>>mikece+(OP)
> Storage: $1.3 million dollars per year.

> Servers: $2.9 million dollars per year.

> Registration Fees: $6 million dollars per year.

> Total Bandwidth: $2.8 million dollars per year.

> Additional Services: $700,000 dollars per year.

Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.

>>Duneda+Z
is there any way they can reduce that cost?

>>bilal4+S1
Yeah, decouple Signal user identity from the phone number.

>>mikece+(OP)
All things considered. Pretty impressive how cheap it is to run given the adoption of the Signal.

>>Duneda+Z
Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.

https://www.cnn.com/2023/02/18/business/twitter-blue-two-fac...

>>mikece+(OP)
Back in the day Signal was called TextSecure and it did everything over SMS which required no centralized infrastructure aside from the cellular networks. They transitioned to internet-based messaging to support Apple devices. It seems that decision is now a 50 million dollar per year step backwards.

>>Duneda+Z
I really wonder why it’s so expensive to run. I always hear things about scaling but I used to run a top 500 alexia website and it was just a php app running on a mutualized offer for $5/month. Lots of manual caching though but still.

My wild guess is that either the stack is not really optimal (last I heard it was java) or they do other costly things at scale (sgx?)

>>Duneda+Z
I did my part to help reduce costs by switching to the decentralized alternative, Session.[0]

Bonus: Session does not demand users' phone number. Also no bundled cryptocurrency.[1]

[0] https://getsession.org/

[1] https://www.stephendiehl.com/blog/signal.html

>>craftk+p5
TextSecure! Wow this took me back to 2011.

>>baby+G5
I guess, then the question is how real time was the website. Was it as real time as supporting, instant messaging, voice/video calls etc

>>craftk+p5
SMS would be a complete non-starter in Europe. Many (no?) countries lack unlimited texting plans.

>>java-m+s2
This will probably never happen. One of the reasons WhatsApp blew up is because using a phone number as your source of identification means there's much less friction in the signup flow. No username/password to create and your social graph is already there in your contact list.

My mom was able to get our entire extended family on Signal without my involvement, which is a testament to how easy that is.

>>suriya+46
Oh I forgot that signal is not just about forwarding messages. I’m wondering how much the VOIP costs.

>>baby+G5
how is that in any way comparable? it's not about java vs php

>>craftk+p5
It's not a step backwards for me. Our organization uses signal in many situations where SMS isn't an option. When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages. We had a widespread cell outage in my area last year. Signal not being on cell/SMS meant that I could still communicate with family without need of cell towers. This is a big step forwards imho.

>>mikece+(OP)
I've loved Signal. It's been the only consistent way I've been able to send and receive high-quality pictures and videos at all. It's been the only way I've been reliably able to send texts when I'm in an area with poor reception, which is frequent.

The privacy is nice and it's been simple and easy to use.

I hope they stick around. Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.

The hardest part has been convincing people to use it, and if I have to get people to jump to another one it'll all just fall apart.

>>tapoxi+66
They're already working on it: https://www.bleepingcomputer.com/news/software/signal-tests-...

Not whether that's a good idea is more debatable; you're not wrong about discoverability.

>>mikece+(OP)
Signal can be better, IMHO, by separating from phone number requirements. In other words, let users have secure random ids, rather than forcing each user to hand over their phone number for phone company verification.

It turns out the budget shows the phone number registration problem: the costs to deal with phone number verification seem to be $6MM, which seems to be 10% of the entire budget.

If Signal staff are reading this, I'd gladly pay $100/year for a phone-free solution for all users.

>>yjftsj+67
Those are in addition to the phone number, but it will still require a phone number under the hood.

>>mikece+(OP)
If you really wanted to talk to somebody in a "non-decryptable" fashion, could you set up like a channel that encrypts itself with a ton of different encryption methods, keys, etc. (encrypted payloads inside each other)

Signal encryption is its main feature (I think) and how easy it makes it (abstracts handling key transfer and all that), I'm just trying to think through... if I wanted nobody to read what I was saying , would I use an app/target as popular as Signal or something homegrown?

>>Duneda+Z
Phone numbers have become the de facto version of "Internet stamps" for identity verification.

They are near-ubiquitous on a per-user level, but hard to accumulate without significant cost. (Unlike email addresses.)

But the down side is that phone verification tends to be on a per-service level. So, for instance, Signal incurs these costs when they verify their users, and every other service incurs these same costs when they verify _their_ users.

There are a number of businesses out there that are trying to act as clearinghouses, where they verify the users once, then allow the users' verified profiles to be confirmed by multiple services.

I wonder if any of those could be used to reduce these "registration" costs.

>>Duneda+Z
> we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure

Moving off cloud services to lower-cost provider like Hetzner, Vultr and DigitalOcean might provide a lot of cost savings.

I also imagine they're using managed SMS services from one of these clouds, and moving off them to a combination of local SMS gateways in each country can also further reduce costs (and in one case I've personally observed, by upto two orders of magnitude). This obviously pushes a lot of complexity on Signal's side, but is usually worth it.

>>RunSet+L5
> Also no bundled cryptocurrency.[1]

It seems like Session relies on Oxen's network, so while there is no inherent coin it is blockchain backed.

> Session’s onion routing system, known as onion requests, uses Oxen‘s network of Oxen Service Nodes, which also power the $OXEN cryptocurrency. Check out Oxen.io to find more information on the tech behind Session’s onion routing.

https://getsession.org/faq#onion-routing

>>sandwo+u6
> When I land in a new country it is normal for my cell/SMS not to work. But I can hop on some local wifi and get signal messages.

WiFi calling is a standard feature that does exactly what you describe for texts and calls, without using a third-party. I have cell connectivity turned off constantly on my phone and yet receive texts and calls via WiFi.

It is actually an awesome feature for receiving 2FA SMS at my parent's place where there is great internet but poor cell coverage.

>>jawns+w7
Phone number verification is used to verify the user's registration intent, so not really.

>>mikece+(OP)
> Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago.

What? I know silicon valley salaries are a thing, but absolutely everywhere else in the world this would be insane. Maybe change the headquarters to somewhere cheaper?

>>craftk+p5
If you check their costs, SMS (used for registration) is the most expensive part of their operation.

>>RunSet+L5
Session depends on the Loki blockchain, so I dispute point 1.

>>jph+e7
You're in luck: https://www.theverge.com/2023/11/9/23953603/signal-username-...

>>Duneda+Z
SMS rates are absolutely bonkers considering the technical way they're transmitted. The US is an outlier in SMS rates actually being reasonable (usually unlimited or close to) for consumers - but for the rest of the world the insane mark up on that communication method has mostly obsoleted it...

That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.

>>java-m+s2
Which might be said to increase privacy. I suppose there's something to the point about combating spam. But surely there are other ways to do this, right?

>>minedw+X7
They will still require a phone number, it's just a alias.

>>mikece+(OP)
Signal had 40 million active users in 2021 [1]. With 14 million in infra cost, that comes to .35 per user/year. Total expenses are about 33 million, so about .825 per user/year. All in all that seems very reasonable.

[1] https://www.businessofapps.com/data/signal-statistics/

>>RunSet+L5
Cool, glad to hear about this - However, it is still coupled to a cryptocurrency (https://oxen.io/) even if not bundled wechat-style

>>syspec+R7
You misunderstand how textsecure worked.

>>syspec+R7
There was no "registration" and TextSecure never sent you messages. It was strictly peer-to-peer.

>>V__+r8
Based on App Store downloads on both platforms, they are well over 200M at this point.

>>baby+G5
> the stack is not really optimal (last I heard it was java)

how's java relevant here?

>>mikece+(OP)
Who is the active user base for signal these days? Everyone I knew who was using it dropped off after the SMS debacle, which was a shame.

Edit: Wow some weird haters on HN today. I was honestly curious as an active signal user that was no longer able to use it to message people in North America and had never seen anyone using it in East Asia. Apparently this makes some other signal users very angry.

>>vjk800+Q7
I keep re-reading this section of their blog post trying to figure out what I'm missing here. $2.6 million full load per employee on avg? Is this heavily weighted to a few executives? Can somebody explain this to me?

Edit: I'm stupid and did the math backwards.

>>Muffin+u7
You don't need multiple security protocols (and in fact that is almost always a bad idea). You just need one good protocol and a way to securely exchange the keys. What signal solved for the most part is the secure key exchange.

If you want to talk to one person, you can give them a USB key in person with a set of crypto keys and then use that to encrypt your messages over any transit method and it will be secure.

The hard part is the key exchange.

>>jph+e7
Focusing on app features is one thing but the bigger picture is that Signal is at risk of not existing without capital… (just donated $20 today and I wish I could buy stickers off of them).

>>sky_rw+69
Only thing I can think of is it incentives them not to put backdoors into Signal/get fired.

>>mikece+(OP)
Has anyone tried setting up their own Signal server? Be cool to do this, and then give all your friends the ip for truly private messaging.

https://github.com/signalapp

Seems like all their stuff is open source.

>>nicola+D7
WiFi calling isn’t always free internationally though, it often gets charged according to your phone plan’s international rates, which is discouraging for many people. Signal, on the other hand, just sees WiFi as WiFi.

>>mikece+(OP)
Some of these things raise an eyebrow and I'd like them further broken down (but in the mean time, I'm still donating):

* $19 million for 50 staff

  - That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.

* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year

  - I'd drop these features if possible, or give them to donors.

* Storage: $1.3m, Servers: $2.9m

  - I was actually expecting this to be far higher

  - Long term storage should probably be donor-only

  - Servers could likely be optimized by going hybrid cloud with colocation and owning own hardware, but again, was surprised how "little" they're spending on this.

* Sms registration fees: $6m

  - Stop contributing and supporting the "Your phone number is your identity" problem.

  - Move towards helping educating society and establishing a set of encryption keys as their long term identity

It's easy to criticize from the bleachers. Still thankful for the app and I'll continue to donate.

>>sky_rw+69
You mathed backwards. It's $380K per person fully loaded. Which is pretty inline with decent tech salary these days.

>>sky_rw+69
I think your math is off? $19M/50 people = $380,000?

>>mikece+(OP)
I wish I could use signal without a phone and phone number. Otherwise it is useless to me.

>>mikece+(OP)
> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world.

This is really the crux of the problem. ~$3M of servers per year is more than enough to start purchasing hardware, I wish there were easier ways for people like me to participate and help Signal on the cheap.

As someone who participated in the builds they complain about being expensive (and ignoring their , I don't think it's a function of centralization or "troubling" as much as it is practical. Meta, Google, etc all have many billions they could be saving if they could figure out how to make it cheaper too.

>>mikece+(OP)
Is it possible to self host signal? Can signal move towards a model like the fediverse where the software development is decoupled from the hosting costs?

>>sky_rw+69
You're doing that division backwards.

>>ActorN+v9
unlikely the people i want to talk will bother setting this up

>>munk-a+58
> for the rest of the world the insane mark up on that communication method has mostly obsoleted it...

For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.

It's not a good solution to either problem, but it's slightly better than nothing (which apparently makes it good enough for many), so I suspect we're stuck with it for now.

> That'd be all well and good... the technology would die naturally, but all my American relatives continue to stubbornly use iMessage.

iMessage is not SMS, though. It just uses phone numbers as identifiers, but so do many other popular over-the-top messengers, including the most popular one globally.

>>Muffin+u7
It's a bit off topic, but I've wondered the same.

We could stack a hundred layers of encryption algorithms, and if just one of them works, then the whole stack is secure.

>>Duneda+Z
Why is it that SMS is so damn expensive? (or more specifically, what is it about Twilio et al's businesses that makes them cost so much?)

>>sky_rw+69
Isn't it 380k per person in average? Seems like in-line with FAANG salaries in major US cities.

>>jph+e7
How would it be better? Is there anything beyond not having to provide a phone number?

How would it be worse?

>>jph+e7
The phone number requirement is why WhatsApp won the space over in the first place. There were loads of username+password-based services before it, but none reached the market it did. Why? An incredibly wide user funnel, singing up is frictionless.

You might understand that it's a bad idea, but that makes you an outlier.

>>vjk800+Q7
Costs for staff are not just salaries. It's also pensions, taxes, benefits, the offices, software licenses and all the other stuff. I've often heard 50% of total cost going to salary, but it varies.

Still does seem high though.

>>mi_lk+T8
Java in theory and in synthetic benchmarks: damn near as lean and mean as C.

Every actual Java project: “oh, did you want that memory and those cycles for something else? Yeah, sorry, I need them all. Why no, I’m not actually doing anything right now, why do you ask?”

>>tofuah+5a
Nothing just profit and existing system access costs set by the incumbents.

>>mikece+(OP)
Registration Fees: $6 million dollars per year... how come sending sms cost so much?

>>jedber+F9
That is their total cost, not the salary paid.

>>jph+e7
Phone verification does have value in adopting the network effects of phone numbers and integrity by making it harder to mass create accounts.

>>supriy+y7
Any idea what prevents Signal from using cheaper alternatives?

Edit: I meant moving off cloud to Hetzner, Vultr, DigitalOcean.

>>tapoxi+t7
In the short term it will, and quite possibly in a long-term also, but if you were going to fully make phone numbers optional, I'm pretty sure this is the first step you would take. At the very least it sure looks like they're starting to build the possibility.

>>yetano+09
I've converted all of my friends and family to using it. It's the "social media" for my world now. I'm probably an outlier for that, but it makes me happy!

>>java-m+s2
Phone numbers are the easiest login for people, especially in a world where not everyone has an email address.

I know this will invite comments about usernames. I would like usernames a lot too.

>>exabri+E9
One thing I question with that is that if you gave features to donors only, wouldn't that mean that signal now needs to track users in ways that aren't privacy preserving? I.e. you'd be able to know if any given user using signal now has given payments to signal. I'm not sure that'd work with what they want to do as an organization.

>>yetano+09
I've been to a lot of meetups in the last year and exchanged contacts with people. As a nerdy idealist running a deGoogled Android with no proprietary software, I always have to tell them that I don’t have WhatsApp, just Signal. Again and again I have heard the reply, “Oh, yeah, I’ve got Signal, I use it to buy drugs.”

So, that’s some of the active user base in my city, but none of those users are very motivated to use Signal with their network of contacts in general. There WhatsApp reigns.

>>datpif+xa
Yes, which is why I said "fully loaded"

>>charci+Ea
Right, it's a way to create a cost barrier without anyone giving Signal a credit card directly.

>>mikece+(OP)
I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations. Even better would be to charge users in a way that reflects the costs.

For instance, maybe verifying a new number over SMS should cost $0.10 if that's going to make up 14% of the operating costs.

Begging for donations to subsidize excessive use by other users just doesn't seem sustainable.

>>knoxa2+d3
Second time around benefits too, and the guest time was pretty efficient in WhatsApp too.

>>tapoxi+66
They also blew up because it was also quite decent SMS app, so you just had to install Signal and use it instead of your default SMS app. All your messages are there, you can continue to communicate exactly like you did before, except that now, if the other person also has Signal, your messages are encrypted.

They stopped doing that (and I uninstalled Signal as a result), so they can also stop with the phone number thing, in fact, it would make more sense than with the current situation where Signal needs a phone number but doesn't use it (except for registration). I could even reinstall Signal if they do this.

>>RunSet+L5
I think simpleX[0] is a better choice at this point with all the recent issues around oxen: not coupled to any crypto, no user ids, can host your own servers if need be, etc

[0] https://simplex.chat/

>>jph+e7
That exists, and is called Threema

>>mikece+(OP)
I would pay for a few signal features: 1. encrypted backups or backup integration of my chats, photos and videos. 2. business features (backup, directory integration, search)

I have not used: 1. voice and video

Incredible that SMS costs so much. I wonder if it's worth it because it _saves_ so much in spam and other sorts of fraud or bad behavior?

>>mikece+(OP)
I'd prefer a federated solution, but XMPP doesn't yet have decent support for group chat that doesn't depend on being connected. https://xmpp.org/extensions/attic/xep-0369-0.1.html is still experimental.

Bravo to Signal for being easy enough for my family to use!

>>mikece+(OP)
Signal is one of the non-profits I happily donate to. Myself, my family, and my friends use it almost exclusively.

>>mikece+(OP)
Seriously consider setting up a recurring donation if you prefer Signal. They have delivered consistently over the years. I set the $20/month back when they introduced the option.

I'm curious what the breakdown of donations is. I only have 1 contact with a $10/month and 1 with a $5/month badge. Of course there could be others not displaying the badge. Signal really needs 500,000 people giving $20/month and plus the rich guys giving some millions on top of that to be in a safe financial position.

Maybe something that could be done to encourage donations is have the client estimate how much raw infra costs your usage created and display in the donation screen.

>>zamale+la
I don't really buy this argument. Is signing up with a phone number really that much easier for the average user than using a username/email account? Billions of people seemed to have no problems making a Facebook or Google account.

>>yetano+09
Lots people are replacing meta/insta/WhatsApp with signal chats

Especially for long term chats with friends and fam.

I happened to start using it with my spouse only to apple just one kind of messaging notification to come thru.

>>mikece+(OP)
https://archive.is/k90dC

>>mikece+(OP)
Did I read that right $19m people cost for 50 people.

>>zamale+la
Why not support both?

Let one communicate from a computer (or phone) with a username+password account, with people who use the service with phone number account.

This without the mechanism Whatsapp uses, where you can use it in a web browser, but it's still linked to your phone.

>>jph+e7
A bit handwavy, but allowing sign-up without a phone number could massively increase bot/spam traffic and ultimately increase hosting costs for Signal.

>>yetano+09
I still use it, and ask my friends & family to use it as well.

What would you recommend to use instead of Signal?

>>charci+Ea
It would have very particular ethical trade-offs, but they could just make signing up without a phone number a paid option. That has the advantage of actually turning a cost center into a profit center, at the distinct disadvantage of creating a moral hazard by the exact same virtue.

>>mikece+(OP)
The cloud tax is crazy (especially bandwidth). Pretty sure Signal has reached the scale where they would be cheaper by building their infra, maybe starting with the most expensive (storage + bandwidth), and then doing others.

SMS is (unfortunately) core to the product, so I'm not certain how they could make it cheaper, while retaining the same properties (user+pass registration would be a nightmare for spam and change the UX).

>>baby+e6
Don't forget media!

>>hotnfr+oa
100% true in my experience. Literally anything else is far better when it comes to bloat, including C#, RoR etc.

Increasing the Java heap size just makes it so that when garbage collection eventually hits, it causes an even more massive slowdown across the entire application.

>>sky_rw+69
A few employees and their compensation are listed on their Form 990, page 7. Sidenote: did "Moxie" legally change his name from Matthew Rosenfeld?

https://projects.propublica.org/nonprofits/organizations/824...

>>Rosana+L9
They are actively working against self hosting, which is why I want matrix to succeed and signal to die

>>lxgr+S9
To clarify - iMessage does not use SMS if you're going from Apple to Apple device and both devices have data/wifi available. iMessage refuses to support messaging to Android clients and defaults to SMS for these messages.

I've got an Android phone so all iMessage transmissions come across as SMS (or MMS).

>>exabri+E9
They need to dump sms entirely. Use on device private keys. If users mess it up, it’s on them. People need to get educated about how to manage private keys.

>>zamale+la
Using phone numbers as identifiers (and by extension users' phone books as a contact discovery mechanism) is probably at least equally significant as a factor for WhatsApp's success.

>>zamale+la
You could do both, no?

>>tofuah+5a
In the US, shafting customers as hard and fast as you can is the current business model. What are they going to do? Move to 1 or 2 remaining competitors with the exact same business model?

>>mikece+(OP)
Understood, $7 CAD per month are heading your way since I use Signal quite a bit.

>>craftk+L8
You're mistaken. I still have my textsecure account registration verification text message (because I'm a data hoarder) from March 15, 2015

>>xhkkff+98
Getting rid of phone numbers would make anonymity easier, but it wouldn't affect privacy. Signal is explicitly private but not anonymous.

In most countries, you can get an anonymous phone number anyway.

>>mikece+(OP)
but what does this mean in terms of VISA vs MasterCard?

>>mikece+(OP)
I would pay a subscription fee if only to get back SMS capabilities.

>>yetano+09
Same people who use WhatsApp for example.

The SMS issue was mainly a problem in the US where people used it for SMS and therefore never mattered since that communication was never secure. Those people probably never even cared for security since they, as you said even went out there and actually uninstalled an app. Something people seem to rarely do.

I use it for friends, family and colleagues. People now started asking me for it (or safe alternatives to Facebook Messenger) since Facebook started asking people to pay for non-targeted ads recently. They actually got people to think about the data they share with an outdated social network.

>>aquova+lb
It’s the building a social network part that’s frictionless not creating user name process that’s frictionless.

>>exabri+E9
It's easy to say that "you should do x" from the bleachers but when you're in the arena you run up against reality. For example, Signal had a blog a while ago about how they tried to avoid the sms features, actually for privacy reasons, but they found people just didn't use other alternatives. Here's a reddit thread of users advocating for SMS support https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... .

So it was the best of all the available options practically, if they wanted to grow and retain the users.

>>munk-a+58
I think I understand your comment, since iMessage isn't SMS, but defaults to SMS for those not using it.

There are opensource self hosted solutions like BlueBubble that allow reasonably secure communication through iMessage to the other chat platforms on desktop/Android etc. I have zero affiliation, but I know others who happily use it. There are also less secure and paid solutions I can't speak to.

https://bluebubbles.app/faq/

>>bilal4+S1
Send them via whatsapp. A lot of online services give an option to send OTP via whatsapp along with SMS/Email.

>>munk-a+58
> stubbornly use iMessange.

Personally, I prefer it over downloading yet another client, dealing with additional credentials, wondering about who can access my messages, and so on and so forth…

And all that just to message the handful of people that I know who use <popular in other country third party app>.

>>slaw+La
As I understand it, you have to often use multiple gateways based on which one is cheaper and can deliver your message to the recipient, and also take care of handling retries in case one gateway fails. This is not something you typically want to handle if you're not aware of it, and the process of having to talk to each vendor and figure out their limitations is tedious.

>>tapoxi+66
Why not both?

If I want discoverability, let me provide my phone number.

If I want privacy, just assign a random identifier.

>>mikece+(OP)
[dupe]

More discussion over here: >>38291427

>>munk-a+Wb
Ah, I see what you mean. That's not what I'd call iMessage though, that's just SMS:

The iOS application is called "Messages"; iMessage is the over-the-top Apple-exclusive messaging service.

>>baby+e6
FTA: "Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) and to enable voice and video calls."

>>exabri+E9

  - That's $338k/head on average. At face value for a nonprofit, I'd like these costs broke down as this seems excessive. There is far cheaper IT labor available outside SV.

You get what you pay for, though. $338k/year seems like a reasonable salary for people working on something as privacy critical as Signal – just because you're working for a nonprofit doesn't mean you have to work for less competitive wages.

>>mikece+(OP)
2 ideas to limit costs: Make it a 2 tier plan: free tier is text and images only, paid tier adds audio/video calls Remove the need for phone number verification

I'd be happy to pay 10 bucks a year for Signal.

>>zamale+la
No, WhatsApp won because it successfully replicated and replaced the SMS experience in the developing world, where the cost of data was dirt cheap in comparison to the cost of a single SMS message.

This is why it still has a stronghold as well…

>>Muffin+u7
lots of drug traffickers went with something homegrown (Anom), which turned out to be an FBI front. they'd have been a lot safer sticking to Signal. and you can audit the Signal client's source code, which is enough to verify its secrecy.

>>flower+Ab
It's crazy, 400,000k per person. It would feel like nothing but an unfair waste of my "cheap-country" money to fuel "overpriced-county" with a donation.

>>Retric+kc
The lack of a social network is why I settled on Signal. Before using Signal I tried Telegram, which requires a phone number and if they recognize your number in any of their user's contact list (which many people seem happy to allow access to), they'll send them a notification telling them their contact has joined. I got a nasty message within 10 minutes of making an account from a woman accusing me of pretending to be her deceased father. I had inherited his phone number a decade prior, and it told her I had made an account. I was so shocked they not only allowed, but encouraged such behavior that I deleted it promptly and swore I'd never use it again.

>>aquova+lb
With WhatsApp, your phone number allowed you to see everyone in your contacts that you could message on there, so you could see everyone straight away. Without that, you'd have to bring your friends along and have them sign up as well, then give you their username so you can connect.

>>slaw+La
There's a lower bound on what these services can charge in the form of interconenction fees charged by the mobile service providers delivering the messages.

In the US, that's effectively zero due to the US phone infrastructure largely using a shared-cost model, but in most other countries which use "sender pays", these fees can be significant.

>>mikece+(OP)
I am too cynical by far, but Signal being run by an ex-Googler is not at all reassuring me of its long-term commitments to security and privacy.

>>jph+e7
Session.app solved this problem well

>>nvrmnd+6b
I would certainly prefer the donation begging - chance of getting family and friends to use it with an upfront cost: 0.

>>linuxd+Xc
Experience on WhatsApp, Telegram or any other IM is vastly better than SMS. Unless by SMS you mean iMessage - then it's even simpler - most of the world doesn't use iPhones.

>>mikece+(OP)
Every time I hear about Signal's donation notices I start thinking about ways they might generate revenue. I'm sure Signal staff have considered a ton of options already. Anyway,

- can't do personalized ads or geo-specific ads, so doing generic ads wouldn't drive a ton of revenue anyways

- can't require users payment because when payment (most forms, including bitcoin!) can be used to identify people

- No real benefit to themed group chats (like discord nitro) since it doesn't focus on community groups

I'd love for someone to figure this out, though, because a nonprofit structure for an app is not sustainable.

>>sigmar+cc
2015 was after the internet-based-messaging transition but before the rename. Source: https://en.wikipedia.org/wiki/TextSecure

>>i67vw3+wc
As far as I understand, this is even more expensive than SMS in many cases due to WhatsApp's B2C messaging fee structure.

It's also not a great idea to make sign-ups for an instant messaging service contingent on having an account with another, competing service.

>>OfSang+Ya
> “Oh, yeah, I’ve got Signal, I use it to buy drugs.”

Funny, people around here in Germany say that about Telegram.

>>asylte+Yb
As someone technically savvy, I don't trust myself to manage my own private keys sufficiently for a service that's the point of contact for all my friends and family. I think it's a much taller order for someone without the technical knowhow – remember that Signal's audience includes very non-technical people who don't have time to learn the technical ins and outs but absolutely require its utility, like journalists and dissidents.

>>vore+Tc
Also, employees cost more than just their salary.

>>nvrmnd+6b
How are you going to charge users $0.10? Micropayments is a huge unsolved problem.

>>cl3mis+Eb
The deal could just be: no phone number, but you have to pay $x/year (I guess this doesn't work with 501c3?)

>>Duneda+Z
What's it cost to be an SS7 peer for a year? Could they spin up their own "phone company" for the purpose of delivering SMS verification and nothing else, cheaper than they're paying someone else's markup?

>>asylte+Yb
Then few will use it and Signal will die. There is this gap between the ideals of the technically-minded and the reality that users live in. They tried to dump SMS - and people responded by not using alternatives. The entire sales pitch of Signal is that it is easy and unobtrusive.

>>oconno+ee
I'd jump on that so fast.

>>zamale+la
Requiring a phone number also seems like a decent way increase friction for automated account creation - obviously it can be overcome, but it probably reduces automated account creation by a few orders of magnitudes, which I would imagine reduces the amount of botting/phishing/ban evasion, which could all add up to be pretty expensive to an org.

>>mikece+(OP)
So charge everyone $2 per month to use it? shrug

If you're not going to show how much money you get via donations, I'm not donating. I'm not going to donate more than you actually need, for example.

>>munk-a+Wb
My phone runs Android, I'm pretty much forced to use SMS in order to communicate with anyone who uses an iPhone and that's most of my family. While it can be argued that iMessage provides a good enough experience on an iPhone for most people, I have wondered if they are the one thing keeping SMS alive.

>>exabri+E9
costs for a nonprofit are the same as costs for a forprofit

there’s just a bunch of nonprofit employees or personnel that play on the pauper perception because its convenient, but “nonprofit” and no money is not correlated to anything

so if those employee costs were excessive for any organization, saying non profit doesn’t make them more or less excessive

I think tech talent is undervalued and should at least compete directly with FAANG, for many organizations this is not possible, for organizations with other liquid assets they create (like Signal) it is possible. All employment hasnt risen with cost of living, I’m not familiar with other sectors.

>>jph+e7
Typical HN comment saying I will pay $ for xyz feature (which everyone, including the poster, knows to be BS)

>>vore+Tc
> $338k/year seems like a reasonable salary for people

That $19M/year was total employee costs which, as best I understand these things, can often work out to be double the raw salaries which would bring the average down to a slightly less excessive $170k/year.

>>exabri+E9
> That's $338k/head on average.

Oh come on. Just because the organization is non-profit, meaning that it's not out to make a profit for shareholders, is no justification for the staff to be paid below their market worth. In fact, they could definitely earn more by quitting and working at for profit companies. And that is especially true for those who are getting the higher end of the compensation.

And say that staff number was like, $5m/year less? It doesn't change the fact that costs of running are substantial and more donation is needed from those who want it to remain viable.

>>oconno+ee
Accepting these payments would not be trivial, and linking them to Signal accounts would create a treasure trove of metadata that neither Signal nor its users would likely be very happy about.

>>mikece+(OP)
I always wonder why no one ever mentions Session. Is there some defect in its tech, or is it just not a comparable product?

>>hansSj+Sb
They have devs and support engineers earning 700k, more than the CTO?

>>exabri+E9
< "* 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year - I'd drop these features if possible, or give them to donors."

How about they pull their socks up and use peer to peer technology instead? Messages are asynchronous so they need to be temporarily stored but routing real-time audio and video is a technology problem that they have chosen the expensive way to solve.

>>jallen+7e
I wouldn't be surprised if overhead turned out 1/3 of that figure.

>>Aissen+Lb
Anyone know much does it become worth it to build your own? They spend around $3-4m on storage and bandwidth

>>mikece+(OP)
FB only wanted whatsapp to preempt a potential competitor. They are happy to give the service for free (at a loss)

There is no room for monetization because of FB. In other words, you can't compete with a monopoly, even if you are in a different business. They simply take all

>>exabri+E9
> far cheaper IT labor outside

This is a product that solves some of the harder problems of engineering, and has a staff of 50. Cheaper isn’t going to get you the best. If you had a staff of 1000, you could make that argument. Besides that’s not a lot of money to begin with. 340k is a senior engineer salary and I am sure the people running the company are far more capable than senior engineers.

> drop those features

That’s a valid argument, but 1.7M for that 20PB of bandwidth is not a lot of money. Dropping or making the features paid, defeats the purpose. If you’re trying to be the privacy first app that competes with WhatsApp and others, this would make it harder to be a viable alternative.

> sms registration fees

Education is a harder problem to solve, but offloading some of the costs to users may make sense here.

>>supriy+y7
So ... hire staff to manage that complexity?

>>mikece+(OP)
Love Signal over Telegram, Wickr, etc.

>>yetano+09
Yep, the whole point of Signal for me was the SMS component. I put up with the old-fashioned UI for that reason. Now it just looks and acts like a Telegram clone.

>>flower+Ab
Would be interesting to know exec salaries, the latest nonprofit disclosure I could find was from 2019

>>mikece+(OP)
I am imagining a donate page in the app that incorporates this willingness to be public about the costs.

It offers a way to configure a recurring donation for whatever amount and whatever schedule you want. $100/year for instance, but as you slide the slider or enter a number, it shows you if that number leaves Signal in deficit, covered, or surplus, if all other users who are currently paying anything paid this much.

Instead of just trying to suggest an amount with no explaination of what it means, is $5 still leaving them starving? is $5 5x more generous than needed? You still get to use it for free. But if you are of a mind to be one of the ones chipping in to keep it alive, you see exactly what is the right amount.

When 10k people are paying for 10m other people, that "covered" amount may be pretty high, apparently 5x what the average donater is currently paying. (article says it's 20% of total)

But with that little bit of non-repulsive non-abusive game theory, just honest information but presented in an immediate way, a lot of those other 10m users would start to chip in, and the covered amount would come down. Some users will say, well, I can swallow 5x what I was paying, and others can just leave their donation level in the red. But I think a lot more people would go from 0 to a few bucks if they could see exactly what it means and know that it wasn't a waste.

Maybe the donate function could even have a setting track the current covered value automatically so that your bill automatically comes down as other people start adding to the pool.

Also have it display the 3% or more transaction fee overhead going to the debit card and other payment processors, to show right there graphically how much you're wasting by paying a small amount monthly vs a large amount yearly. Everyone always hides that but I say show it prominently.

>>lxgr+Nc
Messages inflexible reliance on SMS for communication to non-Apple devices is definitely an Apple issue, in my opinion. Apple has made it clear that they continue to default to SMS for non-iPhone communication solely because it's unpleasant for everyone involved.

>>rodlet+af
700k to drag your feet on implementing usernames for a full decade, seems cushy.

>>olah_1+ye
Signal already has a very hard time competing against the network effects of WhatsApp and Telegram and getting people on the app, a fee would only increase that. But making it n$/year but with the option for an account withiot a phone number like other people are suggesting sounds nice, peace

>>OfSang+Ya
those users probably have a far lower impact on Signal's operating costs because they're only sending the occasional message instead of using it as a broadcast platform.

>>olah_1+ye
https://projects.propublica.org/nonprofits/organizations/824...

>>myself+ke
What's expensive isn't (just) the technical infrastructure, it's termination/interconnection fees charged by the destination mobile networks.

>>zamale+la
What did WhatsApp win? I've never used it, so I'm not sure what anyone uses it for.

>>flower+Ab
Would you actually want Signal to be cheaping out on the developers that are maintaining the cryptography software that protects millions of people?

Someone with that level of expertise is going to be expensive.

>>hotnfr+oa
In this case we don’t need to speculate at all. Signal is open source. Back when I was at Twilio we even did some at-scale experiments with running Signal. The intensive parts have absolutely nothing to do with Java because the server logic is relatively simple. The hard parts of Signal are the database storage/retrieval and the encryption.

>>exabri+E9
> $19 million for 50 staff. That's $338k/head on average.

How did you compute this? 19/5 is 3.8

>>dzikim+Td
I think that's the gp's point.

Given the choice between SMS and a service that provides the same functionality is free, superior in most ways, borderless, etc. the choice to use whatsapp is obvious.

>>mushuf+mc
That was for sending SMS via Signal, not for verifiyng users via sms and they did remove that.

https://signal.org/blog/sms-removal-android/

edit: wording, forgot the word remove

>>aalimo+Cc
If only someone would release a universal protocol that the app's native messaging apps could utilize to eliminate the need for these 3rd party messaging apps. Oh, right, it's called RCS and Apple refuses to support it.

>>datpif+ma
Pensions aren't a thing in the U.S. anymore, especially not for tech. And when a U.S. company says "staffing costs" that does not include licenses, offices, etc. It's strictly salary and benefits.

According to Signal's 990, it's paying multiple employees over $700k. That's above-market for corporate compensation, and it's way above market for non-profit compensation, to the point where it could be considered private inurement.

>>V__+r8
I'd be happy to pay $1/year for signal, and I'd pay $2/year if it were decoupled from my phone number.

>>nvrmnd+6b
Yes, let’s tie every user of this privacy-focused messaging platform to a credit card number.

>>supriy+L7
A Flow:

> Service A => User: Please Enter Your Phone Number and Email

> Service A => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (SMS): Please respond with the Email you used at signup to confirm you want an account with Service A

Later...

> Service B => User: Please Enter Your phone number and Email

> Service B => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (Email): Please verify you want an account with Service B

Not saying it's great (providing email twice is annoying), but it's something.

>>cl3mis+Eb
Just charge $10 to create an account without a phone number and accept Bitcoin. Most people can avoid the $10 by providing a phone number, privacy-conscious people only have to pay $10, it generates revenue, and the $10 puts the spammers out of business because they don't pay $10 once, they pay $10 every time they get banned, which happens multiple times a day.

You could even automate the bans by banning anyone who gets blocked by more than two people they sent messages to, which anybody can avoid by not sending messages to people who would block them, and if it happens to someone innocent, it's still only another $10 to reactivate your account.

>>notach+5d
But that's not salary, that's the total cost per employee. So if you factor in ~40% cost for healthcare, pension, perks, and various taxes, then the average salary is closer to $240,000 which will still a bit high, is probably less than market for the average engineer working at the company.

>>just_b+qd
Even Instagram allows you to search your contacts. If they have their number set in their profiles, it'll find a match

>>vore+Tc
IIRC, employees cost the business ~150% of their salary. That means we're looking at more like a $220k/yr salary on average. For a bay area company, that seems completely reasonable.

>>aquova+fd
Signal does the same thing. Or maybe it used to but they changed it. I have a bunch of notifications of "so and so is on Signal" from when I joined years ago.

Can't say I've ever gotten any psycho responses from it though.

>>Duneda+Z
Funny, because that's the reason I can't use Signal - I don't have a phone number.

>>Duneda+Z
Sounds like a great case to get the fuck away from SMS and phone numbers.

But hey, they still want your whole address book, and announce you're on signal to everyone else on signal.

The whole "secure" thing is a joke. Its all linked to your identity via your phone#.

>>lxgr+de
Buy 50 invite codes for $5

>>rogerk+Q8
A lot of people, myself included, have it installed but never use it after they dropped SMS support.

Only a tiny fraction of my contacts use Signal, and most of those are also on Whatsapp, Telegram, Discord, and others.

Signal offers essentially nothing to me.

>>olah_1+ye
Their competitors are free. Charging $2 would make Signal a non-alternative for many of their users, and due to how the network effect works, it would greatly reduce the utility for everybody willing to pay as well.

And that's all without even considering the significant overhead of collecting low-value payments internationally.

>>cmiles+Zf
There's apparently even "green bubble bullying"[1] of kids who have Android devices and thus have their messages appear different. In this particular way Apple is happy compromising the mental health of young people to secure a larger market share - it's awful and they deserve a lot more negative PR for it.

1. https://www.wsj.com/articles/why-apples-imessage-is-winning-...

>>Night_+B6
I know it's unpopular to say this on here but Signal will never be popular as long as they don't add basic features that all other messaging apps have.

- If you lose your phone or it no longer boots, all your messages are irretrievably lost. There's no way to create backups on iOS. Why the hell can't I enable iCloud backups? I know it breaks privacy in some ways but let me choose the trade off. Put a giant warning if you have to.

- The desktop app is awful and requires signing in again all the time. See the Telegram Desktop app for how to do it better. In my opinion it should be the gold standard for desktop messaging apps

- Desktop app keeps losing message history

As long as Signal treats all messages as if they're so important that even super spies should not be able to read them, and as a result, goofing usability in a way that standard features don't work, I 100% understand that the majority of people won't use it.

>>nvrmnd+6b
> I donate to signal, and use it frequently. But I would much prefer for the app to simply charge users rather than beg for donations.

Hard disagree. If you charge, the number of people who will use it shrinks by several magnitudes, and then you lose your network effect, you lose the ability to get your less technically inclined friends to install it.

>>irrati+cg
In South America it's the standard messaging everyone uses, even businesses. No one uses SMS

>>Muffin+u7
I think the biggest risks for most people are going to be around key management, social engineering, and exploitation of terminal devices (i.e. if somebody has compromised your device running signal and can observe the message before encryption or after decryption).

More layers of encryption doesn't really solve those problems.

>>mikece+(OP)
While I would be willing to pay a fee to use Signal, most people won’t and then Signal would turn into a deserted landscape full of privacy nerds who only talk with each other. On the other hand, being better at soliciting donations more often would be more helpful. I’m a regular Signal user and didn’t even know I could donate.

>>cmiles+Zf
What does the default Android messaging app do?

>>blakes+D4
> Twitter said that's why they got rid of the SMS 2FA. They said it was costing millions to have that enabled for them.

Previous Twitter employees have said that this is incorrect. Because Twitter began as an SMS-only (and then SMS-first) application (remember 40404?), they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets. Twitter still has to maintain that infrastructure, because they didn't get rid of SMS 2FA - they just restricted it to Twitter Blue users, so the overhead is still the same.

Almost nobody else who delivers SMS today has that infrastructure, because it doesn't make sense for most services to build.

The only place where Twitter was paying significant amounts for SMS was due to SMS pump schemes, which is a consequence of Twitter gutting its anti-spam detection, resulting in them paying for SMS pumping which was previously blocked.

>>mikece+(OP)
Just donated $100. I’ve gotten way more than $100 of value from them.

>>cmiles+Ge
> I have wondered if they are the one thing keeping SMS alive.

Absolutely they are. Most of my friends and family are Pixel users and we all communicate using RCS. If Apple would just support the modern replacement for SMS (which includes end to end encryption), iPhone users would be much safer and would have a better experience.

>>Krasno+1e
Buying drugs from shady people online like on Telegram channels is a good way to get you not high or killed. Apparently they're selling HHC now that looks like bud? No thanks. I'll stick to my local guy straight from behind the bushes next to the park.

>>tofuah+5a
When you control access to the customer you can charge people a lot. Just like Apple can take 30% primarily because they’re the gatekeeper to iPhone users, telecoms are gatekeepers to their users so they can charge you a lot to text them. You don’t really have a choice. L

>>mikece+(OP)
I find this surprising:

> As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world. Only a select few of the very largest companies globally are still capable of doing this.

Signal may be “small,” but they’re spending plenty on this. Registration is expensive and hard to do without using one of the large expensive providers. But there’s $7M for servers, storage and bandwidth. These are comparatively easy: servers and storage (especially for a service like this where availability for the substantial majority of the data is not terribly important) come in nice pre-manufactured boxes that can easily saturate 10Gbps and can store quite a few TB at very very high IOPS. [0]. And the forwarding model isn’t very latency sensitive - several hundred ms for most users is fine, and sending media via Signal is quite slow regardless. So having many points of presence doesn’t seem terribly important. I bet that two small colocated facilities could cover all of North America quite nicely.

Bandwidth costs outside the cloud world, at least in North America, are comically cheap compared to the major clouds.

[0] A service like Signal ought to need relatively little processing compared to bandwidth and storage for the data plane. AWS and the like may not have a particular good match in their catalog for this use case.

>>munk-a+Tg
> apparently even "green bubble bullying"[1] of kids who have Android devices and thus have their messages appear different

Bullies will bully. Targeting the articles of bullying versus the source is fruitless; the former is unlimited.

>>craftk+p5
Right, I totally hate being able to text, voice, video, send files, and screen share with individuals or groups of people, including half my contacts who use iPhone. Also, fuck them for making all of it sync to all my computers. And I especially hate the fact that I was not billed by telecom carriers for the tens of thousands of messages I've sent and thousands of calls I've made over it over the last 10 years.

Yes, indeed, how backwards. I wish I only used software that spied on me, or permitted others to spy on me, for those features.

>>vore+Tc
Nonprofits, as with for-profits, must pay competitive wages or they will have trouble getting the expertise that they need. $338k/head seems reasonable when you also consider taxes the company must pay for each employee.

>>V__+r8
I wonder how many people paid the $5 for WhatsApp back in the day. It gave you nothing but you were able to do it. I think I did.

>>itslen+rg
> only someone would release a universal protocol

Nobody wants this. Universal access means universal access for spammers. iMessage won over SMS because of cost and spam filtering.

>>thomas+Of
Form 990 from Dec 2021: https://projects.propublica.org/nonprofits/organizations/824...

>>oarsin+9h
Google Messages, which is fast becoming the default Android messaging app across Android OEMs uses RCS when both participants support it and falls back to SMS when that is not the case.

RCS is an open standard that any carrier/OS/messaging app can support, unlike iMessage, which is exclusive to iPhones.

>>vore+Tc
Whilst competitive salaries are important, it's fair to say that, outside of the US, you can get good people for a lot less than $338k/year.

To give one example of a (not that cheap) market, outside of London average developer salaries are probably under $50k in the UK. Even accounting for additional costs like taxation and equipment, that's likely to be under $100k fully loaded.

>>baby+G5
Java is likely the most optimized part of the stack.

Many startups move up to the jam when there is little else that has optimized performance and efficiency like the jvm for 20-30 years.

Of courses this is a moot conversation if you’ve never used Java at scale. Apple and others are Java houses.

>>bloggi+Ng
In case one isn't aware, you can get a $1/month throwaway phone number from Twilio for that purpose.

>>jph+e7
I don't understand the concern. Signal has never been about anonymity. If you need to be anonymous, use a different tool. I like the fact that a phone number provides an additional verification that the person I am chatting with is who they say they are. As far as risk associated with having your phone number leaked to bad actors, that ship sailed years ago. I guarantee your number has been leaked a thousand other ways starting with by your phone provider.

>>mikece+(OP)
I would use Signal, but it ties to a mobile number, that is why I don't use it. Been using Element/Matrix instead. I'd consider switching if I could primarily use it on a Desktop decoupled from a mobile device.

>>baby+G5
You can't send an sms yourself like you can an email. Instead of setting up a server, you have to work with a telco provider (an aggregator specifically). Any SMS service eventually hands off to one of these. Many SaaS SMS providers are just frontends for legacy telco services. They charge insane fees because they can, that is all there is to it.

Sending mass email is still difficult. Its probably easier to pay a provider than set up and establish reputation for yourself. But they don't charge near the rates. Last time I compared rates it was something like 10x-100x to send an sms compared to an email, but it has been a while.

>>Button+4a
You could, but you'd be adding complexity to solve a mostly non-existent problem. Security is rarely broken because the algorithm itself is broken. It's usually because one end has a key logger or other vulnerability. Or they are literally storing the unencrypted text in an unencrypted data store after reading it.

In the meantime, the added complexity adds new places for errors.

>>davidh+gf
If signal adds username only accounts it makes sense to relay calls if users don’t want their IP leaked to the other person.

>>lxgr+9g
Huh, I knew those existed for voice calls, didn't realize they applied to SMS too. Makes sense, though.

>>ocrow+Ef
Might not be cheaper at scale and truly globally.

The loaded costs should have the numbers run.

It would be a fascination under the covers look with signal.

>>ocrow+Ef
They probably already have that staff for GCP, Azure, AWS?

>>rezona+hh
I really dislike iMessage, but somehow Google has managed to deliver an even worse alternative with RCS:

It apparently just doesn't work with dual-SIM phones, requires a phone number and an active plan with a supported operator (at least iMessage lets me use an email address!), the multi-device story is non-existent, to just name a few.

>>Duneda+Z
Just wondering, are they relying on these big name cloud providers (AWS/Azure/GCP), known for predative traffic and storage pricing? Have they considered cheaper providers such as Backblaze B2 for storage and Hetzner/OVH for servers? The fees for storage, server and bandwidth could be cut by 80% if they did that.

>>jawns+w7
A service that requires a telephone number simply shouldn't be called an Internet service. It can't be used purely over the Internet.

Telephone numbers are fundamentally incompatible with privacy. Signal's leadership knows this, but they don't appear to care.

>>mikece+(OP)
> she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.

There is also a third alternative: Threema (https://play.google.com/store/apps/details?id=ch.threema.app...) is a privacy-focused messenger app that tries to cover its costs by *gasp* asking for money for the app! But of course those notoriously financially-conservative Swiss can't hold a candle to Signal, who first decided to give away their app, same as those other messenger-making companies flush with cash, and then found out that supporting all those users who download your free app actually costs money...

>>rezona+0i
That's exactly RCSs biggest problem: It requires active carrier support. (As far as I understand, Google runs the infrastructure for many international carriers at this point, but they still need to opt into that.)

Using my phone number as an identifier and authentication factor for so many things these days is bad enough; I really don't want the messaging layer itself to touch my phone provider at all.

>>atlasu+Bg
Per the 990, which is just salary, multiple employees at Signal are getting paid over $650k. That's way above market for the nonprofit sector for comparable positions.

>>Aardwo+Db
Signal has an app to use it with your computer. It's a one time linkage through a QR code. As long as you connect with the app at least once every 30 days, you never have to worry about it and, unlike WhatsApp, your phone doesn't have to be online for it to work.

>>mikece+(OP)
This was a nice, detailed read. At some point, Signal would have to move out of cloud providers at least for a few things to manage costs better.

I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):

> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.

That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.

Signal is obstinately user unfriendly on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.

Secondly, I found this paragraph in this post to be disingenuous:

> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.

Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).

Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).

Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.

I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal ignoring the user and UX issues completely.

Edit: Removed some hard words.

[1]: https://github.com/signalapp/Signal-iOS/issues/4590#issue-72...

>>mikece+(OP)
They could use a free plus subscription model for really pro features, like “extra privacy”, “faster sending speed”, “create bigger group rooms”, these are bad features but you get it

>>Duneda+Z
Out of interest, their top vendor costs on their 2021 form 990:

$7m Twilio

$4m Microsoft

$3m AWS

$1.3m Google

https://projects.propublica.org/nonprofits/organizations/824...

>>barbaz+ei
That's a neat workaround for the people that can figure that out, but doesn't change the underlying problem for the majority of users at all.

>>chimer+bh
> they very early on established direct-connection infrastructure for sending SMS, meaning that they have a marginal cost of literally $0.00/message in most markets.

I am very, very interested to understand how that works, because without more detail or sources I'm calling bullshit. I definitely understand how Twitter could have greatly reduced their per-message fee with telecom providers, but at the end of the day Twitter is not a telecom and is still at the mercy of whoever is that "last mile" for actually delivering the SMS to your phone, so I don't understand how they have no marginal cost here. Happy to be proven wrong.

>>explai+wg
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?

>>mikece+(OP)
Ok, have they decoupled my identity from my phone number yet?

I mean, to donate to them I'd have to use it. I don't need another WhatsApp.

>>NotYou+dh
If your employer matches don't forget that ... Easy way to double your donation

>>ThinkB+Bd
To be cynical in another direction, if it wasn't run by an ex-Googler it would probably cost 1/3 of what it does now to run it :)

>>JumpCr+Ph
> Nobody wants this.

Not nobody.

> iMessage won over SMS because of cost and spam filtering.

Really? I've never used imessage.

>>tapoxi+66
Nobody is demanding them to stop supporting phone numbers as identifiers/verification methods.

I'm not mad at all if somebody prefers using their phone number and not having a password for a service – just give me the option to use my email address and/or a username.

There are too many "phone number only" services out there these days.

>>renewi+Nh
Whatsapp was asking for $1/year [1]

[1] https://www.theguardian.com/technology/2016/jan/18/whatsapp-...

>>j45+Va
If only it was possible for a service to support both!

>>oarsin+9h
Android's messaging app does much the same thing.

My preference would be that Apple drop SMS support from Messages all-together and market it as an iOS only communication method. People with iPhones would then have to pick some alternative, perhaps they would use Signal or perhaps something else.

I already have to install a handful of applications to talk to all of my friends and co-workers, at least I wouldn't have to continue to use SMS.

>>mikece+(OP)
I just donated $10 to Signal. Here's how to do so on iPhone in less than a minute:

1. Open Signal and click on your user icon in the upper left.

2. Go to "Settings" --> "Donate to Signal".

3. Click "Donate", select your donation options, and pay with Apple Pay.

>>V__+r8
Definitely reasonable but the ultra privacy-conscious/paranoid can't easily donate or pay privately.

>>mikece+(OP)
Nothing seems out of the ordinary in terms of costs. But there some features that would be pertinent to their core mission of providing a secure messenger, and stories and payments aren’t some of those. Stories button takes up half of the bottom navigation bar, I have not seen anyone using that feature. Their non-product approach is what prevents men from becoming a recurring donors. They are finally testing a build with usernames, but it has been long over due.

>>dexwiz+ki
Maybe they should flip it on its head - get a thousand? Ten thousand? numbers that can accept SMS and tell people to "text 473843 to this number" to verify.

>>itslen+rg
RCS is anything but universal. It requires the explicit cooperation of mobile phone providers, which makes it a non-solution in many scenarios – including usage on any device that happens to not be a phone.

RCS is exactly what it says on the box: A modern successor to SMS. That does not make it a good modern instant messenger.

>>atlasu+Bg
Even in central Europe $240000 would be way more than what an average engineer would cost. I'd estimate ~$150000 for well paid jobs there.

>>zozsku+Ib
I have yet to find a replacement that both I like and other people use. Matrix and Session I have yet to find anyone using, telegram seems to be almost entirely bots in my area, and WhatsApp etc are owned by Meta.

>>exabri+E9
> I'd drop these features if possible, or give them to donors.

They can't really do that, it deters adoption of something with a network effect.

The real issue here is that direct connections have privacy implications (maybe you don't want the other party to know your IP address), so they relay everything. If they could solve that they could save a lot of money.

For example, detect if the user is connected via a known VPN service (which is likely given Signal's user base) and then let the VPN hide the user's IP address instead of Signal having to pay for it. Or make a deal with popular VPNs to put the relay servers in their data centers, which gives a similar advantage and they might be able to get better pricing from them in general because the VPNs already have a lot of bandwidth, are sympathetic to what Signal does and could use it as PR.

>>hn_thr+0k
Not who you are responding to, but my guess is that it was all fixed costs. They spend $20mm (or whatever) to maintain access, and maintain infrastructure and they get to send as many SMS messages as they want.

So sending 1 costs the same as sending a 10 million. It isn't that they are free to send, its that they are charged for access to the system, but aren't charged per message.

>>newscr+uj
> Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages.

This is not the only case where Signal has decided that users should not be in control of their own data. For example an Apple Store or authorised repair shop may need to reset the phone, or an OS upgrade goes badly and needs a restore will also lead to data loss even if there is a full local encrypted backup made.

It is really orthogonal to the much of what Signal claims to stand for them to so boneheadedly insist that users should not be allowed to own and control their own data.

>>Raston+rf
Data centers cost billions. Signal, and pretty much everyone else who isn't already in the data center business, is far away from breakeven on that.

>>m3kw9+Kj
As soon as there is “extra privacy” for a premium, I would ditch Signal immediately. It’s either provate and secure or it’s not. Certain things cannot be half measured.

>>V__+r8
Mastodon org + Mastodon.social also have costs of 0.6 EUR/year, though they have two orders of magnitude less users [1]. This is really what most social media costs. These rates are even payable by many in poorer countries.

[1] >>38117385

>>itslen+rg
> Oh, right, it's called RCS and Apple refuses to support it.

No one wants to support it. Even telecoms don't want to support it.

>>mikece+(OP)
Related: https://www.wired.com/story/signal-operating-costs/

(via >>38291490 , but we merged the comments hither)

>>mikece+(OP)
I donated $5.

>>vore+Tc
"just because you're working for a nonprofit doesn't mean you have to work for less competitive wages"

Actually it does usually. Because when people see real meaning in their work, as opposed to find yet another way to manipulate people on other peoples behalf, then you don't have to buy their consciousness as well.

So sure, it is awesome, that signals employers get to have meaning and money. But I would bet, you would find competent people working for less. (And maybe somewhere else)

But .. they do have a working app and organisation right now and drastic changes could destroy that.

>>munk-a+58
For the purpose of 2FA and account registration let’s view it as a tax for fraud prevention, where the real value in SMS is in verifying someone’s identity rather than transmitting messages

>>mikece+(OP)
I don't understand how storage can cost a million dollars when they don't store anything. Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine... even if you receive and send trillions of messages I don't think you would end up storing much at all.

As for registration fees, it sounds like they should use authenticator instead of SMS... and stop requiring a phone number to sign up. That is why I left Signal (went with Matrix). I don't see why anyone would want to tie their Signal to a phone. If you value privacy, why would you do that?

Servers cost seems excessive as well. I don't believe you need that many servers, even if you served a boat load of requests.

As for bandwidth.. okay, that may be the case. I am not sure how you can get that cost down.

>>bombca+Sk
That's in fact how iMessage does phone number verification. It works really poorly internationally.

>>Falcon+Yg
I'd say it's basically standard everywhere outside the US. I lived in Canada and Europe, and eneryone is on it. All my fellow immigrants in the US are all on WhatsApp groups.

>>itslen+rg
Literally nobody wants RCS except Google and a handful of HN commenters. It’s so unwanted that Google had to scrap their original plan of making the carriers host the infrastructure and do it themselves, because the carriers didn’t give a shit.

(And even Google doesn’t really have any love for RCS, they crawled back to it as a fallback plan with their tail between their legs when their own proprietary lock-in messaging apps didn’t work out. Which makes their attempts to shame Apple into adopting it pretty hilariously disingenuous.)

>>mikece+(OP)
You have to appreciate the complete transparency, gently nudging towards giving without ever begging for it.

Refreshing compared to the alternative that Wikipedia is showing, with the tantrum-like emails we receive from their CEO like "LAST REMINDER" or "We've had enough" ; which they ironically send to people who gave.

>>mikece+(OP)
19M for ~50 people is quite a good compensation

>>mikece+(OP)
Wish they provided some numbers of actual messages, type etc. per day. Seems like a good game plan would be.

1) Get off the major cloud providers that charge insane egress fees. 2) Remove SMS verification. A simple solution might be the app gives you a code and then you dial in to them and punch in the code to them. Like a reverse voice based authentication. 3) Remove voice and video calling for non donating users. 3) Remove media texting until both users allow a p2p connection. 4) Remove no contact list message hosting for non donating users.

Lot of unpleasant trade offs there. But I would rank having a text based private messaging app as the top feature. Everything else is a "very" nice to have. I applaud what they are doing and the sacrifices that have been made so far.

>>lxgr+kk
Usernames are currently available in beta, the post I was replying to wondered if SMS verification could be removed because it's expensive.

>>Pareto+hk
> Not nobody

Within the scope of messaging network effects, nobody.

> Really?

Yes. iMessage spam is rare and stamped out fast. Open protocols tend to have spam problems the moment they begin scaling.

>>gamblo+ij
From page 2 of Schedule J (at the bottom) they break out the components of the compensation, showing that most of those numbers incorporate a base salary that looks fairly normal with 2-600k of bonus & incentive comp on top.

In curious Googling to see if there was an explanation for how their structure works, I stumbled on this interesting Glassdoor review:

> The bonus structure promised up to a 100% match with salary, but in practice the system was set up so that nobody got more than 50%, if that. Had I understood this I probably would have taken a competing offer that ultimately would have had much higher comp.

> The quarterly cliff on the bonus system, where a feature failing to ship within the quarter specified (even if just by a single day) was counted as if you hadn't done it at all. This led to death marches each quarter as everyone scrambled to try to finish unrealistic goals. It wasn't possible to get help from anyone else at these times since of course they too had the same problem.

> Nominally, the quarterly goals were set in a collaborative process. In practice it was a 2 day full day meeting where we were told what Moxie had decided we were going to do - our input wasn't really considered at all, including if it was even viable to complete in a quarter. I'm fine with top down control, that's how most corps work, but I disliked the false patina that this was some democratic process.

> Internal communications are a disaster, because Signal uses Signal for everything, including things Signal isn't at all designed for or good at. Bug tracking is literally done in a giant group chat. I have a newfound appreciation for JIRA.

https://www.glassdoor.com/Reviews/Signal-Messenger-Reviews-E...

>>jedber+pi
Yep, people who think about messaging security as a problem of sending data from one computer to another are missing a huge part of the attack surface. To fully understand the entire problem set, we need to consider the entire pathway from one human's brain to another.

>>j45+ci
Java is entirely performant if you treat it right, and many of the problems with GC in J8 are fixed in later versions.

You can push Java very far.

Of course you can also write horribly ugly code in it.

>>mikece+(OP)
Signal should be able to bring in some revenue other than donations. Premium features that don't compromise the privacy? Premium stickers? Extended emojis only if one paid $1 etc.?

>>ActorN+v9
Which app would they all use and from where would they get it? Signal does not (intentionally) support the official app using other servers or the platform itself supporting federation. [1]

[1]: https://signal.org/blog/the-ecosystem-is-moving/

>>nwelli+jm
does the dial-in suggestion work? Seems like spoofing phone numbers is trivial, while spoofing numbers for inbound SMS is harder.

>>pierat+Og
They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.

Why is the security a joke? The data is e2e encrypted, and isn't related to a phone number in any way after registration. Do you know of a better way of combining privacy and anti-abuse measures? If you don't offload identity checks to telecom providers during registration some bad actor will immediately create a million accounts and send millions of spam messages and destroy the slim chance of this type of app to exist for free.

>>collab+uf
FB is getting and using some metadata from WhatsApp. FB also said it would be introducing ads in WhatsApp. While WhatsApp may not be raking in a lot of money, it’s not a complete loss for Meta either.

>>cmiles+Zf
https://www.android.com/get-the-message/

>>lepton+ug
If you pay Signal $1/year, they'll realistically see about 60-70 cents of that – and that's only considering payment processor fees.

Now add the cost of providing support (it's a paid product now!), payment handling on their end (in a privacy-preserving way, which excludes most common payment methods), and top it off with the immense damage to the network effect by excluding all the users that can't or simply don't want to pay $1/year...

Donations seem like the much better option here.

>>charle+Yl
Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them. The reason they exist is that Wikipedia has too much money, so they spend some on consultants who say they can raise more. It's weird, but that's how the world works.

I would much prefer the Wikipedia endowment model of non-profit orgs. They have a standard operating procedure with a predictable budget, and endowment that let's them run indefinitely, and we just have to suffer through pledge drives. I just block them with ublock filters. I gave them 6 dollars back in 2012, and according to their marketing that is enough for life.

>>SahAss+j8
I just hope they don’t expose phone numbers if a conversation was started on usernames and one or both parties have phone numbers saved. I hope it is not this bad - something Telegram does.

Also preferably clearing differentiating username and phone number messages.

>>raesen+2i
> outside of London average developer salaries are probably under $50k in the UK

For top-notch security developers, I call bullshit. Signal would be worthless if it started offshoring development to nickel and dime.

>>munk-a+Tg
> Apple is happy compromising the mental health of young people

Dramatic exaggeration and attribution of evil intent is counterproductive and disingenuous.

>>mikece+(OP)
I feel like investing in p2p approaches and having people donate spare server capacity might be better. For example, relay calling was p2p in the original Skype and worked well. Apple private relay is a similar concept whereby there are two intermediaries to make things private. It gets trickier since in mobile land you can’t run servers really, but I feel like the Signal population has enough spare capacity to offload bandwidth and stuff and could be an easier sell than “please give us money”.

For the sms verification, I feel like forcing the requester to do some bitcoin mining for you could potentially pay for itself.

>>akpras+Fk
Does this entail a 30% cut to Apple/Google?

>>nwelli+jm
About the SMS verification, it depends on the goal. If the goal is to verify a phone number, you can't trust the _sender's_ address in the phone network.

So, you can't trust the address in the "From" on an SMS or the "From" of a phone call.

That means a voice call to Signal would not work to validate phone numbers.

>>JLCarv+en
RCS is Google's idea of a solution – a company not exactly widely known for their excellence in all things instant messaging.

>>lxgr+Sj
Majority of users don't have phone numbers?

>>rodlet+gb
What about Matrix?

>>dexwiz+ki
> Many SaaS SMS providers are just frontends for legacy telco services.

I worked on an automated SMS marketing system back in the day so I have seen this in action, at scale. This would be stuff like "text LAKERS to 12345 for Lakers updates"- we didn't handle the Lakers but we did handle many sports teams. Though I wasn't privvy to the financial side, I got the sense that the per-text cost ended up being manageable at scale, but this is because we were one organization who would apply the rules onto our own customers, and if we failed to do so properly we risked losing the interconnects to the various carriers. We typically used a single contracted "aggregator" service which provided a unified API for the carriers. When I left, we were using OpenMarket.

When you have a self-service SaaS offering such as Twilio, the per-text costs are going to go up because the barriers for sending unwanted texts (or fail to follow the rest of the rules mandated by the TCPA) is so much lower, and Twilio has to address that organizationally which adds cost.

Additionally, Twilio does not purchase short codes (ie 12345) which means its harder for the carriers to track bad behavior across their network. There is an initial cost (fairly high) to acquiring a short code, though you can also share short codes across customers in some cases. Acquiring a single short code and sending all messages from that short code would likely reduce costs.

I would love to see more detail from Signal about what sort of SMS interconnection they are using, because directly connecting with an aggregator instead of a SaaS offering (if they haven't already) could save a lot of money, and they are definitely at the scale that would allow for it. And given that they only use it for account verification and are a non-profit, it seems likely they could get a good deal since the risk of TCPA violations is effectively zero.

>>akpras+Fk
I’ve got a recurring donation of $5/mo I set up ages ago

>>olejor+Nn
https://support.signal.org/hc/en-us/articles/360031949872-Do...

Easy google , but no it doesn't

>>itslen+rg
I see that you feel strongly about RCS, but as far as I know even some of the bigger US carriers dont support the universal profile on all the Android devices they offer. So maybe you’ll get your wish some point after carriers align on RCS.

>>altern+5o
I'm referring to the majority of users not having (or wanting to use) phone numbers.

Some of these will be willing and able to pay $1/month to Twilio for a workaround, but most probably won't.

>>munk-a+Tg
On the other hand, I have saved many a dollar by instantly knowing that I just sent a legacy text to somebody I normally iMessage with.

My carrier charges an arm and a leg for international texting, and if distinguishing between texts and iMessages wasn't as easy as it is, I would probably have to pay hundreds in carrier bills at least once.

>>troupo+ul
Telecoms don't even want to roll out all of the infrastructure they get paid by the government to, I don't know that their willingness to do anything is a point I'd try to stand firmly on.

>>rodlet+gb
Fwiw, I've seen users suggest hybrid approaches. Interestingly it could reduce some of the costs they list here and looks like a route one could take to slowly build towards a fully or hybrid federated system instead of jumping straight there. But I am unsure how much the community likes the idea and judging by that last post it doesn't seem like the mods do. But this one takes note as two users were willing to place a bounty on the feature request

https://community.signalusers.org/t/signal-airdrop/37402

>>mikece+(OP)
Can they require users to send them a SMS instead for verification or that more easily spoofed?

>>bombca+Sk
It's usually even more expensive to support receiving messages than sending them, beyond keywords like Unsubscribe. If you want any sort of threading its going to be extra. Also its extra for dedicated shortcodes. When you get an SMS from a random shortcode, there might be multiple companies using that code, but they mix the pools enough that its unlikely you will receive two messages from two companies from the same code. Also shortcodes are usually country/region locked. So if you want to international support, you need to buy shortcodes in multiple regions, and different regions have different telco laws. On top of that, provisioning is very manual compared to the modern cloud.

I supported a marketing platform for a while, and it was so much easier to send an email than an sms.

>>mikece+(OP)
An entirely peer-to-peer instant messaging network, which doesn't rely on a central authority, is technically possible. A $50M/yr burn rate to implement that authority as an act of charity is simply unsustainable. Why do we insist on continuing down this path?

Attempts to decentralize or federate Signal are met with hostility. The Signal Foundation tells us that this is the only possible way; "the ecosystem is moving", and we must exist in competition with commercial offerings, rather than build something small, sustainable, and decentralized. This is great, until the AWS bill is due.

>>popol1+Wc
They do that and everyone moves to WhatsApp or Telegram. Your comment ignores the whole private chat app landscape.

>>Duneda+Z
Signal agrees: (from the article:)

... legacy telecom operators have realized that SMS messages are now used primarily for app registration and two-factor authentication in many places, as people switch to calling and texting services that rely on network data. In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.

...

These costs vary dramatically from month to month, and the rates that we pay are sometimes inflated due to “toll fraud”—a practice where some network operators split revenue with fraudulent actors to drive increased volumes of SMS and calling traffic on their network. The telephony providers that apps like Signal rely on to send verification codes during the registration process still charge their own customers for this make-believe traffic, which can increase registration costs in ways that are often unpredictable.

>>ActorN+v9
This can be a premium feature. Run your own server and for a little bit of money you can configure your client to use an alternative server. Client code is what make it private and secure, so you want to use their verified client even with your own server.

>>maxfur+ql
There are several steps between using AWS and building a datacentre.

- Using similar services from cheaper cloud providers

- Renting VMs

- Renting whole servers

- Renting rack space + power

- Renting larger spaces (many racks, or part or all of a whole floor)

>>mikece+(OP)
Total salary bill: $20m. 50 staff so average salary: $400k. I'd be happy with $200k USD - that's more than I get paid in my country at current exchange rates.

>>abdull+tk
I've been using WhatsApp when the nominal $1/year fee was still around, but somehow never ended up being actually charged, and I don't know anyone that did.

It's possible that they were only enforcing it in some regions, though.

>>abdull+tk
The price changed a few times but they definitely had a lifetime thing once.

All pricing was entirely optional

Here's one reference to a different price (can't find lifetime except for people complaining that Facebook didn't honor it on original ToS)

https://www.wired.com/2011/11/whatsapp-messenger-app/

>>abdull+sl
IIRC WhatsApp used to charge $1 per year

https://venturebeat.com/mobile/whatsapp-subscription/

>>Anthon+bl
Making it so that only one party need to have a pro account might help a bit

>>dghlsa+gl
> spend $20mm (or whatever) to maintain access, and maintain infrastructure and they get to send as many SMS messages as they want.

This is not how SMS pricing works in many, if not, most countries.

>>pluto_+W7
I don't consider Session to "bundle" the Loki blockchain or the Oxen network in any sense.

Here is more information about what I meant when I used the term "bundled".

https://www.techopedia.com/definition/4240/bundled-software

>>melbou+kp
Probably includes taxes, social security, health insurance, etc

>>rezona+1k
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.

>>mikece+(OP)
It's amazing what they produce with their headcount:

First, we have three distinct client teams, one for each platform (Android, Desktop, and iOS). These teams are constantly working: adjusting to operating system updates, building new features, and making sure the app works on a wide variety of devices and hardware configurations. We also have dedicated engineering teams that handle the development and maintenance of the Signal Server and all of its infrastructure, our calling libraries like RingRTC, and core libraries like libsignal. These also need constant development and monitoring.

Product and design teams help shape the future of the app and determine how it will look and function, while our localization team coordinates translation efforts across more than sixty languages. We even have a full-time, in-house support group that interfaces with people who use Signal and provides detailed technical feedback and real-time troubleshooting information to every other team. This is an essential function, particularly at Signal, because we don’t collect analytics or telemetry data about how people are using Signal.

--------

How many people does it take to perform all that?

In total, around 50 full-time employees currently work on Signal ...

!

>>rezona+7o
Yeah, aggregator is a very industry specific term, so I just merged into teclo provider. But yeah, all the issues with short codes, national laws, and reputation, makes it very complex. I worked at a company like Twillio that had contracts with different aggregators across the world, and sold a platform to manage SMS interactions. They added a layer to make ensure customers respected opt-out keywords, or opt-in for specific countries, so it would help manage TCPA (and other) violations. I imagine this helped keep costs down. We would definitely fire customers for trying to get around the safeguards.

I was on the support side, so I just saw when it went wrong, which was a lot.

>>nottor+3k
almost, usernames and phone number privacy are in testing now

>>altern+4n
> They want the address book because if you don't have engagement promotion features like that, there is no way to ever become remotely popular in the chat app space.

Intentionally ignoring the fact that Signal splatters your phone number to everyone else is a humongous problem. And you can even put your phone number block in your address book, and it'll tell you everyone who has Signal. This happens all the time, with Signal servers leaking all of this metadata.

And doing "engagement promotion" is what companies do to sell more shit. So, exactly what are they "selling"?

>Why is the security a joke?

Metadata, pertaining to communication patters and to whom matters just as much as what's being said.

And that metadata, like "your phone number" and "contact's phone number", and "when data is being sent to/from" is that metadata.

> The data is e2e encrypted,

> and isn't related to a phone number in any way after registration.

Bullshit. I see new people hopping on signal fairly regularly. If that was true, it'd be a simple verify-once-and-delete. It aint.

> Do you know of a better way of combining privacy and anti-abuse measures?

I reject your claim of "privacy", with regards to metadata.

Secondly, Tox has an alternate way to handle this, by allowing any number of accounts not tied to anything. Sure, it's a SHA256 id, but who cares. There, its secure AND anonymous.

Basically, I look at Signal as "better than SMS, but not much". It's basically a way to keep the phone company from scanning messages.

>>DANmod+zo
Exactly, so how on earth does Google think that it is a good idea to put them in charge of running the infrastructure powering the future of instant messaging?

Any chance at all it has something to do with the fact that they've acquired an RCS infrastructure provider that they can sell to telcos?

https://jibe.google.com/

>>munk-a+58
Just because consumers get unlimited SMS doesn’t mean businesses get that. The telcos are ruthless about extracting their pound of flesh at business rates.

>>OfSang+Ya
That's been similar to my experience in the last year. WhatsApp or even worse, Snapchat, seems to be the preferred "private" messaging platforms, which is depressing to say the least.

>>hutzli+Gl
Why shouldn't we want to pay people working at non-profits the same for their labor than they would get at for-profits? If they are doing just as or even more important work, why do we want to bend over backwards to justify them getting paid less for it?

>>bongri+3g
> Signal already has a very hard time competing against the network effects of WhatsApp and Telegram

May not be the best thread to say this in, but Signal isn’t as good as Telegram and WhatsApp on features. People can be persuaded to switch, but may have different expectations than what Signal can satisfy.

>>supriy+L7
"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.

The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.

It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.

>>Analem+Xl
> with their tail between their legs when their own proprietary lock-in messaging apps didn’t work out

For what it's worth, they've worked tirelessly to ensure their failure.

>>explai+dq
The clearinghouse may not have the user’s most recent email address, which is common amongst non-tech people. My mom and aunts have lost many email addresses this way and forcing them to use an older email would cause many issues.

>>contac+xq
That’s only phone number privacy from other users. Registration would still require a phone number, which is what GP seems to be unhappy about.

>>mikece+(OP)
Does anyone else think that this strategy of growing the userbase with a "free" product and then start panhandling for donations is outright dishonest?

There are tons of smaller XMPP or Matrix providers that didn't get access to millions in funding from these big corporations like Signal did. Who have to run a business in a way that requires paying customers from the start. But now that cash is tight (and after they built a sizable user base) and they can no longer just outspend the competition, suddenly they remind you of TANSTAAFL and are asking you to cough up the cash.

It is the same shitty playbook used by VC-funded companies, except that is now dressed as some virtuous thing of "looked at how much it cost to build all this..." It makes some emotional appeal but it tries to hide from the audience that these costs are solely due to them insisting on controlling everything.

If it is so expensive to run Signal, then open it up to let other people run their own servers instead of trying to control everything. Don't give me this bullshit of "we are a non-profit but we are in the same lane of big tech corporations". You are there because it served you. You can not have it both ways.

>>barbaz+ei
Aren't these VoIP? Almost every service blocks VoIP numbers for sign ups these days, but perhaps Signal is an exception.

>>nwelli+jm
You can charge for SMS. You send a message to signal, charged at an amount to cover the return message which contains a code.

>>lxgr+in
You can also charge for a 10 year minimum and get to a higher retained %

You don't need to provide support, even much more expensive consumer services live without a proper one, so being explicit about the fact that you only pay for infrastructure could suffice

Not sure why payment privacy has to be so strict for everyone

The network effect damage is real, but maybe it could be limited with donations :)

>>2OEH8e+Jk
Sure, but privacy isn't black or white. A donation to signal does not compromise the content of your messaging.

So what you've leaked is the information that you have an interest in private conversations. This might be a problem in some countries, but I think it's fair to ask folks in affluent countries with working (sorta) democracies to shoulder that burden. I.e. you don't donate if there's elevated threat to your safety, there are enough people who aren't under elevated threat.

There's also the possibility of using a donation mixer like Silent Donor, though I'd evaluate that very carefully. (There's a record of the transfer in, and the mixer needs to keep temporary records for transferring out. There's also the question how you verify the mixer doesn't skim.)

Some donation mixers accept crypto currency, so for maximum paranoia, I suppose crypto->crypto mixer->donation mixer->charity might be workable. Or hand cash to a friend who donates in your stead.

As always, the best path is to set aside paranoia and build a threat model instead to see what the actual risks are.

>>supriy+jr
The app has to ask for email/phone to begin with (see step 1), if the email doesn't match then phone would be used as fallback, or potentially as a "Didn't Receive Code?" gesture.

>>nvy+Rg
Except real privacy?

>>vore+6r
Because funding is limited. And the goal is to maximize the impact, not make some people happy.

>>gamblo+tg
They cover this pretty substantially in the post on Signal's website (I know they merged the Wired article into this one).

Signal is trying to compete with the richest companies in the world; including for talent. And considering Signal's origins and motivations, they're not going to lower salaries or decrease benefits because some people believe that working for a non-profit automatically means lower compensation.

>>2OEH8e+Jk
There are clever ways around that. I use posteo as my mailprovider. They have a system where you can pay anonymously: https://posteo.de/en/site/payment

>>bonton+Sr
They work with Signal, Facebook, etc. Sometimes you have to try another one to get it to work.

>>2OEH8e+Jk
They take checks by mail. You definitely can do a cashier's check and I'm sure they'd take the "cash in an envelope" method that places like Mullvad do too. Looks like they also support crypto, and that includes Zcash. So I don't think this is a great excuse. The only "can't easily donate" aspect is going to also be tied with the "can't easily get a cashier's check or find an anonymous person to sell me bitcoin for cash" kinda issues, and when you're operating at that level I'm not sure anything is "easy." (but that's not that hard usually)

https://support.signal.org/hc/en-us/articles/360031949872-Do...

>>mortal+Ml
> Even if messages are queued, how do you get millions of dollars in queued storage? It's hard for me to imagine...

The details are there in this post, but I can offer a few guesses. Users may be using multiple devices. And the service has to deliver to all the linked devices before ejecting the message from its storage. The time limit for storing and waiting for linked devices to come online is about a month. With tens of millions of users, this could add up.

>>NoMore+Ye
It's an uphill battle. I asked to recommend Session on the privacy subreddit- which the moderators denied because Session lacks a well-documented endorsement from a public figure regarded as an authority with regard to privacy.

That is a non-starter specifically in the context of vetting privacy-enabling software. Anyone got a list of privacy celebrities with enough spare time to vet reddit content?

>>lxgr+pp
Indeed. I just ignored the dialog box the first time it popped up. But next year I paid. It was quite a big deal because back then it was equal to my entire monthly cellphone bill in Pakistan.

But I remember other people started to en masse switch to other messengers like Viber(?). And Whatsapp had to stop enforcing the fee.

>>eviks+8s
Selling a service automatically opts you in to all kinds of consumer protections, either legally or de facto through the dispute mechanism of the payment methods your customers use.

Just ignoring customer complaints and selling the service "as-is" is usually not an option.

>>charle+Yl
Wikipedia is particularly insulting because they make enough money to cover the actual costs of running Wikipedia (the site) in days if not hours, and could operate for years without any additional donations: >>32840097

>>Duneda+Z
I wish their justification for dropping SMS capability from their Android app to move away from phone numbers was a little more transparent about the obvious cost aspect rather than solely sticking to the patronizing "we're saving insecure messaging users from themselves" messaging they had. I found it pretty obnoxious. I think people generally get "valuable nonprofit + huge expense = not-sustainable = bad."

>>mikece+(OP)
Support for Signal development supports all privacy-oriented software and systems, because Signal is open source.

The Signal Protocol already is an industry standard. What other Signal development - either the components, the code, or the concepts - are used by others?

>>rasso+js
Not even that, because it is linked to phone numbers.

>>mikece+(OP)
Given the few fees, what about charging/giving the option to pay $1/year? Whatsapp had this in practice before they got acquired.

>>hansSj+0g
It's in testing now; you'll soon have to switch to complaining about some other thing.

Anyway, considering usernames required an extensive redesign of how Signal works, it's not surprising it took 5 years (3 years of full time)

>>melbou+kp
I've actually posted Signal's tax return before, but a great thing about US nonprofits is the tax return is publicly available from the IRS website: https://apps.irs.gov/pub/epostcard/cor/824506840_202012_990_...

The last one available is from 2020, though. They tend to lag a few years behind. They're required to report key employees plus top-five compensated who aren't "key." Brian Acton and Meredith Whittaker both earn no salary at all. Their COO got $290 in 2020. Moxie Marlinspike and their top five developers/managers were all in the 400-600 range.

I'm sure they pay well (don't have much choice if you're going to be based in San Francisco), but I highly doubt 400 is an average salary. The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.

>>munk-a+Tg
> In this particular way Apple is happy compromising the mental health of young people to secure a larger market share

Should we also force luxury brands to offer stipends so that teenagers whose parents can't afford them (or simply don't want to participate in that nonsense) don't feel stigmatized?

It would be a completely different story if Apple were to ban third-party messaging apps on their platform, but as restrictive as they are in other areas, they aren't doing that.

It literally only takes a free app download to get a cross-platform messaging experience at least on par with iMessage (and in my personal view superior in many regards).

>>nwelli+jm
> Get off the major cloud providers that charge insane egress fees

At on demand prices, yeah. But companies of sufficient demand can enter into volume discount programmes.

>>lxgr+Vp
Is that true at scale? If I tell the telecoms that I want to send a billion messages per year it seems like they might be willing to take a lump sum instead of setting up the systems to bill based on usage.

I have no experience directly with foreign telecoms, so I was simply explaining how something with no marginal cost could still be a very expensive system.

>>ActorN+v9
Offering self-hosted servers would probably just degrade the security guarantees of Signal if people misconfigure them. Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation for a niche user base who cares about self-hosting.

>>slaw+La
In business, you get what you pay for. Cheaper hosting might raise more issues that need to by handled by your employees, who also are expensive, and also the organization's focus gets disrupted. The hosting company / cloud vendor has an enormous economic advantage, with access to the entire hardware and software stack, the engineers who built it, people whose full-time job is operating it. Often it's cheaper to pay more for better.

As I have to explain about open source, 'Free is only free if your time is worth nothing.' (And I use a lot of FOSS, it just not always the solution.)

>>Canada+kb
I fail to understand the point of supporting an organization that is completely against self-sovereignty like Signal is. Why would I want to pay someone to develop something that traps me into their platform and does not offer a way out?

>>davidh+gf
They are peer-to-peer by default between people in their contacts list. That is for when calling someone that isn't in your contacts list or for people that have enabled the relay all calls option.

>>mikece+(OP)
>Privacy

That’s a very bold statement from an app that still requires a phone number using a broken protocol (gsm) to “verify” your identity and authenticate it, sim swap attacks can be carried out by kids these days. Also, don’t expect privacy when you are using a proprietary OS like iOS or one full of Google services that also have proprietary firmware drivers, they (the adversaries) don’t need to even decrypt these “privacy apps” when it’s easier to access the backdoor-ed OS or hardware, but enjoy the illusion in the meantime.

>>Canada+kb
20/month for every chat service I use is very steep. I'd be spending more on chat services than on mobile data + unlimited calling + landline + DSL + streaming services combined!

They actual costs are apparently about 1 USD per year per user. I usually at least double (usually more) my incurred cost when the donation is optional, to cover for those who can't or won't pay, but paying 240× the cost price seems wasteful as well when there are other nonprofits that can do more good with every dollar you give them (be it solving poverty, climate change, whatever you find valuable) rather than one which has mostly fixed fees

>>V__+r8
Whatsapp got pretty big at 1 eur/year (iOS) and 1 eur for lifetime (Android) here in the netherlands.

I do fear they'll loose most tech un-savvy users because they don't know how to pay (safely).

>>V__+r8
It’s beginning to sound like the 1 EUR/year that at some point WhatsApp wanted to charge and it seemed reasonable to me at the time. Signal is even better and even more so justified.

>>nvy+Rg
The sms decision made signal go from THE messaging app on my phone to an app I only use with a very small subset of my contacts. It is infuriating that they didn't allow users to retain that functionality when it costs them nothing, and they could have disabled it by default.

>>tamimi+8v
I'm always intrigued by people that have this POV. Security and privacy are not binary for fucks sake. Improvement on the status quo is great and Signal improves a hell of a lot.

Not to mention that half of your comment is non-issues.

>>hn_thr+0k
Carriers that run their own messaging infrastructure can allow for direct connections from 3rd parties, and set the price per message to whatever they want, including zero.

For something like Twitter where you could post by SMS, the balance of traffic might have been such that giving Twitter free outbound SMS was balanced by the charges incurred by customers sending to Twitter's shortcode. Or it might just be balanced by increased customer happiness when they can use the product more effectively.

If the carrier doesn't run their own messaging infra, they might be paying their IT provider on a per message basis, and might not be able or willing to set the messaging rate to zero.

For a use case where SMS is used to show control of a phone number, getting a zero cost direct route is a harder sell, but it can happen if the routing through aggregators is poor and the carrier is concerned about that, or if there's some other larger agreement in play.

>>mikece+(OP)
I'll probably donate, but I find it annoying that Signal only offers Linux packages for Debian-based distros. I've had headaches with the Flatpak. I would think that the Linux desktop audience - while not huge - would be the most interested in Signal. That is, might not be a lot of Linux users but percentage-wise I'd bet more Linux users are interested in Signal than macOS or Windows users.

Even an AppImage would be lovely.

>>nwelli+jm
> Get off the major cloud providers that charge insane egress fees.

And run their own DCs? Cool, they'll just need a lot of upfront capital aaaaaand they're back in the "need money" boat. Except more so.

>>lxgr+S9
> For P2P communication. SMS is alive and well for B2C messaging, most importantly for 2FA OTP delivery, but also as a first line of defense against spam/bot account creation.

In Brazil, businesses use Whatsapp to communicate with consumers. You order pizza and book doctor appointments over whatsapp

>>rglull+Lr
> open it up to let other people run their own servers instead of trying to control everything.

If you know of a good open architecture that solves the problems of spam and impersonation while maintaining the convenience and ease of use necessary for mass adoption, please share it.

>>YeBanK+rl
Or the extra privacy could be the current misfeature where you can't properly sync messages across devices. No reason to ditch over that?

>>hiatus+Kv
You paid them nothing and are infuriated. Interesting.

>>wolver+nt
The only issue I'm aware of is that The Signal Protocol is only really defined in Signal's GPL'd code. So it's almost impossible to write a clean room implementation (e.g. Wire tried and ultimately failed. they ended up also GPL-ing their library).

>>teeker+ov
That doesn't mean they were actually profitable at those rates though. They could have been in growth hacking mode with venture backing.

>>Analem+Xl
> It’s so unwanted that Google had to scrap their original plan of making the carriers host the infrastructure and do it themselves, because the carriers didn’t give a shit.

To be fair, that wasn't Google's plan, that was the GSMA's plan. GSMA created the RCS spec, failed to get more than a handful of their members to use it, and kind of abandoned it to the wolves. For reasons I don't quite understand, Google decided it'd be a good idea to take it up, and then push it harder than any of their previous messaging services; but it's not like they came up with it.

>>greyfa+2p
Because peer-to-peer messaging is not a solved issue. People want asynchronous conversations and not have to expose their location to everyone they talk to.

There are other platforms that are working on federated e2ee services (it's not easy. matrix was completely broken a year ago).

>>Sol-+Hu
> Doesn't seem to be worthwhile for the Signal foundation to run into this risk of undermining their own reputation

It's a bit too late for that. They undermined their reputation when they started permanently keeping sensitive user data in the cloud (like a list of every person you contact), and then again when they refused to update their privacy policy which lies to users about their data collection practices, and then again when they killed off the ability to get both "secure" communications and unsecured SMS, and then again when they started adding weird cryptoshit nobody asked for. Signal seems to be telling people as loudly as they can not to use/trust them.

>>rglull+Vu
Not completely ? Their server seems to be open source too now (with the exception of the spam filter) ?

>>rezona+7o
> Additionally, Twilio does not purchase short codes (ie 12345) which means its harder for the carriers to track bad behavior across their network. There is an initial cost (fairly high) to acquiring a short code, though you can also share short codes across customers in some cases. Acquiring a single short code and sending all messages from that short code would likely reduce costs.

Twilio offers short codes, but short codes are country specific, and the costs for sending to the US are low anyway < ~ $0.01/message for most services, lower with volume; IIRC, short code messaging costs were half, but then you've got some overseas destinations where it's $0.10/message and that's real money.

>>slaw+La
DO, at least, has bad peering agreements that will cause you noticeable, unfixable (if you stay on DO…) persistent problems at large enough scale.

>>jzb+2w
The Flatpak works fine for me on Fedora, though of course it's an Electron app, and it periodically has to be re-connected if I don't use it much.

>>ruffre+fb
I have some good news: go into the settings and turn on encrypted backups. The clients also all come with a search function, even if it only matches against start-of-word (which includes URLs, so you can't search for domain names which regularly bothers me).

Directory integration, as in, importing a vcard with everyone's phone number into your device such that you can tap on anyone's name and message them on Signal if they've got Signal installed?

>>groby_+as
There's never enough talk like this and I'm not sure why. It's always about the threat model. In this respect I always like to think of it in terms of probability. Probabilities and likelihoods aren't just about capturing randomness like quantum fluctuations or rolling dice, they are fundamentally about capturing uncertainty. Your threat model is your conditions and you can only calculate likelihoods as you don't know everything. There are no guarantees of privacy or security. This is why I always hated the conversations around when Signal was discussing deleting messages and people were saying that it's useless because someone could have saved the message before you deleted them. But this is also standard practice in industry because they understand the probabilistic framework and that there's a good chance that you delete before they save. Framing privacy and security as binary/deterministic options doesn't just do a poor but "good enough approximation" of these but actually leads you to make decisions that would decrease your privacy and security!

It's like brute forcing, we just want something where we'd be surprised if someone could accomplish it within the lifetime of the universe though technically it is possible for them to get it on the very first try if they are very very lucky. Which is an extreme understatement. It's far more likely that you could walk up to a random door, put the wrong key in, have the door's lock fall out of place, and open it to find a bear, a methhead, and a Rabbi sitting around a table drinking tea, playing cards, and the Rabbi has a full house. I'll take my odds on 256 bit encryption.

>>mikece+(OP)
Paying over 100 USD per 1 TB of data transfer is just stupidly expensive. That's insane pricing...

>>Night_+B6
> Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.

Signal has not been good. The absolute least we should expect from any "privacy oriented company" is that they're honest and fully transparent about the data they collect and store, and Signal is none of that. Since they started collecting and forever storing sensitive user data in the cloud they've refused to update their privacy policy to alert people to that data collection.

If you advertise your service to human rights activists, journalists, and whistleblowers whose freedom and/or lives are on the line you owe it to them to be extremely clear about what their risks are by using your service, but Signal outright lies to them in the very first line of their privacy policy.

This isn't "perfect being the enemy of good" this is either a massive dead canary warning people not to use/trust Signal, or it's completely immoral and irresponsible.

>>contac+Mv
there's a big social cost to trying to get others to use Signal, and it's not worth it if the advertised features don't work as advertised..

that said I stopped using Signal years ago because of basic deliverability being less reliable than SMS.. I switched back to SMS so I could communicate reliably with a loved one during an emergency when Signal randomly stopped letting me respond to messages, and I won't pay the social cost twice of trying to convince contacts to use it after having to abandon the service when I really needed it.

Actually between Element and Signal and the differences between their usability as advertised versus the reality of using them with non-technical users, I've used up all of my social capital for convincing people to use "better" networks and mostly just use SMS/RCS now.

>>noname+bu
> The expense being reported is total cost of employment, which includes FICA taxes paid by the employer, 401k matches, and probably most notably healthcare, but all benefits and in-kind compensation.

This is incorrect, reportable compensation on a 990 is the amount in box 5 of the employee's W-2, which does not include health insurance, taxes, etc.

https://www.irs.gov/charities-non-profits/exempt-organizatio...

>>rasso+js
Why is it more private than WhatsApp?

>>munk-a+Tg
Agreed.

It reminds me of the "Blue eyes/Brown eyes" exercise (https://en.wikipedia.org/wiki/Jane_Elliott) so let's say this was a real psychology experiment. Middle-schoolers and high-schoolers are encouraged to communicate via a chat application with rich multimedia functionality. But any conversation that includes even a single individual who belongs to an arbitrarily-defined "out-group" has its functionality degraded and the application highlights who the out-group member(s) are. After a year you compare the mental, social, physical, and academic well-being of both groups. Would your university's IRB approve such an experiment?

I initially gave Apple the benefit of the doubt that this was simply a technical limitation. And of course kids will always bully each other about something. But at this point it does indeed seem like a billion-dollar company is intentionally amplifying and leveraging this sort of bullying to drive marketshare. If you don't find this immoral then I'm not sure what to say.

>>renonc+Il
If SMS actually worked for this purpose, it would be acceptable. However, SMS provides no guarantees about: 1) If it actually gets delivered 2) If it is delivered to the intended recipient 3) 1 and 2 without anyone reading or tampering the message while in transit

Now, even if stars align, your SMS ends up on a route where nobody is mitm-ing or hijacking it, the telco systems work and it gets delivered, it is STILL not a guarantee of identity. It simply verifies that you have somehow got access to a particular phone number.

>>autoex+Gy
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.

Either way, that seems quite good to me.

>>halyco+7t
Is that including staff + trying to do new stuff or just the servers.

>>2OEH8e+Jk
Signal requires a real phone number to open an account, you are not anonymous to Signal.

>>kyawza+R9
And the people those friends want to talk to. And the friends of those friends.

To have self-hosted chat services, you either need a niche enough service that you'll never have two parties that would want to talk to each other while being on different servers, or federation. Signal chose the former, so here I am with eight communication apps on my phone.

Maybe the next best thing could be to support multiple servers, like how email clients let you fetch data from more than one email provider, if they're so worried about federation inhibiting their ability to control the ecosystem that they plainly won't go there and hold speeches about how harmful that situation would be. Then we could have self hosting and also Signal wouldn't have to care about federating with my self-hosted server.

>>mikece+(OP)
Just a reminder, many of the places you work will match your donations.

Edit: Not sure why people downvoted this. Boss, is that you? I'm increasing my donation.

>>maxfur+ql
The small ISP/phone/cable company I worked for in high school had a data center. Maybe 20 racks. It was pretty damn reliable (old-school phone infra techs knew how to make shit stay “online”). I guarantee it wasn’t above the single-digit millions to build, inflation adjusted.

>>discar+Aw
I could get my parents who are nearing their 70s to use Element (Matrix) and it took them less than 10 minutes, even with me asking them to register to a non-default homeserver.

Screw "convenience". It's a poison pill. "Convenience" should never be put above "resilience" (not to mention "freedom") in a value scale. The American obsession with "convenience" is turning us all into cattle and it's getting harder and harder to get the rest of society to function without being controlled by some corporate overlord.

>>NoGrav+ly
Seconded, the Flatpak is the way to go.

>>renewi+Nh
I have an old receipt in my Google Pay for whatsapp at a whopping 99 cents :)

>>pierat+Og
Signal actually jumps through quite a few hoops in order to let you and your contacts are on Signal without Signal actually having access to a copy of your whole address book. It's even mentioned in TFA.

I do agree about being linked to your phone number - doing it that way means not considering a lot of people's valid threat models. They are working on moving to usernames, though. It's in beta now.

>>sam_lo+Ct
Afaik you can crrate an account without a number.

>>Duneda+Z
I wonder if you could do something clever such that you can have people volunteer their SIM for sending 2FA?

>>BlueTe+Ex
Can I operate my own Signal server and talk with people on the "main" one?

>>bombca+Sk
SMS sender isn't generally something you can trust. If you get the SMS directly from the carrier that's responsible for the number, and you have reason to trust their SMS sending to verify the sender, then yes. But in countries with number portability, you still need to pay to lookup the carrier responsible for a number.

And you'll need to maintain ingress numbers in all the countries you support, and maybe numbers per carrier, depending, and you'll need to tell the user the right number to text to ... it's a lot, and it might not work well or might not save much money.

>>jahabr+aw
There's a ton of options between paying premium cloud prices on egress and running your own data centers.

>>contac+Mv
Right, so instead of 20 entities tracking you for example now you 18.. the false sense of privacy is far more dangerous than knowing your messages are not private (Like when Tucker Carlson used Signal thinking it was private to find later all his messages were not, regardless if it was a bugged app or an OS, the false sense of privacy is worse, he probably won’t texted those on iMessage for example). Same argument you can see with “vpn is private and we keep no logs because you can trust us!” plus it can be defeated with browser fingerprinting, or paying a hefty price for this “top private email” provider when the recipient doesn’t even use any privacy settings or anything let alone email as a protocol is not meant to be private, it’s all a business model, and the gullible buys it, you “have” to trust that Signal server is not backdoor-ed in real time, and as the old rule in security, if you can access the physical hardware you can in theory access anything in there, you don’t know the hardware is used there, is there any memory injection exploit that get activated after the so called audits? You can’t know, you have to trust that.

>>lxgr+Sg
If you have a sustainable business model, you don't need the network effects. Threema is fine with a smaller userbase because they have a business model that works.

>>umanwi+9z
I encourage you to read the article, but Signal minimizes the metadata it stores about you, doesn't hold on to you contact list, doesn't keep information about your IP address, etc.

WhatsApp instead makes tons of money from this kind of metadata.

>>rodlet+gb
Matrix fixes that issue (and also the issue of the server your group chat is hosted on disappearing). It has plenty of other issues, of course.

>>Oooooo+9A
No. You can just hide it from other users in group chats now (and perhaps 1:1, didn't yet check but you still need one to sign up)

>>abdull+sl
With how much Mastodon.social tends to fall over when Twitter does something stupid (again), their rates are probably a bit too low for a more robust service like Signal.

Signal also intentionally doesn't store too much data, long term data costs will slowly grow over the years. I imagine for a bigger platform, costs can grow to multiples of the rates for Signal and smaller Mastodon servers.

€10 per year should be more than enough for most users, though, and it should be quite affordable for most countries.

>>Night_+iz
You're right, that's how it used to be. They still have pages on their website bragging about times when they didn't have anything to turn over because they didn't keep any of it. A while ago that all changed. They started collecting and forever storing in the cloud the exact data those requests were asking for. Lists of everyone you've been contacting, along with your profile data (name, phone number, photo).

https://community.signalusers.org/t/proper-secure-value-secu...

If you're a Signal user and this is the first time you're hearing about this, that should tell you everything you need to know about how trustworthy Signal is.

>>dingnu+Ny
I understand that. Signal has put in a lot of work since I started using it fulltime and is much more reliable now than it was just 2-4 years ago. The only time I've had issues now is when I'm backpacking in areas with spotty connection. SMS delivers quicker and is more reliable.

>>akpras+Fk
Also a reminder, your work might have a donation matching system. All the major tech companies do, so you can really boost your effect.

>>jzb+2w
Signal Desktop is available in the Arch repositories. https://archlinux.org/packages/extra/x86_64/signal-desktop/

>>godels+Ws
How is a check in any way private? Your name is on it.

>>lxgr+6t
Why is it not an option when it already exists in many places (all these protections fail all the time)? Your first sentence doesn't imply high/expensive level of customer service

Besides, even now they're not ignoring all the complaints, the do fix bugs?

Maybe to be more specific, how much did it cost WhatsApp when they had $1 price and a tiny team? How does it compare to the cost of SMS?

>>Raston+rf
> millions upon millions of new people suddenly switched to Signal in January 2021 after WhatsApp updated their Terms of Service

From a footnote of the article. Maybe this is why they've stayed with "infinite scale, infinite costs" (commonly known as "cloud") so long? Surely at some point this is worth considering though, I would also be curious where that point lies

Virtually anyone, also when spending only 100 euros/month on server providers, can save a large percentage of costs by taking it in-house. There might be a gap where you need dedicated personnel and it's briefly cheaper to outsource before you grow and it inverts again, but generally if you've got a stable service then this is nearly always worth it

Maybe a hybrid, where new users onboard onto cloud and they buy hardware for expected loads (i.e. current users), would be the most cost effective. I wonder how hard that is to combine the two worlds, but anything that requires more than one server already has that sort of communication going on so there shouldn't be any real blockers. Maybe the two types of infra add costs/risks again and that's why one rarely sees this setup?

>>pierat+Og
Signal doesn't learn your contact list. See https://signal.org/blog/private-contact-discovery/ and https://signal.org/blog/building-faster-oram/

>>olah_1+EA
Yes, but Signal and Threema seem to have a pretty different mission.

>>tamimi+CA
I'm honestly interested in what your solution for private communication is that will also get mass adoption among hundreds of millions of users. (And it's definitely not running your own XMPP server and getting everyone to switch to Linux phones).

>>toast0+Xv
If you require global connectivity, managing hundreds of carrier APIs, contracts, etc seems like major overhead. Also, there are companies whose only purpose for existing is providing messaging, like Twilio, are they just...not doing this or do the carriers just not play ball? In that case, why would the carriers agree to sell to you at a discount?

>>RunSet+1t
It really comes down to that? Wow.

Thanks for answering though, it really bugged me, and I couldn't find anything on it.

>>lencas+rv
They used to "require" a subscription of 1$/year but it was not enforced. If you missed the deadline, nothing happened. It was basically the WinRAR model but for an online service.

>>mplanc+8o
> I’ve got a recurring donation of $5/mo I set up ages ago

Thanks for that, I did a one off 300 euro donation back in '21 during the bubble market; Meredith has been doing the rounds [0] and she hits on lots of good points, and even went to the UK over their now failed bill during the Summer.

0: https://www.youtube.com/watch?v=ykfABSBeAVo

>>JumpCr+zn
I said Average for a reason :D I didn't say you can get "top-notch" security developers for that.

I don't think there's industry numbers for that set of people in the UK, as it's not a big enough set. However I'd be surprised if they were 150K plus though, that's a very rare salary in the UK.

Also there are cheaper countries than the UK who have great devs.

>>contac+ux
I'm not suggesting that it's a solved problem, but it's a solvable problem, and the Signal Foundation should be using its (significant) resources to solve it, rather than slowly bleeding them out to AWS, GCP, Azure, and Twilio. Unfortunately, solving that problem also significantly reduces the scope of the Foundation, so there's little incentive.

>>rglull+lA
You're moving the goal post from "self-sovereignty" to supports federation with an infinite number of servers. Nothing is stopping you from compiling your own Signal server and modifying a Signal client to use your server.

Given that Signal is free as a service, supporting federation only increases their expenses.

>>mikece+(OP)
P2P alternatives are less convenient (always on to deal with notifications, adding contacts typically requires extra steps, etcetera), but the difference in costs is abysmal. In any case, it's been years since I've tried to make my social circles move to any of those platforms (Briar, for example). It's a losing battle.

>>olejor+Qp
Still doesn't work. Any two people don't have a pro account and they stop using it in favor of a competitor, and then their other contacts use the competitor too. You can't charge for something WhatsApp has for free.

>>mikece+(OP)
It’s somewhat puzzling that Signal doesn’t let me donate with Mobilecoin.

>>rany_+JD
That may have been an A/B testing of sorts then, because I was booted right away.

>>heavys+Cz
Phone numbers can be obtained anonymously in many countries. I have several anonymous Signal accounts, each with their own anonymous phone number.

>>mikece+(OP)
I always wonder what is the level of safety of Signal fron state level actors. Signal uses telephone numbers as user IDs + sends those verification SMS. Also 50 employees? So how many are monitoring the infaratructure 24/7 (on a side note, a project with 50 employees is probably still better than those with thousands - what do those people even do).

If the data leaks somehow, telephone number as ID sounds very bad.

>>Canada+kb
Same. I have been doing the recurring payment since they offered it. Even though I'm effectively only using it with my partner. But that is every day

It feels good supporting something worthwhile.

>>YeBanK+rl
Not having to rely on a phone number would be extra privacy.

They are stuck with SMS though because it's a costly... signal that prevents spam.

(Sounds like an opportunity ??)

But then this might solve the funding issue for them, but being tied to most payment systems would only somewhat improve the situation for the users.

I understand now why they dabbled with cryptocurrencies (Monero having proved that these can be anonymous short of having NSA levels of computing power ?). I haven't been keeping up, how did that work out ?

>>rezona+0i
RCS-the-open-standard is not end to end encrypted.

>>mhh__+kz
Why should Wikipedia do new stuff? Or rather, why is it okay for Wikipedia to lie to people to get funding for their new pet projects?

>>mikece+(OP)
This was the nudge I needed - super easy to donate $5 a month via the app using Apple Pay.

>>itslen+rg
RCS the “universal protocol” is not end to end encrypted.

Google has made some proprietary extensions to RCS to support end to end encryption but this is not the same thing.

>>nwelli+jm
Removing essential features like voice/video calling for non-paying users would be a terrible choice IMHO. This is a communication app, which means it is only useful if others use it too.

And how are you going to convince others to pay for Signal when there are many free alternatives, including WhatsApp, which most people already have and while not as privacy focused as Signal, does have end-to-end encryption. If Signal makes people pay for voice calls, they will simply use WhatsApp, regular phone calls, or whatever is free and popular at the moment.

The success of Signal came from being very low friction, privacy is the "nice to have" feature, at least for most users. But add friction and they will look elsewhere, Signal is not WhatsApp, it doesn't have enough of a critical mass to keep users on its network.

All that will remain will be a small core of cypherpunks and people who really have something to hide. This is bad because one strength of Signal is that it is a mainstream app, making it hard to single out "interesting" people compared to those who just use it because their geek friend told them to and they like the shade of blue.

>>coyote+3H
Same. I'd donated here and there in the past, but I easily get $7CAD/month of usage and would be sad if it didn't exist.

>>itslen+rg
Apple announced today they are going to support RCS https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/

RCS is better than SMS no doubt but lets not pretend it is on the same level as iMessage. Lack of end to end encryption alone makes RCS a dated standard

>>Caliga+oE
Without federation, Signal is still working with the advantage of network effects. So an open source server is not enough of a way out.

Element can do it for their Matrix servers. Process.one can do it for ejabberd. Prosody as well. Why can't Signal?

>>wkat42+3B
Where is the option for group chats please?

>>jpollo+Zn
Good point, I guess we are proving why the resorted to using numbers in the first place. Unless you have a verification point that includes a "charge". Indirect or direct, your platform gets flooded with spam/bots. Does anyone have ideas of how this problem can be solved while also preserving privacy?

Problem: A system that enforces a monetary penalty to prevent sign up abuse while also not tying a users identity to said system.

Without doing some pain in the a crypto stuff it seems like there are no easy solutions other than the #

>>polite+XF
> whether you’ve been required to pay WhatsApp’s annual fee depends very much on when you joined the service, and even on what country you live in.

Source: https://venturebeat.com/mobile/whatsapp-subscription/

>>umanwi+9z
Using WhatsApp means Facebook/Meta knows the timestamp, sender and recipient of every message sent.

>>AnonHP+kr
I don't see the point of all that encryption when the ends of a conversation are tied to publicly available info like a phone number.

Do you think $SECRET_POLICE will care that they can't decrypt my messages when they know I have exchanged said messages with a known dissident's phone number?

$SECRET_POLICE doesn't do innocent until proven guilty.

>>lepton+ug
I'd pay much more than $2 if they offered account identifiers other than phone numbers. Trying to get a burner SIM or DID while still staying anonymous is getting increasingly difficult.

But I think it's pretty clear by now that this is a feature for FVEY IC, not a bug. FFS, they burned development resources on stickers, but abjectly refuse to offer alternative account identifiers. The standard apologist response is, "but phone numbers make adoption easier". Sure, but nobody is asking to replace the identifiers, or even to make them nondefault. We're just asking for the option. It could be hidden behind a developer mode for all I care, but it should be there.

The fact that they abjectly refuse to do it is enough to tell you about what their true motivations likely are.

>>lxgr+4o
Do you have a source that it was started by Google? From looking around, they support its development but it was an industry initiative, and Samsung was one of the first OEMs to support it.

>>akpras+Fk
I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?

>>hotnfr+Oz
That example of your small telecom company isn't really relevant here, is it? Signal needs to work well for people around the world.

>>GuB-42+fH
Valid but if there is no model that is sustainable then who cares if its successful? Some trade offs will have to be made. How can they keep going if the vast majority of people don't pay? They don't have the model of "ok we are going to flip and monetize after we get to X mass". Its like a growth startup but with no end game plan.

>>itslen+rg
Good news, Apple just announced they'll start supporting RCS next year.

https://www.techradar.com/phones/iphone/breaking-apple-will-...

>>Aachen+sy
The backup option is Android-only.

>>sam_lo+Ct
Yep, a great example: https://dessalines.github.io/essays/why_not_signal.html#phon...

>>wkat42+DB
A cashier's check doesn't.

>>_Alger+ZG
Some of those new projects are directly applicable to potentially improving Wikipedia. Some.

>>poutin+ac
I started paying for Signal when they rolled out the subscription feature at the $5/mo plan and after reading this post, I just moved to the $10/mo plan because of how much I value this service since I use it every day. I hope other users subscribe if they are able to do so.

>>GabeIs+nn
> Don't take them personally

No. They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.

More broadly, I don't have to excuse bad behavior just because somebody's making money off it or because it makes some too-narrow metric go up. Yes, it's a complex and imperfect world. But to me that's a reason to work harder to make things better, not a reason for people to say, "fuck it" and make the world worse.

>>mhh__+kz
It includes staff, but not new stuff. The new stuff seems to be mostly things not directly related to Wikipedia, like funding third-party projects or causes. I'm trying to be politic here: many people don't like the projects they are funding with donation money, and others just don't like that they give money to any projects, and other people don't like that they keep the banner up after they've paid for salaries and keeping the lights on.

>>sneak+9G
It's possible in the US, but it's getting very difficult. I don't know anywhere you can buy or or borrow a DID with Monero anymore. Looks like they got to Telnum recently.

You can still buy a SIM, a prepaid PIN, and a phone with cash, but you'd need to pay a non-correlated person to be seen on CCTV to do it, at a non-correlated time, and hope they don't just take your money and leave you nothing at the dead drop.

Then there's the hassle of setting up the account in a way that's not correlated with your location, normal waking hours, etc.

All of this could just be avoided if Signal did the right thing.

But they won't. Ask yourself why.

>>lxgr+in
Thanks for over-analyzing my comment. $1/year, $2/year, $5/year, is all insignificant in the wide array of things I pay for. Sure, I'd pay $10/year for Signal as it is today if they really needed me to. And I never said to make payment mandatory. You're just way over analyzing a simple comment.

>>raesen+8E
There's definitely top-notch software and security engineers making well north of £150k in the UK. As you go up in levels, it's indeed a small set of people, but FB / Google comp for a top L7 engineer working in the same space as Signal engineers can be $700k+ in the UK. Just have a look at levels.fyi, and you'll see that even finance will pay over $500k in London. Furthermore, given how small the group of people are at the top of these companies, very few will self-report their incomes publicly, which is why you'll rarely hear about the engineers making $1M+ – but those cases do exist.

The people behind Signal pioneered end-to-end encryption, and as is pointed out in the blog post, there's still a lot of novel cryptography development involved in building a privacy-first messenger. You can't do that without top-notch talent.

>>caeril+rJ
Agreed, at this point I don't believe the "privacy" aspect of Signal's sales sheet means anything. Most that I know use it primarily because they can have clients on all platforms, including desktop.

>>_Alger+ZG
> Why should Wikipedia do new stuff?

Because it's not perfect yet?

The point of Wikipedia is not to have some servers ticking over. The project has a vision: "Imagine a world in which every single human being can freely share in the sum of all knowledge."

I agree it's not ok for them to lie, and am bothered enough by their dubious fundraising tactics that I stopped donating. But that's a totally separate concern than whether Wikipedia's mission is complete.

>>wpietr+CL
> They are meant to manipulate me personally, as well as other persons I care about. I will take them personally.

This, absolutely! they play on people's psyche and mental cabling by trying to guilt you in the same way your parent would ; it's manipulative, and I have an absolute hatred for these tactics.

>>umanwi+9z
Pay attention to WhatsApp's wording (all privacy/security claims start with "your messages"), and their privacy policy, and you'll see that while message involving with individuals (non-Business users) are secured, your contact list is not, neither are chats with businesses or the metadata about you chatting (destinations, frequency, time)

>>nurple+NJ
Signal is not for anonymity.

It's for security.

>>mikece+(OP)
If Signal drops the requirement to have a phone number I'll support them with money. If they allow me to change the name of a contact to what makes sense to me, I'll donate again. Follow the example of Session on this!

>>peanut+GC
Aggregators do some of this, and they can negotiate pricing to some degree, but a carrier is unlikely to intentionally give them zero cost traffic, and even if they do, they're not going to pass that through at zero cost.

I ran the engineering side of carrier integrations at WhatsApp. Carriers wanted to sell data plans with special pricing for data with WA and use WA branding in advertising, because it attracted customers that might later convert to a bigger general purpose data plan. As part of that, we would ask for zero rated SMS to their customers for verification. When it was available, it was generally faster and higher success vs sending messages through an aggregator.

We also had some, usually small, carriers approach us asking us to set up direct routes to them for verification, because their customers would not always receive our messages when we sent through an aggregator. Early in my career at WA, we would just send these carriers to our aggregator contacts, and often things would get linked up and then we'd still pay $/message but it would work better. As we got a little bigger and built support for direct routes anyway, it was usually not too hard to set up a direct connection and then there'd be no cost for that carrier. Messing around with IPSEC VPNs and SMPP isn't fun and the GSMA SOAP messaging APIs are way worse, but once you get the first couple implementations done, it becomes cookie cutter (and FB had built way better tools for this, and a 24/7 support team, so I never had to be up, on the phone with telco peeps at 3 am kicking racoon or whatever ipsec daemon we were running until it finally connected)

>>nurple+NJ
It is not meant as a anonymous messager, but an encrypted one, you can trust to not sell you out.

>>nottor+qJ
Signal's design for usernames and phone number privacy means they won't know

Also, dissidents aren't the only (and definitely not the primary) intended users for Signal

>>rglull+Vu
Given how many activists have used it in overthrowing dictatorial governments, self-sovereignty seems an odd choice of words to claim it doesn’t support.

>>jadyoy+56
Wait, still ?? Which countries ?

>>wkat42+6x
They were well-known for not doing that, though.

>>NoMore+BD
If you ever have nothing better to do, view the revision history on the wikipedia entry for Session Private messenger and witness the petty roadblocks thrown up as objections to allowing it to have an entry.

I'll just say Session had to meet a lot of criteria merely to have a wikipedia entry that Signal's entry did not meet at the time.

To this day Session's hard-won wikipedia entry is saddled with a "limitations" entry best summarized as "Session is not Signal".

https://en.wikipedia.org/wiki/Session_(software)

>>nurple+NJ
> I guess maybe I'm missing the purported point of signal, attaching your phone number to use it notwithstanding, but attaching payment identity to it as well? Like, what's the point of going through the pain required to use it?

Your payment info is not connected to your account.

https://support.signal.org/hc/en-us/articles/360031949872-Do...

>>autoex+gB
The technical info in that community form is a few notches too technical, I work in a different knowledge base.

If someone broke down what the timeline was, what new info is being stored that wasn't before, how that is known, and how Signal has responded, etc, then that would be useful.

I'll admit it doesn't seem great. Phone number I understand, but name and contacts are more concerning.

>>mikece+(OP)
I'm seeing all the comments about the $6m Twilio expense, but nothing commenting on how their cost per employee is $380,000 totaling $19m. I think they could optimize this easier if the will was there. I know HN is very SV/tech centric, and that number makes sense there given the run up of VC money, etc. but I'm willing to bet they could source talent from cheaper places and slash this in half; if they wanted to. Just an observation, not my place to tell anyone how to run their business, but for a nonprofit that is trying to drum up donations to fund their operations, I'd think they would want to be leaner.

>>zucker+BB
That would be very helpful... if I ran Arch.

>>conduc+5Q
If you want to hire the best talent - engineering and ethics, you need to pay top dollar. 380k is senior engineer comp at most FAANG adjacent companies. It's not a lot.

>>Oooooo+9A
Not yet, but they are working on that.

>>conduc+5Q
Craftsmen's compensation is a non negotiable matter IMHO.

It's not someone's fault if they happen to live in a particular economic climate.

The real root cause isn't the engineering or infrastructure cost.

It is about people paying their fair share myself included.

>>conduc+5Q
This idea that an equivalent level of talent to SV is readily available in Indiana or Costa Rica for cheaper pay is deeply flawed.

>>conduc+5Q
This number includes taxes, benefits, etc, not just raw salary.

Notably Signal employees do not get equity, so the salary must be higher to remain competitive.

Signal is probably the hardest class of product to build. Name an optimization/distributed systems problem, they probably have it. And quite literally, a Signal bug could jeopardize an activist/journalist’s life.

So for a <$200k salary and no equity, how many world-class engineers do you think you could hire?

I simply wouldn’t trust the product, if it had mediocre engineers.

>>conduc+5Q
It grinds my gears when people on a hacker forum lobby for hackers to make less.

When it’s people who are running a worldwide communications network on the cheap without getting hacked all the time? Absolute pros.

I don’t downvote, let alone flag, but I hate this comment.

>>V__+r8
This is kind of the number I was looking for -- "Cover your own costs: $1/year. Cover yourself and five other people: $5/year." I feel like something pointing out that the costs are around $1/year on signing up, maybe with a reminder once a year, would get most people self-funding pretty quickly.

>>AnonHP+0t
Even if every user had dozens of queued up messages, I don't think it equals millions in storage costs. Maybe I'm naive, but I have a storage/database/queue with billions of records and it costs <$700/month.

shrugs

>>crtasm+PK
O.o TIL. That's weird, apple users already have plenty of lock-in and own-data-inaccessibility, but so maybe they figured they clearly don't care? Weird as heck either way

Then what I can recommend is installing the desktop client on a server somewhere and reading its sqlite-like (but with some flaky encryption extension) messages database

>>nvy+Rg
My lawyer stopped using signal due to the sms support being dropped. It became too much of a hassle and wasn't worth it.

Many of my family also dropped Signal.

It is now really only used by the hyper-privacy conscious.

>>rglull+GH
Back to your original point: please don't support an organization that doesn't share important values of yours! That is absolutely your choice!

You've named several products that share your values. Perhaps those would be a better fit if you were to donate.

>>mikece+(OP)
$6 million per year on outgoing SMS? Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.

>>akpras+Fk
There doesn't seem to be a way to pay annually, which I'd prefer to a monthly payment. £5/month is just a little high, but I'd merrily pay half that or £30/year.

>>sam_lo+Ct
Username registration is currently being tested: https://community.signalusers.org/t/public-username-testing-...

>>mplanc+8o
Me too! Set it up once and forget. I love their work and Unlike any other charity/nonprofit that I've donated to, they never bother me any further.

>>Night_+OP
There's a good article on the topic here: https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

There's a lot more information about it in various places, but Signal went out of their way to be as confusing as possible in their communications so it caused a lot of people to get the wrong idea (see for example https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)

The forums were in an uproar for months asking Signal to not start collecting data or at least give people a means to opt out. Here's a good thread with links to a bunch of the conversations people were having at the time: https://community.signalusers.org/t/mandatory-pin-is-signal-...

>>0xjmp+9S
OP didn't mentioned to slash salaries just by half not by 75%. Most IT people in western countries in Europe are not making even 200k per year. Even in London is hard to get 120k unless you maybe working as a contractor.

A lot of those SV talents are not american but migrated from europe or elsewhere - there are still talented people in EU who just simply don't want to move to USA these days even if salaries are at least 2x. You wouldn't have a problem finding real talent in eastern europe for 150k.

>>akpras+Fk
I had an old Apple Store & iTunes gift card laying around so I redeemed it and attempted to use it to donate via Apple Pay, but get "Apple Account - Not enabled for in app payments". Google isn't very helpful about exactly why. Am I missing some KYC somewhere or are payments of this type prohibited from "Apple Account" balances?

>>conduc+5Q
Are you the same kind of people that think that NGO workers should work for free or for a small wage that is not representative of the market wage for their positions?

>>websap+kR
This is SV tech logic that I mentioned. I’m just not usually of the opinion it’s necessary. There’s a lot of talent around the world. And I’d guess only a few really “top talent” folks are needed to build the unusual problems/cryptographic parts of their app. A lot of it could likely be build by an average dev with some oversight.

I say this as a person that regularly and successfully hires devs from low COL areas. I know the common pitfalls of it and know it’s completely possible to manage and get high quality outcomes. It requires a management approach that’s slightly different than having 100% top tier talent from high COL areas but it’s possible all the same.

>>godels+jL
Ah ok I didn't know those still existed. In fact even the named checks are long gone here in Europe lol.

>>akpras+Fk
So you donated to Apple too in the process?

>>wpietr+CL
I'm not saying they are not wrong - it's unfortunate that there is a second hand market for fundraising consulting. It doesn't accomplish anything productive, yet here we are. The key point is to understand that this is caused by Wikipedia having too much funding, not too little. As internet denizens, we can be proud that an open source store of knowledge has money to blow on wasteful consulting, and then proceed to create our ublock filters worry free.

This is different than what is currently going on with venture backed services like reddit and youtube. I would argue that we should block ads there too, but there it is an arms race where we have to consider ways to protect ourselves from encroaching privacy violations. It's much ruder, and that is something we should actually be mad at.

>>benree+WT
Think from the perspective of the non profit. $19m/year is a lot of money to raise year after year from donations.

What’s the game plan if the donations stops coming in ?

>>GabeIs+nn
> Those are just non-profit fundraiser consulting tactics. Don't take them personally, just ignore them.

I don't take them personally, of course, but they do encourage me to avoid forking over any money.

>>wolver+bp
SMS has become a kind of real-world PoW (proof of work) mechanism. A phone number typically has a recurring fee to keep it working. So a live number indicates that someone is spending money (a proxy for effort) to maintain it.*

It still seems like a lot of money to spend on simple, old technology, but from the PoW perspective, making it cheaper would defeat its purpose.

*Which is why many sites reject Google Voice numbers, for example, for SMS verification.

>>kyawza+R9
I mean the idea would be you download the app but use my server instead of of the default ones.

>>Duneda+Z
> Signal pays more for delivering verification SMS during sign-up, than for all other infrastructure (except traffic) combined. Wow, that sounds excessive.

Particularly when the phone requirement is the biggest weakness in Signal.

Getting rid of it will make it substantially cheaper to operate and much more private. Win-win.

>>akpras+Fk
Thanks, I just setup a $5 a month donation.

Love what signal's doing for the world.

>>karate+EL
And others, like me, resent any hard-sell tactic and won't give money to anybody using them.

>>vizzah+PV
Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).

>>mikece+(OP)
It’s so well written so long post, I afraid I well never read it as carefully. Tonight I’m too tired to delve into its depths. Tomorrow I won’t remember, possibly. And the day after that I won’t remember for sure.

Sorry everyone for this off-topic, I just think it’s needed to be addressed, but I have no idea what to do here.

>>rglull+Vu
Just don't use it, don't generate cost for them, don't be trapped by them. Everyone wins.

>>mikece+(OP)
Quit using SMS and phone numbers.

How hard would it be to use a different signal server?

>>mikece+(OP)
appreciate their transparency, but boy do their devs make a lot of money. their 2 highest paid engineers make around $750k USD yearly. I guess if that's competitive good for them, I'm mostly jealous.

https://projects.propublica.org/nonprofits/organizations/824...

>>mikece+(OP)
Personally, I refuse to financially support Signal so long as they're still holding my chat logs hostage on my old iPhone and seem not at all concerned about solving this problem, which has existed for years.

There was (and still is, so far as I know) no upfront warning to users that if they don't first sync with a desktop client, and their phone gets lost or stolen, their iTunes backups do not (unlike most iPhone applications) contain their Signal chats. And furthermore, there's no way to export those chats in backup format from an old phone.

(You can transfer, but the transfer deletes the data from the original source, which is extremely foolish and dangerous IMO, and anyways isn't a proper export accessible from other applications. Furthermore, so far as I know there's no support for transferring from very old versions of the Signal client.)

This has been a critical bug for years [1], it's one of the most complained about issues, and Signal has done (and intends to do) absolutely nothing to fix it. It is absolutely unacceptable to have our own data held hostage by them in this way, especially without any upfront warning.

[1] https://community.signalusers.org/t/ios-backup-keeping-messa...