> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. Simple solution, go distributed.
6M $ for that. Stop doing that. What do dictators control? Mobile phone networks and other infrastructure. And, yes, they really do go after people any way they can.
This "cost" puts people into danger. Coupling identity and operator infrastructure is a critical privacy flaw. And a costly one too apparently. If your #1 goal is to be the most private solution, this cannot be tolerated to continue to be the case. Get rid of it. Your identity should be your cryptographic key.
https://support.signal.org/hc/en-us/articles/360007060632-Wh...
Using signal without verifying contacts is like bit like using HTTPS without verifying certificates. It prevents passive monitoring.
Are they? These salaries are much lower than most tech competitors. I know we like to call out "high" salaries when a useful service is struggling - but they'll struggle even more if they can't retain good talent because their pay is too low. There's a reason tech skill in government is generally lower than that in industry, for instance.
Day-to-day/People is why they keep the registration process familiar to other platforms like WhatsApp/Telegram. "Most" is why they try to compete with Telegram/WhatsApp on features to drive adoption (see Stories and Announcement Groups).
That really depends on the location these people are working from. In most of the world, those are insanely high salaries.
A company like this doesn't need to be based in SV.
This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland. Bay area salaries are vastly inflated in terms of value for money.
There is lots of talent elsewhere of course. I live in Europe. Lots of smart people here. I think I personally know quite a few people that could do at least as good a job as Signal has at building a messenger app + platform. No offense, but this isn't exactly rocket science.
And of course the elephant in the room here is that money is running out because this organization has a cost problem. Inflated salaries, insane cost for things that they should arguably get rid off (like the SMS bills), etc. That's a leadership problem. They aren't even getting value for money despite those salaries.
Both because sometimes I don’t have a phone number. And I don’t want participants to know my phone number.
I don’t get why they have this requirement as it’s not like having a phone number means anything significant. For me, I think privacy includes my ability to not reveal my identity to the network.
They're currently in the testing phase of allowing phone numbers not be known by your conversation partners: https://community.signalusers.org/t/public-username-testing-...
They are building a secure communicator that a normal person can reasonably use - and succeeding. Something nobody else before them managed to pull off. If this isn't rocket science I don't know what is. Not to mention that they pioneer cryptographic protocols in this area, which other messengers later use.
>This only makes sense if you ignore the world outside the Bay area and assume it's a talentless wasteland.
I'm also from Europe (and love it, despite its flaws) but this comes off like whining. If it's really so easy, maybe the smart people here should create their own Signal and reap that overinflated salaries, what do you think?
Or maybe smart people are not enough and you also need VCs, reasonable taxes, laws... Oh btw, did you hear about those plans of EU to get rid of E2E encryption?
Why didn't this start from say Mexico? Or Singapore or Vietnam? Or at least Germany which has a good record of freedom conscious tech scene .
My bet is in something related to the "maslow pyramid": people in SV have so much money that have everything solved in their lives, so they have the luxury of spending their time in this sort of problems.
They know this, but it's likely a precondition of not getting Joe Nacchio'ed. It's a feature, not a bug. Signal's partners* in FVEY IC/LE have given them a lot of latitude in developing a very solid e2e cryptographic protocol and application as long as the users themselves are identifiable.
The pigs don't need to backdoor the protocol or the keys as long as there is more than one party to a conversation and each party is identifiable. The prisoner's dilemma, in real life, almost always gives the pigs a defection.
My pet conspiracy theory is not that Signal is evil, but that Signal is being allowed to operate by the pigs as long as account identifiers are very difficult to anonymize. They are likely very good people with good intentions, but when the FBI or NSA makes you an offer you can't refuse, you do the best you can.
*: I'm not suggesting Signal is in bed with IC. Just that if you operate a communications service of any scale, IC/LE will be your partners whether you want them or not.
• Telegram - Founded: Russia, Headquartered: Dubai, Users: 500M+
• WeChat - Founded: China, Headquartered: Shenzhen, Users: 1.2B+
• LINE - Founded: Japan, Headquartered: Tokyo, Users: 84M (Japan)
• Viber - Founded: Israel, Headquartered: Luxembourg, Users: 1B+
• KakaoTalk - Founded: South Korea, Headquartered: Jeju City, Users: 52M+
• Zalo - Founded: Vietnam, Headquartered: Ho Chi Minh City, Users: 100M+
• ICQ - Founded: Israel, Headquartered: Cyprus, used to have big market share
• Skype - Founded: Estonia, Headquartered: Luxembourg/USA, Users: 40M daily
2. It's probably a matter of Venture capitalists. Even if you aren't from SV, you may strive to go there to get funding for a pitch or find talent. Similar to your prospective actor that moves to Hollywood. Go where the crowds are.
Now, we can ponder why SV became a tech hub, but current market forces makes it ripe for tech startups.
But it's hard to compare EU and US salaries directly. You got taxed way more and your health care isn't bound to your job.