpp app, Cheogram. I received it fine, I replied once fine. I went to send another message and it failed. I went to Movim in my browser, logged in to my account and was able to send. This is pretty typical in my experience-- some kind of mismatch or failure to negotiate between clients.
-
My only problem with XMPP (and a lot of other federated protocols) is really the lack of quality clients. Most of them (especially on systems beyond Android and Linux) don't really have that good of a UX, or their UI is kind of bland or dated.
It's something that I hope gets improved eventually. Because having a variety of choices doesn't mean much if none of the choices feel particularly good.
-
-
-
Ended my donations to Signal after discovering they choose Google Hosting Services over open source and privacy respecting alternatives.
-
Yeah man fuck Signal, they stabbed by dog the other day
-
-
Use Session instead. Open source, E2E encrypted, onion routed, no phone numbers. https://getsession.org/
Audited too. https://blog.quarkslab.com/resources/2021-05-04_audit-of-session-secure-messaging-application/20-08-Oxen-REP-v1.4.pdf
-
So, what would be the appeal compared to XMPP?
-
-
20M USD for 50 employees? ~400+k per employee is nuts!
There are European engineers working at private companies for less 20% (1/5th) of that - if even that! They aren't worse than their American counterparts. Signal could increase their team sizes by at least 30%, maybe even 50% if they hired engineers and other employees from Europe.
If signal paid 100k for European engineers to work on opensource software, mate, they'd have absolute no problems retaining them. I personally don't know a single engineer earning 100k on the European mainland. Not one.
Edit: seriously, wtf. I'm all for paying employees well and it's great that Signal has a dedicated workforce, but 400k? I'm fine canceling my donation. My jaw is still on the floor.
-
It's not only salaries:
about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
-
True. Even so, 300k or 250k per employee is at least 3 times the salary of a European engineer.
-
-
-
-
waaahh centralizing millions of slightly-privacy-aware people's metadata on Amazon's servers costs a lot of money, waaah
-
Which metadata? Please elaborate
-
Which metadata? Please elaborate
- When you are online
- Where you are online from
- When you receive messages (and their size)
- When you send messages (and their size)
- Who you are communicating with (including individuals, and what groups you're in).
Those last two are supposedly hidden by their "sealed sender" feature, but, that is a farce because you're connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive your messages. So, the metadata-hiding property that "sealed sender" purports to provide cryptographically is actually relying on their (Amazon's) network infrastructure not to correlate the information available to it.
Signal says that they don't retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that.
But if someone with the right access at Signal's ISP (Amazon) wants the Signal metadata, they can get it, and if they can, then anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.
One can say that the adversaries they're trying to protect against don’t have that kind of capability, but I think it isn’t reasonable to say that Signal’s no-logging policy (much less their "sealed sender" cryptographic feature) is protecting metadata without adding the caveat that routing all the traffic through Amazon does make the metadata of the protocol’s entire userbase available in a convenient single place for the kind of adversaries that do.
And if you're completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?
-
-
-
Signal is a lie.
176 comments