[HN Gopher] Privacy is priceless, but Signal is expensive ___________________________________________________________________ Privacy is priceless, but Signal is expensive Author : mikece Score : 661 points Date : 2023-11-16 16:18 UTC (6 hours ago) (HTM) web link (signal.org) (TXT) w3m dump (signal.org) | Dunedan wrote: | > Storage: $1.3 million dollars per year. | | > Servers: $2.9 million dollars per year. | | > Registration Fees: $6 million dollars per year. | | > Total Bandwidth: $2.8 million dollars per year. | | > Additional Services: $700,000 dollars per year. | | Signal pays more for delivering verification SMS during sign-up, | than for all other infrastructure (except traffic) combined. Wow, | that sounds excessive. | bilal4hmed wrote: | is there any way they can reduce that cost? | java-man wrote: | Yeah, decouple Signal user identity from the phone number. | tapoxi wrote: | This will probably never happen. One of the reasons | WhatsApp blew up is because using a phone number as your | source of identification means there's much less friction | in the signup flow. No username/password to create and your | social graph is already there in your contact list. | | My mom was able to get our entire extended family on Signal | without my involvement, which is a testament to how easy | that is. | yjftsjthsd-h wrote: | They're already working on it: | https://www.bleepingcomputer.com/news/software/signal- | tests-... | | Not whether that's a good idea is more debatable; you're | not wrong about discoverability. | tapoxi wrote: | Those are in addition to the phone number, but it will | still require a phone number under the hood. | yjftsjthsd-h wrote: | In the short term it will, and quite possibly in a long- | term also, but if you were going to fully make phone | numbers optional, I'm pretty sure this is the first step | you would take. At the very least it sure looks like | they're starting to build the possibility. | GuB-42 wrote: | They also blew up because it was also quite decent SMS | app, so you just had to install Signal and use it instead | of your default SMS app. All your messages are there, you | can continue to communicate exactly like you did before, | except that now, if the other person also has Signal, | your messages are encrypted. | | They stopped doing that (and I uninstalled Signal as a | result), so they can also stop with the phone number | thing, in fact, it would make more sense than with the | current situation where Signal needs a phone number but | doesn't use it (except for registration). I could even | reinstall Signal if they do this. | panarky wrote: | Why not both? | | If I want discoverability, let me provide my phone | number. | | If I want privacy, just assign a random identifier. | lxgr wrote: | Nobody is demanding them to stop supporting phone numbers | as identifiers/verification methods. | | I'm not mad at all if somebody prefers using their phone | number and not having a password for a service - just | give me the option to use my email address and/or a | username. | | There are too many "phone number only" services out there | these days. | tapoxi wrote: | Usernames are currently available in beta, the post I was | replying to wondered if SMS verification could be removed | because it's expensive. | xhkkffbf wrote: | Which might be said to increase privacy. I suppose there's | something to the point about combating spam. But surely | there are other ways to do this, right? | smt88 wrote: | Getting rid of phone numbers would make anonymity easier, | but it wouldn't affect privacy. Signal is explicitly | private but not anonymous. | | In most countries, you can get an anonymous phone number | anyway. | j45 wrote: | Phone numbers are the easiest login for people, especially | in a world where not everyone has an email address. | | I know this will invite comments about usernames. I would | like usernames a lot too. | lxgr wrote: | If only it was possible for a service to support both! | i67vw3 wrote: | Send them via whatsapp. A lot of online services give an | option to send OTP via whatsapp along with SMS/Email. | lxgr wrote: | As far as I understand, this is even more expensive than | SMS in many cases due to WhatsApp's B2C messaging fee | structure. | | It's also not a great idea to make sign-ups for an instant | messaging service contingent on having an account with | another, competing service. | blakesterz wrote: | Twitter said that's why they got rid of the SMS 2FA. They said | it was costing millions to have that enabled for them. | | https://www.cnn.com/2023/02/18/business/twitter-blue-two-fac... | chimeracoder wrote: | > Twitter said that's why they got rid of the SMS 2FA. They | said it was costing millions to have that enabled for them. | | Previous Twitter employees have said that this is incorrect. | Because Twitter began as an SMS-only (and then SMS-first) | application (remember 40404?), they very early on established | direct-connection infrastructure for sending SMS, meaning | that they have a marginal cost of literally $0.00/message in | most markets. Twitter still has to maintain that | infrastructure, because they didn't get rid of SMS 2FA - they | just restricted it to Twitter Blue users, so the overhead is | still the same. | | Almost nobody else who delivers SMS today has that | infrastructure, because it doesn't make sense for most | services to build. | | The only place where Twitter was paying significant amounts | for SMS was due to SMS pump schemes, which is a consequence | of Twitter gutting its anti-spam detection, resulting in them | paying for SMS pumping which was previously blocked. | hn_throwaway_99 wrote: | > they very early on established direct-connection | infrastructure for sending SMS, meaning that they have a | marginal cost of literally $0.00/message in most markets. | | I am very, very interested to understand how that works, | because without more detail or sources I'm calling | bullshit. I definitely understand how Twitter could have | greatly reduced their per-message fee with telecom | providers, but at the end of the day Twitter is _not_ a | telecom and is still at the mercy of whoever is that "last | mile" for actually delivering the SMS to your phone, so I | don't understand how they have no marginal cost here. Happy | to be proven wrong. | dghlsakjg wrote: | Not who you are responding to, but my guess is that it | was all fixed costs. They spend $20mm (or whatever) to | maintain access, and maintain infrastructure and they get | to send as many SMS messages as they want. | | So sending 1 costs the same as sending a 10 million. It | isn't that they are free to send, its that they are | charged for access to the system, but aren't charged per | message. | lxgr wrote: | > spend $20mm (or whatever) to maintain access, and | maintain infrastructure and they get to send as many SMS | messages as they want. | | This is not how SMS pricing works in many, if not, most | countries. | dghlsakjg wrote: | Is that true at scale? If I tell the telecoms that I want | to send a billion messages per year it seems like they | might be willing to take a lump sum instead of setting up | the systems to bill based on usage. | | I have no experience directly with foreign telecoms, so I | was simply explaining how something with no marginal cost | could still be a very expensive system. | nerdbert wrote: | I don't know of countries that mandate a minimum price. | If you are doing high volume you are free to work | directly with carriers. If you are drawing as much | billable traffic as you are sending, then that could even | be a wash. | toast0 wrote: | Carriers that run their own messaging infrastructure can | allow for direct connections from 3rd parties, and set | the price per message to whatever they want, including | zero. | | For something like Twitter where you could post by SMS, | the balance of traffic might have been such that giving | Twitter free outbound SMS was balanced by the charges | incurred by customers sending to Twitter's shortcode. Or | it might just be balanced by increased customer happiness | when they can use the product more effectively. | | If the carrier doesn't run their own messaging infra, | they might be paying their IT provider on a per message | basis, and might not be able or willing to set the | messaging rate to zero. | | For a use case where SMS is used to show control of a | phone number, getting a zero cost direct route is a | harder sell, but it can happen if the routing through | aggregators is poor and the carrier is concerned about | that, or if there's some other larger agreement in play. | peanut-walrus wrote: | If you require global connectivity, managing hundreds of | carrier APIs, contracts, etc seems like major overhead. | Also, there are companies whose only purpose for existing | is providing messaging, like Twilio, are they just...not | doing this or do the carriers just not play ball? In that | case, why would the carriers agree to sell to you at a | discount? | toast0 wrote: | Aggregators do some of this, and they can negotiate | pricing to some degree, but a carrier is unlikely to | intentionally give them zero cost traffic, and even if | they do, they're not going to pass that through at zero | cost. | | I ran the engineering side of carrier integrations at | WhatsApp. Carriers wanted to sell data plans with special | pricing for data with WA and use WA branding in | advertising, because it attracted customers that might | later convert to a bigger general purpose data plan. As | part of that, we would ask for zero rated SMS to their | customers for verification. When it was available, it was | generally faster and higher success vs sending messages | through an aggregator. | | We also had some, usually small, carriers approach us | asking us to set up direct routes to them for | verification, because their customers would not always | receive our messages when we sent through an aggregator. | Early in my career at WA, we would just send these | carriers to our aggregator contacts, and often things | would get linked up and then we'd still pay $/message but | it would work better. As we got a little bigger and built | support for direct routes anyway, it was usually not too | hard to set up a direct connection and then there'd be no | cost for that carrier. Messing around with IPSEC VPNs and | SMPP isn't fun and the GSMA SOAP messaging APIs are way | worse, but once you get the first couple implementations | done, it becomes cookie cutter (and FB had built way | better tools for this, and a 24/7 support team, so I | never had to be up, on the phone with telco peeps at 3 am | kicking racoon or whatever ipsec daemon we were running | until it finally connected) | hn_throwaway_99 wrote: | Thanks very much for sharing your experience and detail! | This kind of info is what I was looking for and is super | helpful. | baby wrote: | I really wonder why it's so expensive to run. I always hear | things about scaling but I used to run a top 500 alexia website | and it was just a php app running on a mutualized offer for | $5/month. Lots of manual caching though but still. | | My wild guess is that either the stack is not really optimal | (last I heard it was java) or they do other costly things at | scale (sgx?) | suriyaG wrote: | I guess, then the question is how real time was the website. | Was it as real time as supporting, instant messaging, | voice/video calls etc | baby wrote: | Oh I forgot that signal is not just about forwarding | messages. I'm wondering how much the VOIP costs. | AlecSchueler wrote: | Don't forget media! | zimpenfish wrote: | FTA: "Signal spends around $2.8 million dollars per year | on bandwidth to support sending messages and files (such | as photos, videos, voice notes, documents, etc.) and to | enable voice and video calls." | willsmith72 wrote: | how is that in any way comparable? it's not about java vs php | mi_lk wrote: | > the stack is not really optimal (last I heard it was java) | | how's java relevant here? | hotnfresh wrote: | Java in theory and in synthetic benchmarks: damn near as | lean and mean as C. | | Every actual Java project: "oh, did you want that memory | and those cycles for something else? Yeah, sorry, I need | them all. Why no, I'm _not_ actually doing anything right | now, why do you ask?" | belltaco wrote: | 100% true in my experience. Literally anything else is | far better when it comes to bloat, including C#, RoR etc. | | Increasing the Java heap size just makes it so that when | garbage collection eventually hits, it causes an even | more massive slowdown across the entire application. | callalex wrote: | In this case we don't need to speculate at all. Signal is | open source. Back when I was at Twilio we even did some | at-scale experiments with running Signal. The intensive | parts have absolutely nothing to do with Java because the | server logic is relatively simple. The hard parts of | Signal are the database storage/retrieval and the | encryption. | j45 wrote: | Java is likely the most optimized part of the stack. | | Many startups move up to the jam when there is little else | that has optimized performance and efficiency like the jvm | for 20-30 years. | | Of courses this is a moot conversation if you've never used | Java at scale. Apple and others are Java houses. | bombcar wrote: | Java is entirely performant if you treat it right, and many | of the problems with GC in J8 are fixed in later versions. | | You can push Java _very_ far. | | Of course you can also write horribly ugly code in it. | dexwiz wrote: | You can't send an sms yourself like you can an email. Instead | of setting up a server, you have to work with a telco | provider (an aggregator specifically). Any SMS service | eventually hands off to one of these. Many SaaS SMS providers | are just frontends for legacy telco services. They charge | insane fees because they can, that is all there is to it. | | Sending mass email is still difficult. Its probably easier to | pay a provider than set up and establish reputation for | yourself. But they don't charge near the rates. Last time I | compared rates it was something like 10x-100x to send an sms | compared to an email, but it has been a while. | bombcar wrote: | Maybe they should flip it on its head - get a thousand? Ten | thousand? numbers that can _accept_ SMS and tell people to | "text 473843 to this number" to verify. | lxgr wrote: | That's in fact how iMessage does phone number | verification. It works really poorly internationally. | dexwiz wrote: | It's usually even more expensive to support receiving | messages than sending them, beyond keywords like | Unsubscribe. If you want any sort of threading its going | to be extra. Also its extra for dedicated shortcodes. | When you get an SMS from a random shortcode, there might | be multiple companies using that code, but they mix the | pools enough that its unlikely you will receive two | messages from two companies from the same code. Also | shortcodes are usually country/region locked. So if you | want to international support, you need to buy shortcodes | in multiple regions, and different regions have different | telco laws. On top of that, provisioning is very manual | compared to the modern cloud. | | I supported a marketing platform for a while, and it was | so much easier to send an email than an sms. | toast0 wrote: | SMS sender isn't generally something you can trust. If | you get the SMS directly from the carrier that's | responsible for the number, and you have reason to trust | their SMS sending to verify the sender, then yes. But in | countries with number portability, you still need to pay | to lookup the carrier responsible for a number. | | And you'll need to maintain ingress numbers in all the | countries you support, and maybe numbers per carrier, | depending, and you'll need to tell the user the right | number to text to ... it's a lot, and it might not work | well or might not save much money. | rezonant wrote: | > Many SaaS SMS providers are just frontends for legacy | telco services. | | I worked on an automated SMS marketing system back in the | day so I have seen this in action, at scale. This would be | stuff like "text LAKERS to 12345 for Lakers updates"- we | didn't handle the Lakers but we did handle many sports | teams. Though I wasn't privvy to the financial side, I got | the sense that the per-text cost ended up being manageable | at scale, but this is because we were one organization who | would apply the rules onto our own customers, and if we | failed to do so properly we risked losing the interconnects | to the various carriers. We typically used a single | contracted "aggregator" service which provided a unified | API for the carriers. When I left, we were using | OpenMarket. | | When you have a self-service SaaS offering such as Twilio, | the per-text costs are going to go up because the barriers | for sending unwanted texts (or fail to follow the rest of | the rules mandated by the TCPA) is so much lower, and | Twilio has to address that organizationally which adds | cost. | | Additionally, Twilio does not purchase short codes (ie | 12345) which means its harder for the carriers to track bad | behavior across their network. There is an initial cost | (fairly high) to acquiring a short code, though you can | also share short codes across customers in some cases. | Acquiring a single short code and sending all messages from | that short code would likely reduce costs. | | I would love to see more detail from Signal about what sort | of SMS interconnection they are using, because directly | connecting with an aggregator instead of a SaaS offering | (if they haven't already) could save a lot of money, and | they are definitely at the scale that would allow for it. | And given that they only use it for account verification | and are a non-profit, it seems likely they could get a good | deal since the risk of TCPA violations is effectively zero. | dexwiz wrote: | Yeah, aggregator is a very industry specific term, so I | just merged into teclo provider. But yeah, all the issues | with short codes, national laws, and reputation, makes it | very complex. I worked at a company like Twillio that had | contracts with different aggregators across the world, | and sold a platform to manage SMS interactions. They | added a layer to make ensure customers respected opt-out | keywords, or opt-in for specific countries, so it would | help manage TCPA (and other) violations. I imagine this | helped keep costs down. We would definitely fire | customers for trying to get around the safeguards. | | I was on the support side, so I just saw when it went | wrong, which was a lot. | toast0 wrote: | > Additionally, Twilio does not purchase short codes (ie | 12345) which means its harder for the carriers to track | bad behavior across their network. There is an initial | cost (fairly high) to acquiring a short code, though you | can also share short codes across customers in some | cases. Acquiring a single short code and sending all | messages from that short code would likely reduce costs. | | Twilio offers short codes, but short codes are country | specific, and the costs for sending to the US are low | anyway < ~ $0.01/message for most services, lower with | volume; IIRC, short code messaging costs were half, but | then you've got some overseas destinations where it's | $0.10/message and that's real money. | RunSet wrote: | I did my part to help reduce costs by switching to the | decentralized alternative, Session.[0] | | Bonus: Session does not demand users' phone number. Also no | bundled cryptocurrency.[1] | | [0] https://getsession.org/ | | [1] https://www.stephendiehl.com/blog/signal.html | bsilvereagle wrote: | > Also no bundled cryptocurrency.[1] | | It seems like Session relies on Oxen's network, so while | there is no inherent coin it is blockchain backed. | | > Session's onion routing system, known as onion requests, | uses Oxen's network of Oxen Service Nodes, which also power | the $OXEN cryptocurrency. Check out Oxen.io to find more | information on the tech behind Session's onion routing. | | https://getsession.org/faq#onion-routing | pluto_modadic wrote: | Session depends on the Loki blockchain, so I dispute point 1. | RunSet wrote: | I don't consider Session to "bundle" the Loki blockchain or | the Oxen network in any sense. | | Here is more information about what I meant when I used the | term "bundled". | | https://www.techopedia.com/definition/4240/bundled-software | xkcd-sucks wrote: | Cool, glad to hear about this - However, it is still | _coupled_ to a cryptocurrency (https://oxen.io/) even if not | bundled wechat-style | itstaipan wrote: | I think simpleX[0] is a better choice at this point with all | the recent issues around oxen: not coupled to any crypto, no | user ids, can host your own servers if need be, etc | | [0] https://simplex.chat/ | TacticalCoder wrote: | And as a bonus Session has the best line ever: _" Send | (encrypted) Messages, not metadata"_. | | They've given Signal quite the fork. | jawns wrote: | Phone numbers have become the de facto version of "Internet | stamps" for identity verification. | | They are near-ubiquitous on a per-user level, but hard to | accumulate without significant cost. (Unlike email addresses.) | | But the down side is that phone verification tends to be on a | per-service level. So, for instance, Signal incurs these costs | when they verify their users, and every other service incurs | these same costs when they verify _their_ users. | | There are a number of businesses out there that are trying to | act as clearinghouses, where they verify the users once, then | allow the users' verified profiles to be confirmed by multiple | services. | | I wonder if any of those could be used to reduce these | "registration" costs. | supriyo-biswas wrote: | Phone number verification is used to verify the user's | registration intent, so not really. | explaininjs wrote: | A Flow: | | > Service A => User: Please Enter Your Phone Number and | Email | | > Service A => Clearinghouse: Please verify phone number | XXX wants to sign up for an account with us | | > Clearinghouse => User (SMS): Please respond with the | Email you used at signup to confirm you want an account | with Service A | | Later... | | > Service B => User: Please Enter Your phone number and | Email | | > Service B => Clearinghouse: Please verify phone number | XXX wants to sign up for an account with us | | > Clearinghouse => User (Email): Please verify you want an | account with Service B | | Not saying it's great (providing email twice is annoying), | but it's something. | rezonant wrote: | This does not reduce the overall cost, it just shifts it | to the clearinghouse. Who pays the clearinghouse so that | they can cover their own exorbitant SMS costs? | explaininjs wrote: | You miss the crux of it: the second time onward the | clearing houses uses email to authenticate the | previously-SMS-verified account. | supriyo-biswas wrote: | The clearinghouse may not have the user's most recent | email address, which is common amongst non-tech people. | My mom and aunts have lost many email addresses this way | and forcing them to use an older email would cause many | issues. | explaininjs wrote: | The app has to ask for email/phone to begin with (see | step 1), if the email doesn't match then phone would be | used as fallback, or potentially as a "Didn't Receive | Code?" gesture. | Aachen wrote: | "Sign in with $Clearinghouse" could bring you to a page | that prompts whether you want to share a user ID or the | phone number, as required, with that service. | | The clearing house verifies you only once, or once a year, | instead of every time. If the clearing house were to be a | nonprofit, perhaps even set up by Signal themselves to | spread costs with similar services, that has to be cheaper. | | It also gives users confidence that only a randomized user | ID was shared, so it won't be used for cross-service | correlation and tracking, if the service didn't actually | need your phone number but only some identifier. | beefee wrote: | A service that requires a telephone number simply shouldn't | be called an Internet service. It can't be used purely over | the Internet. | | Telephone numbers are fundamentally incompatible with | privacy. Signal's leadership knows this, but they don't | appear to care. | supriyo-biswas wrote: | > we can rent server infrastructure from a variety of providers | like Amazon AWS, Google Compute Engine, Microsoft Azure | | Moving off cloud services to lower-cost provider like Hetzner, | Vultr and DigitalOcean might provide a lot of cost savings. | | I also imagine they're using managed SMS services from one of | these clouds, and moving off them to a combination of local SMS | gateways in each country can also further reduce costs (and in | one case I've personally observed, by upto two orders of | magnitude). This obviously pushes a lot of complexity on | Signal's side, but is usually worth it. | slaw wrote: | Any idea what prevents Signal from using cheaper | alternatives? | | Edit: I meant moving off cloud to Hetzner, Vultr, | DigitalOcean. | supriyo-biswas wrote: | As I understand it, you have to often use multiple gateways | based on which one is cheaper and can deliver your message | to the recipient, and also take care of handling retries in | case one gateway fails. This is not something you typically | want to handle if you're not aware of it, and the process | of having to talk to each vendor and figure out their | limitations is tedious. | lxgr wrote: | There's a lower bound on what these services can charge in | the form of interconenction fees charged by the mobile | service providers delivering the messages. | | In the US, that's effectively zero due to the US phone | infrastructure largely using a shared-cost model, but in | most other countries which use "sender pays", these fees | can be significant. | wolverine876 wrote: | In business, you get what you pay for. Cheaper hosting | might raise more issues that need to by handled by your | employees, who also are expensive, and also the | organization's focus gets disrupted. The hosting company / | cloud vendor has an enormous economic advantage, with | access to the entire hardware and software stack, the | engineers who built it, people whose full-time job is | operating it. Often it's cheaper to pay more for better. | | As I have to explain about open source, 'Free is only free | if your time is worth nothing.' (And I use a lot of FOSS, | it just not always the solution.) | hotnfresh wrote: | DO, at least, has bad peering agreements that _will_ cause | you noticeable, unfixable (if you stay on DO...) persistent | problems at large enough scale. | ocrow wrote: | So ... hire staff to manage that complexity? | j45 wrote: | Might not be cheaper at scale and truly globally. | | The loaded costs should have the numbers run. | | It would be a fascination under the covers look with | signal. | wombarly wrote: | They probably already have that staff for GCP, Azure, AWS? | munk-a wrote: | SMS rates are absolutely bonkers considering the technical way | they're transmitted. The US is an outlier in SMS rates actually | being reasonable (usually unlimited or close to) for consumers | - but for the rest of the world the insane mark up on that | communication method has mostly obsoleted it... | | That'd be all well and good... the technology would die | naturally, but all my American relatives continue to stubbornly | use iMessage. | lxgr wrote: | > for the rest of the world the insane mark up on that | communication method has mostly obsoleted it... | | For P2P communication. SMS is alive and well for B2C | messaging, most importantly for 2FA OTP delivery, but also as | a first line of defense against spam/bot account creation. | | It's not a good solution to either problem, but it's slightly | better than nothing (which apparently makes it good enough | for many), so I suspect we're stuck with it for now. | | > That'd be all well and good... the technology would die | naturally, but all my American relatives continue to | stubbornly use iMessage. | | iMessage is not SMS, though. It just uses phone numbers as | identifiers, but so do many other popular over-the-top | messengers, including the most popular one globally. | munk-a wrote: | To clarify - iMessage does not use SMS if you're going from | Apple to Apple device and both devices have data/wifi | available. iMessage refuses to support messaging to Android | clients and defaults to SMS for these messages. | | I've got an Android phone so all iMessage transmissions | come across as SMS (or MMS). | lxgr wrote: | Ah, I see what you mean. That's not what I'd call | iMessage though, that's just SMS: | | The iOS application is called "Messages"; iMessage is the | over-the-top Apple-exclusive messaging service. | cmiles74 wrote: | Messages inflexible reliance on SMS for communication to | non-Apple devices is definitely an Apple issue, in my | opinion. Apple has made it clear that they continue to | default to SMS for non-iPhone communication solely | because it's unpleasant for everyone involved. | munk-a wrote: | There's apparently even "green bubble bullying"[1] of | kids who have Android devices and thus have their | messages appear different. In this particular way Apple | is happy compromising the mental health of young people | to secure a larger market share - it's awful and they | deserve a lot more negative PR for it. | | 1. https://www.wsj.com/articles/why-apples-imessage-is- | winning-... | JumpCrisscross wrote: | > _apparently even "green bubble bullying"[1] of kids who | have Android devices and thus have their messages appear | different_ | | Bullies will bully. Targeting the articles of bullying | versus the source is fruitless; the former is unlimited. | AYBABTME wrote: | > Apple is happy compromising the mental health of young | people | | Dramatic exaggeration and attribution of evil intent is | counterproductive and disingenuous. | miki123211 wrote: | On the other hand, I have saved many a dollar by | instantly knowing that I just sent a legacy text to | somebody I normally iMessage with. | | My carrier charges an arm and a leg for international | texting, and if distinguishing between texts and | iMessages wasn't as easy as it is, I would probably have | to pay hundreds in carrier bills at least once. | lxgr wrote: | > In this particular way Apple is happy compromising the | mental health of young people to secure a larger market | share | | Should we also force luxury brands to offer stipends so | that teenagers whose parents can't afford them (or simply | don't want to participate in that nonsense) don't feel | stigmatized? | | It would be a completely different story if Apple were to | ban third-party messaging apps on their platform, but as | restrictive as they are in other areas, they aren't doing | that. | | It literally only takes a free app download to get a | cross-platform messaging experience at least on par with | iMessage (and in my personal view superior in many | regards). | asoneth wrote: | Agreed. | | It reminds me of the "Blue eyes/Brown eyes" exercise | (https://en.wikipedia.org/wiki/Jane_Elliott) so let's say | this was a real psychology experiment. Middle-schoolers | and high-schoolers are encouraged to communicate via a | chat application with rich multimedia functionality. But | any conversation that includes even a single individual | who belongs to an arbitrarily-defined "out-group" has its | functionality degraded and the application highlights who | the out-group member(s) are. After a year you compare the | mental, social, physical, and academic well-being of both | groups. Would your university's IRB approve such an | experiment? | | I initially gave Apple the benefit of the doubt that this | was simply a technical limitation. And of course kids | will always bully each other about _something_. But at | this point it does indeed seem like a billion-dollar | company is intentionally amplifying and leveraging this | sort of bullying to drive marketshare. If you don 't find | this immoral then I'm not sure what to say. | oarsinsync wrote: | What does the default Android messaging app do? | rezonant wrote: | Google Messages, which is fast becoming the default | Android messaging app across Android OEMs uses RCS when | both participants support it and falls back to SMS when | that is not the case. | | RCS is an open standard that any carrier/OS/messaging app | can support, unlike iMessage, which is exclusive to | iPhones. | lxgr wrote: | That's exactly RCSs biggest problem: It requires active | carrier support. (As far as I understand, Google runs the | infrastructure for many international carriers at this | point, but they still need to opt into that.) | | Using my phone number as an identifier and authentication | factor for so many things these days is bad enough; I | really don't want the messaging layer itself to touch my | phone provider at all. | sneak wrote: | RCS-the-open-standard is not end to end encrypted. | cmiles74 wrote: | Android's messaging app does much the same thing. | | My preference would be that Apple drop SMS support from | Messages all-together and market it as an iOS only | communication method. People with iPhones would then have | to pick some alternative, perhaps they would use Signal | or perhaps something else. | | I already have to install a handful of applications to | talk to all of my friends and co-workers, at least I | wouldn't have to continue to use SMS. | JLCarveth wrote: | https://www.android.com/get-the-message/ | lxgr wrote: | RCS is Google's idea of a solution - a company not | exactly widely known for their excellence in all things | instant messaging. | JLCarveth wrote: | Do you have a source that it was started by Google? From | looking around, they support its development but it was | an industry initiative, and Samsung was one of the first | OEMs to support it. | cmiles74 wrote: | My phone runs Android, I'm pretty much forced to use SMS | in order to communicate with anyone who uses an iPhone | and that's most of my family. While it can be argued that | iMessage provides a good enough experience on an iPhone | for most people, I have wondered if they are the one | thing keeping SMS alive. | rezonant wrote: | > I have wondered if they are the one thing keeping SMS | alive. | | Absolutely they are. Most of my friends and family are | Pixel users and we all communicate using RCS. If Apple | would just support the modern replacement for SMS (which | includes end to end encryption), iPhone users would be | much safer and would have a better experience. | lxgr wrote: | I really dislike iMessage, but somehow Google has managed | to deliver an even worse alternative with RCS: | | It apparently just doesn't work with dual-SIM phones, | requires a phone number and an active plan with a | supported operator (at least iMessage lets me use an | email address!), the multi-device story is non-existent, | to just name a few. | FalconSensei wrote: | > For P2P communication. SMS is alive and well for B2C | messaging, most importantly for 2FA OTP delivery, but also | as a first line of defense against spam/bot account | creation. | | In Brazil, businesses use Whatsapp to communicate with | consumers. You order pizza and book doctor appointments | over whatsapp | kurthr wrote: | I think I understand your comment, since iMessage isn't SMS, | but defaults to SMS for those not using it. | | There are opensource self hosted solutions like BlueBubble | that allow reasonably secure communication through iMessage | to the other chat platforms on desktop/Android etc. I have | zero affiliation, but I know others who happily use it. There | are also less secure and paid solutions I can't speak to. | | https://bluebubbles.app/faq/ | aalimov_ wrote: | > stubbornly use iMessange. | | Personally, I prefer it over downloading yet another client, | dealing with additional credentials, wondering about who can | access my messages, and so on and so forth... | | And all that just to message the handful of people that I | know who use <popular in other country third party app>. | itslennysfault wrote: | If only someone would release a universal protocol that the | app's native messaging apps could utilize to eliminate the | need for these 3rd party messaging apps. Oh, right, it's | called RCS and Apple refuses to support it. | JumpCrisscross wrote: | > _only someone would release a universal protocol_ | | Nobody wants this. Universal access means universal | access for spammers. iMessage won over SMS because of | cost and spam filtering. | ParetoOptimal wrote: | > Nobody wants this. | | Not nobody. | | > iMessage won over SMS because of cost and spam | filtering. | | Really? I've never used imessage. | JumpCrisscross wrote: | > _Not nobody_ | | Within the scope of messaging network effects, nobody. | | > _Really?_ | | Yes. iMessage spam is rare and stamped out fast. Open | protocols tend to have spam problems the moment they | begin scaling. | lxgr wrote: | RCS is anything but universal. It requires the explicit | cooperation of mobile phone providers, which makes it a | non-solution in many scenarios - including usage on any | device that happens to not be a phone. | | RCS is exactly what it says on the box: A modern | successor to SMS. That does not make it a good modern | instant messenger. | troupo wrote: | > Oh, right, it's called RCS and Apple refuses to support | it. | | No one wants to support it. Even telecoms don't want to | support it. | DANmode wrote: | Telecoms don't even want to roll out all of the | infrastructure they get paid by the government to, I | don't know that their willingness to do anything is a | point I'd try to stand firmly on. | lxgr wrote: | Exactly, so how on earth does Google think that it is a | good idea to put them in charge of running the | infrastructure powering the future of instant messaging? | | Any chance at all it has something to do with the fact | that they've acquired an RCS infrastructure provider that | they can sell to telcos? | | https://jibe.google.com/ | error503 wrote: | _Someone_ has to run it. Logically, the obvious party to | do so the carrier providing network access to the device, | which also has a recurring billing relationship with the | user from which to recoup its costs, and that the user | knows to contact when they have issues. As a standard | ostensibly replacing SMS, and coming out of the GSMA, it | 's also pretty obvious it'd be biased toward a carrier- | centric solution. | | There are a couple other options of course, but I am not | sure they are better: | | * Fully federate this, a la Matrix or XMPP. I really wish | this was a practical option, but without legislation I | doubt any company wants to go willingly in this | direction. Even if they did, it'd be difficult to contain | spam at scale. It also creates 'first contact' issues; | love it or hate it, the general public seem attached to | the idea of phone numbers and it seems to work relatively | well and unambiguously. It is also the most technically | complicated and most brittle and unpredictable for users. | | * Phone / OS maker operates it for their devices. You | don't seem to want Google running things, so this seems | markedly worse than what they have actually done which is | give you options (most people can at least choose a | carrier, and carriers can choose implementations). It's | unclear how operating costs are recouped here, especially | for low-end devices. Does this lead to feature | stratification? I hope not, but probably. It's a global | single point of failure, both from a technical point of | view as well as a policy/jurisdiction one (can $country | LE subpoena my records because the company operating the | service is ${country}an - or perhaps merely operates in | $country, for example?). Also unclear how users are | 'found', but maybe it's a bit easier than in a fully | federated system. | | * Phone / OS maker partners operate the service, giving | users a few choices. Not really sure why anyone would go | in for this, but it's basically the same as if the phone | maker operates it. | | None of these are great options, but I think the carrier | is probably the least-bad one. You have an agreement with | them. You have the legal protections offered in your home | jurisdiction, with clear jurisdiction over the whole | thing. They already have a ton of data on you and access | to your traffic. You have a neck to wring if the service | doesn't work properly. | | They really should have standardized E2EE though, not | including it is ridiculous. | Analemma_ wrote: | Literally nobody wants RCS except Google and a handful of | HN commenters. It's so unwanted that Google had to scrap | their original plan of making the carriers host the | infrastructure and do it themselves, because the carriers | didn't give a shit. | | (And even Google doesn't _really_ have any love for RCS, | they crawled back to it as a fallback plan with their | tail between their legs when their own proprietary lock- | in messaging apps didn't work out. Which makes their | attempts to shame Apple into adopting it pretty | hilariously disingenuous.) | lxgr wrote: | > with their tail between their legs when their own | proprietary lock-in messaging apps didn't work out | | For what it's worth, they've worked tirelessly to ensure | their failure. | toast0 wrote: | > It's so unwanted that Google had to scrap their | original plan of making the carriers host the | infrastructure and do it themselves, because the carriers | didn't give a shit. | | To be fair, that wasn't Google's plan, that was the | GSMA's plan. GSMA created the RCS spec, failed to get | more than a handful of their members to use it, and kind | of abandoned it to the wolves. For reasons I don't quite | understand, Google decided it'd be a good idea to take it | up, and then push it harder than any of their previous | messaging services; but it's not like they came up with | it. | aalimov_ wrote: | I see that you feel strongly about RCS, but as far as I | know even some of the bigger US carriers dont support the | universal profile on all the Android devices they offer. | So maybe you'll get your wish some point after carriers | align on RCS. | sneak wrote: | RCS the "universal protocol" is not end to end encrypted. | | Google has made some proprietary extensions to RCS to | support end to end encryption but this is not the same | thing. | Cody-99 wrote: | Apple announced today they are going to support RCS | https://9to5mac.com/2023/11/16/apple-rcs-coming-to- | iphone/ | | RCS is better than SMS no doubt but lets not pretend it | is on the same level as iMessage. Lack of end to end | encryption alone makes RCS a dated standard | morvita wrote: | Good news, Apple just announced they'll start supporting | RCS next year. | | https://www.techradar.com/phones/iphone/breaking-apple- | will-... | renonce wrote: | For the purpose of 2FA and account registration let's view it | as a tax for fraud prevention, where the real value in SMS is | in verifying someone's identity rather than transmitting | messages | peanut-walrus wrote: | If SMS actually worked for this purpose, it would be | acceptable. However, SMS provides no guarantees about: 1) | If it actually gets delivered 2) If it is delivered to the | intended recipient 3) 1 and 2 without anyone reading or | tampering the message while in transit | | Now, even if stars align, your SMS ends up on a route where | nobody is mitm-ing or hijacking it, the telco systems work | and it gets delivered, it is STILL not a guarantee of | identity. It simply verifies that you have somehow got | access to a particular phone number. | fmajid wrote: | Just because consumers get unlimited SMS doesn't mean | businesses get that. The telcos are ruthless about extracting | their pound of flesh at business rates. | tofuahdude wrote: | Why is it that SMS is so damn expensive? (or more specifically, | what is it about Twilio et al's businesses that makes them cost | so much?) | j45 wrote: | Nothing just profit and existing system access costs set by | the incumbents. | sonicanatidae wrote: | In the US, shafting customers as hard and fast as you can is | the current business model. What are they going to do? Move | to 1 or 2 remaining competitors with the exact same business | model? | renewiltord wrote: | When you control access to the customer you can charge people | a lot. Just like Apple can take 30% primarily because they're | the gatekeeper to iPhone users, telecoms are gatekeepers to | their users so they can charge you a lot to text them. You | don't really have a choice. L | myself248 wrote: | What's it cost to be an SS7 peer for a year? Could they spin up | their own "phone company" for the purpose of delivering SMS | verification and nothing else, cheaper than they're paying | someone else's markup? | lxgr wrote: | What's expensive isn't (just) the technical infrastructure, | it's termination/interconnection fees charged by the | destination mobile networks. | myself248 wrote: | Huh, I knew those existed for voice calls, didn't realize | they applied to SMS too. Makes sense, though. | bloggie wrote: | Funny, because that's the reason I can't use Signal - I don't | have a phone number. | barbazoo wrote: | In case one isn't aware, you can get a $1/month throwaway | phone number from Twilio for that purpose. | lxgr wrote: | That's a neat workaround for the people that can figure | that out, but doesn't change the underlying problem for the | majority of users at all. | alternatex wrote: | Majority of users don't have phone numbers? | lxgr wrote: | I'm referring to the majority of users not having (or | wanting to use) phone numbers. | | Some of these will be willing and able to pay $1/month to | Twilio for a workaround, but most probably won't. | bonton89 wrote: | Aren't these VoIP? Almost every service blocks VoIP numbers | for sign ups these days, but perhaps Signal is an | exception. | barbazoo wrote: | They work with Signal, Facebook, etc. Sometimes you have | to try another one to get it to work. | pierat wrote: | Sounds like a great case to get the fuck away from SMS and | phone numbers. | | But hey, they still want your whole address book, and announce | you're on signal to everyone else on signal. | | The whole "secure" thing is a joke. Its all linked to your | identity via your phone#. | alternatex wrote: | They want the address book because if you don't have | engagement promotion features like that, there is no way to | ever become remotely popular in the chat app space. | | Why is the security a joke? The data is e2e encrypted, and | isn't related to a phone number in any way after | registration. Do you know of a better way of combining | privacy and anti-abuse measures? If you don't offload | identity checks to telecom providers during registration some | bad actor will immediately create a million accounts and send | millions of spam messages and destroy the slim chance of this | type of app to exist for free. | pierat wrote: | > They want the address book because if you don't have | engagement promotion features like that, there is no way to | ever become remotely popular in the chat app space. | | Intentionally ignoring the fact that Signal splatters your | phone number to everyone else is a humongous problem. And | you can even put your phone number block in your address | book, and it'll tell you everyone who has Signal. This | happens all the time, with Signal servers leaking all of | this metadata. | | And doing "engagement promotion" is what companies do to | sell more shit. So, exactly what are they "selling"? | | >Why is the security a joke? | | Metadata, pertaining to communication patters and to whom | matters just as much as what's being said. | | And that metadata, like "your phone number" and "contact's | phone number", and "when data is being sent to/from" is | that metadata. | | > The data is e2e encrypted, | | > and isn't related to a phone number in any way after | registration. | | Bullshit. I see new people hopping on signal fairly | regularly. If that was true, it'd be a simple verify-once- | and-delete. It aint. | | > Do you know of a better way of combining privacy and | anti-abuse measures? | | I reject your claim of "privacy", with regards to metadata. | | Secondly, Tox has an alternate way to handle this, by | allowing any number of accounts not tied to anything. Sure, | it's a SHA256 id, but who cares. There, its secure AND | anonymous. | | Basically, I look at Signal as "better than SMS, but not | much". It's basically a way to keep the phone company from | scanning messages. | NoGravitas wrote: | Signal actually jumps through quite a few hoops in order to | let you and your contacts are on Signal _without_ Signal | actually having access to a copy of your whole address book. | It 's even mentioned in TFA. | | I do agree about being linked to your phone number - doing it | that way means not considering a lot of people's valid threat | models. They are working on moving to usernames, though. It's | in beta now. | progval wrote: | > Signal actually jumps through quite a few hoops in order | to let you and your contacts are on Signal without Signal | actually having access to a copy of your whole address | book. It's even mentioned in TFA. | | It doesn't say how it works. If Alice's phone can tell | whether her contact Bob uses Signal without Alice and Bob | doing any sort of a priori cryptographic exchange, why | couldn't Signal itself do whatever Alice's phone is doing? | Ar-Curunir wrote: | Signal doesn't learn your contact list. See | https://signal.org/blog/private-contact-discovery/ and | https://signal.org/blog/building-faster-oram/ | renonce wrote: | Just wondering, are they relying on these big name cloud | providers (AWS/Azure/GCP), known for predative traffic and | storage pricing? Have they considered cheaper providers such as | Backblaze B2 for storage and Hetzner/OVH for servers? The fees | for storage, server and bandwidth could be cut by 80% if they | did that. | macNchz wrote: | Out of interest, their top vendor costs on their 2021 form 990: | | $7m Twilio | | $4m Microsoft | | $3m AWS | | $1.3m Google | | https://projects.propublica.org/nonprofits/organizations/824... | wolverine876 wrote: | Signal agrees: (from the article:) | | _... legacy telecom operators have realized that SMS messages | are now used primarily for app registration and two-factor | authentication in many places, as people switch to calling and | texting services that rely on network data. In response to | increased verification traffic from apps like Signal, and | decreased SMS revenue from their own customers, these service | providers have significantly raised their SMS rates in many | locations, assuming (correctly) that tech companies will have | to pay anyway._ | | ... | | _These costs vary dramatically from month to month, and the | rates that we pay are sometimes inflated due to "toll fraud"--a | practice where some network operators split revenue with | fraudulent actors to drive increased volumes of SMS and calling | traffic on their network. The telephony providers that apps | like Signal rely on to send verification codes during the | registration process still charge their own customers for this | make-believe traffic, which can increase registration costs in | ways that are often unpredictable._ | sowbug wrote: | SMS has become a kind of real-world PoW (proof of work) | mechanism. A phone number typically has a recurring fee to | keep it working. So a live number indicates that someone is | spending money (a proxy for effort) to maintain it.* | | It still seems like a lot of money to spend on simple, old | technology, but from the PoW perspective, making it cheaper | would defeat its purpose. | | *Which is why many sites reject Google Voice numbers, for | example, for SMS verification. | chefandy wrote: | I wish their justification for dropping SMS capability from | their Android app to move away from phone numbers was a little | more transparent about the obvious cost aspect rather than | solely sticking to the patronizing "we're saving insecure | messaging users from themselves" messaging they had. I found it | pretty obnoxious. I think people generally get "valuable | nonprofit + huge expense = not-sustainable = bad." | rstuart4133 wrote: | > their justification for dropping SMS capability from their | Android app ... was a little more transparent about the | obvious cost aspect | | I'm not following. Signal gets stung for the registration SMS | costs because they send the SMS to the user. They don't pay | when one user sends an SMS to another user. If you send an | SMS, you're the one who pays. | | (I didn't realise they were moving away from phone numbers. | Don't they they stay mandatory when PNP comes along?) | mhh__ wrote: | I wonder if you could do something clever such that you can | have people volunteer their SIM for sending 2FA? | jjav wrote: | > Signal pays more for delivering verification SMS during sign- | up, than for all other infrastructure (except traffic) | combined. Wow, that sounds excessive. | | Particularly when the phone requirement is the biggest weakness | in Signal. | | Getting rid of it will make it substantially cheaper to operate | and much more private. Win-win. | knoxa2511 wrote: | All things considered. Pretty impressive how cheap it is to run | given the adoption of the Signal. | j45 wrote: | Second time around benefits too, and the guest time was pretty | efficient in WhatsApp too. | craftkiller wrote: | Back in the day Signal was called TextSecure and it did | everything over SMS which required no centralized infrastructure | aside from the cellular networks. They transitioned to internet- | based messaging to support Apple devices. It seems that decision | is now a 50 million dollar per year step backwards. | lovvtide wrote: | TextSecure! Wow this took me back to 2011. | jadyoyster wrote: | SMS would be a complete non-starter in Europe. Many (no?) | countries lack unlimited texting plans. | BlueTemplar wrote: | Wait, still ?? Which countries ? | sandworm101 wrote: | It's not a step backwards for me. Our organization uses signal | in many situations where SMS isn't an option. When I land in a | new country it is normal for my cell/SMS not to work. But I can | hop on some local wifi and get signal messages. We had a | widespread cell outage in my area last year. Signal not being | on cell/SMS meant that I could still communicate with family | without need of cell towers. This is a big step forwards imho. | nicolaslem wrote: | > When I land in a new country it is normal for my cell/SMS | not to work. But I can hop on some local wifi and get signal | messages. | | WiFi calling is a standard feature that does exactly what you | describe for texts and calls, without using a third-party. I | have cell connectivity turned off constantly on my phone and | yet receive texts and calls via WiFi. | | It is actually an awesome feature for receiving 2FA SMS at my | parent's place where there is great internet but poor cell | coverage. | abadpoli wrote: | WiFi calling isn't always free internationally though, it | often gets charged according to your phone plan's | international rates, which is discouraging for many people. | Signal, on the other hand, just sees WiFi as WiFi. | syspec wrote: | If you check their costs, SMS (used for registration) is the | most expensive part of their operation. | parker_mountain wrote: | You misunderstand how textsecure worked. | craftkiller wrote: | There was no "registration" and TextSecure never sent you | messages. It was strictly peer-to-peer. | sigmar wrote: | You're mistaken. I still have my textsecure account | registration verification text message (because I'm a data | hoarder) from March 15, 2015 | craftkiller wrote: | 2015 was after the internet-based-messaging transition | but before the rename. Source: | https://en.wikipedia.org/wiki/TextSecure | Canada wrote: | Right, I totally hate being able to text, voice, video, send | files, and screen share with individuals or groups of people, | including half my contacts who use iPhone. Also, fuck them for | making all of it sync to all my computers. And I especially | hate the fact that I was not billed by telecom carriers for the | tens of thousands of messages I've sent and thousands of calls | I've made over it over the last 10 years. | | Yes, indeed, how backwards. I wish I only used software that | spied on me, or permitted others to spy on me, for those | features. | Night_Thastus wrote: | I've loved Signal. It's been the only consistent way I've been | able to send and receive high-quality pictures and videos at all. | It's been the only way I've been reliably able to send _texts_ | when I 'm in an area with poor reception, which is frequent. | | The privacy is nice and it's been simple and easy to use. | | I hope they stick around. Everyone likes to bash more privacy | oriented companies if they aren't absolutely 100% perfect in | every single way, but IMO perfect is the enemy of good and Signal | has been _very_ good. | | The hardest part has been convincing people to use it, and if I | have to get people to jump to another one it'll all just fall | apart. | cloogshicer wrote: | I know it's unpopular to say this on here but Signal will never | be popular as long as they don't add basic features that all | other messaging apps have. | | - If you lose your phone or it no longer boots, all your | messages are irretrievably lost. There's no way to create | backups on iOS. Why the hell can't I enable iCloud backups? I | know it breaks privacy in some ways but let me choose the trade | off. Put a giant warning if you have to. | | - The desktop app is awful and requires signing in again all | the time. See the Telegram Desktop app for how to do it better. | In my opinion it should be the gold standard for desktop | messaging apps | | - Desktop app keeps losing message history | | As long as Signal treats _all_ messages as if they 're so | important that even super spies should not be able to read | them, and as a result, goofing usability in a way that standard | features don't work, I 100% understand that the majority of | people won't use it. | autoexec wrote: | > Everyone likes to bash more privacy oriented companies if | they aren't absolutely 100% perfect in every single way, but | IMO perfect is the enemy of good and Signal has been very good. | | Signal has not been good. The absolute least we should expect | from any "privacy oriented company" is that they're honest and | fully transparent about the data they collect and store, and | Signal is none of that. Since they started collecting and | forever storing sensitive user data in the cloud they've | refused to update their privacy policy to alert people to that | data collection. | | If you advertise your service to human rights activists, | journalists, and whistleblowers whose freedom and/or lives are | on the line you owe it to them to be extremely clear about what | their risks are by using your service, but Signal outright lies | to them in the very first line of their privacy policy. | | This isn't "perfect being the enemy of good" this is either a | massive dead canary warning people not to use/trust Signal, or | it's completely immoral and irresponsible. | Night_Thastus wrote: | Every single time I've seen Signal asked for data in a court | case, they've basically handed back a unix timestamp of when | the account was created and said "that's all we have". Or it | was last access time, I could have misremembered. | | Either way, that seems quite good to me. | autoexec wrote: | You're right, that's how it used to be. They still have | pages on their website bragging about times when they | didn't have anything to turn over because they didn't keep | any of it. A while ago that all changed. They started | collecting and forever storing in the cloud the exact data | those requests were asking for. Lists of everyone you've | been contacting, along with your profile data (name, phone | number, photo). | | https://community.signalusers.org/t/proper-secure-value- | secu... | | If you're a Signal user and this is the first time you're | hearing about this, that should tell you everything you | need to know about how trustworthy Signal is. | Night_Thastus wrote: | The technical info in that community form is a few | notches too technical, I work in a different knowledge | base. | | If someone broke down what the timeline was, what new | info is being stored that wasn't before, how that is | known, and how Signal has responded, etc, then that would | be useful. | | I'll admit it doesn't seem great. Phone number I | understand, but name and contacts are more concerning. | autoexec wrote: | There's a good article on the topic here: | https://www.vice.com/en/article/pkyzek/signal-new-pin- | featur... | | Note that the "solution" of disabling pins mentioned at | the end of the article was later shown to not prevent the | collection and storage of user data. It was just giving | users a false sense of security. To this day there is no | way to opt out of the data collection. | | There's a lot more information about it in various | places, but Signal went out of their way to be as | confusing as possible in their communications so it | caused a lot of people to get the wrong idea (see for | example https://old.reddit.com/r/signal/comments/htmzrr/p | sa_disablin...) | | The forums were in an uproar for months asking Signal to | not start collecting data or at least give people a means | to opt out. Here's a good thread with links to a bunch of | the conversations people were having at the time: | https://community.signalusers.org/t/mandatory-pin-is- | signal-... | jph wrote: | Signal can be better, IMHO, by separating from phone number | requirements. In other words, let users have secure random ids, | rather than forcing each user to hand over their phone number for | phone company verification. | | It turns out the budget shows the phone number registration | problem: the costs to deal with phone number verification seem to | be $6MM, which seems to be 10% of the entire budget. | | If Signal staff are reading this, I'd gladly pay $100/year for a | phone-free solution for all users. | minedwiz wrote: | You're in luck: | https://www.theverge.com/2023/11/9/23953603/signal-username-... | SahAssar wrote: | They will still require a phone number, it's just a alias. | crossroadsguy wrote: | I just hope they don't expose phone numbers if a | conversation was started on usernames and one or both | parties have phone numbers saved. I hope it is not this bad | - something Telegram does. | | Also preferably clearing differentiating username and phone | number messages. | zitterbewegung wrote: | Focusing on app features is one thing but the bigger picture is | that Signal is at risk of not existing without capital... (just | donated $20 today and I wish I could buy stickers off of them). | foundart wrote: | How would it be better? Is there anything beyond not having to | provide a phone number? | | How would it be worse? | zamalek wrote: | The phone number requirement is why WhatsApp won the space over | in the first place. There were loads of username+password-based | services before it, but none reached the market it did. Why? An | incredibly wide user funnel, singing up is frictionless. | | You might understand that it's a bad idea, but that makes you | an outlier. | aquova wrote: | I don't really buy this argument. Is signing up with a phone | number really that much easier for the average user than | using a username/email account? Billions of people seemed to | have no problems making a Facebook or Google account. | Retric wrote: | It's the building a social network part that's frictionless | not creating user name process that's frictionless. | aquova wrote: | The lack of a social network is why I settled on Signal. | Before using Signal I tried Telegram, which requires a | phone number and if they recognize your number in any of | their user's contact list (which many people seem happy | to allow access to), they'll send them a notification | telling them their contact has joined. I got a nasty | message within 10 minutes of making an account from a | woman accusing me of pretending to be her deceased | father. I had inherited his phone number a decade prior, | and it told her I had made an account. I was so shocked | they not only allowed, but encouraged such behavior that | I deleted it promptly and swore I'd never use it again. | brewdad wrote: | Signal does the same thing. Or maybe it used to but they | changed it. I have a bunch of notifications of "so and so | is on Signal" from when I joined years ago. | | Can't say I've ever gotten any psycho responses from it | though. | just_boost_it wrote: | With WhatsApp, your phone number allowed you to see | everyone in your contacts that you could message on there, | so you could see everyone straight away. Without that, | you'd have to bring your friends along and have them sign | up as well, then give you their username so you can | connect. | FalconSensei wrote: | Even Instagram allows you to search your contacts. If | they have their number set in their profiles, it'll find | a match | Aardwolf wrote: | Why not support both? | | Let one communicate from a computer (or phone) with a | username+password account, with people who use the service | with phone number account. | | This without the mechanism Whatsapp uses, where you can use | it in a web browser, but it's still linked to your phone. | brewdad wrote: | Signal has an app to use it with your computer. It's a one | time linkage through a QR code. As long as you connect with | the app at least once every 30 days, you never have to | worry about it and, unlike WhatsApp, your phone doesn't | have to be online for it to work. | lxgr wrote: | Using phone numbers as identifiers (and by extension users' | phone books as a contact discovery mechanism) is probably at | least equally significant as a factor for WhatsApp's success. | j4yav wrote: | You could do both, no? | linuxdude314 wrote: | No, WhatsApp won because it successfully replicated and | replaced the SMS experience in the developing world, where | the cost of data was dirt cheap in comparison to the cost of | a single SMS message. | | This is why it still has a stronghold as well... | dzikimarian wrote: | Experience on WhatsApp, Telegram or any other IM is vastly | better than SMS. Unless by SMS you mean iMessage - then | it's even simpler - most of the world doesn't use iPhones. | dghlsakjg wrote: | I think that's the gp's point. | | Given the choice between SMS and a service that provides | the same functionality is free, superior in most ways, | borderless, etc. the choice to use whatsapp is obvious. | BobaFloutist wrote: | Requiring a phone number also seems like a decent way | increase friction for automated account creation - obviously | it _can_ be overcome, but it probably reduces automated | account creation by a few orders of magnitudes, which I would | imagine reduces the amount of botting /phishing/ban evasion, | which could all add up to be pretty expensive to an org. | irrational wrote: | What did WhatsApp win? I've never used it, so I'm not sure | what anyone uses it for. | FalconSensei wrote: | In South America it's the standard messaging everyone uses, | even businesses. No one uses SMS | just_boost_it wrote: | I'd say it's basically standard everywhere outside the | US. I lived in Canada and Europe, and eneryone is on it. | All my fellow immigrants in the US are all on WhatsApp | groups. | charcircuit wrote: | Phone verification does have value in adopting the network | effects of phone numbers and integrity by making it harder to | mass create accounts. | smt88 wrote: | Right, it's a way to create a cost barrier without anyone | giving Signal a credit card directly. | yjftsjthsd-h wrote: | It would have very particular ethical trade-offs, but they | could just make signing up without a phone number a paid | option. That has the advantage of actually turning a cost | center into a profit center, at the distinct disadvantage of | creating a moral hazard by the exact same virtue. | cappax wrote: | That exists, and is called Threema | cl3misch wrote: | A bit handwavy, but allowing sign-up without a phone number | could massively increase bot/spam traffic and ultimately | increase hosting costs for Signal. | oconnore wrote: | The deal could just be: no phone number, but you have to pay | $x/year (I guess this doesn't work with 501c3?) | binary132 wrote: | I'd jump on that so fast. | lxgr wrote: | Accepting these payments would not be trivial, and linking | them to Signal accounts would create a treasure trove of | metadata that neither Signal nor its users would likely be | very happy about. | AnthonyMouse wrote: | Just charge $10 to create an account without a phone number | and accept Bitcoin. Most people can avoid the $10 by | providing a phone number, privacy-conscious people only have | to pay $10, it generates revenue, and the $10 puts the | spammers out of business because they don't pay $10 once, | they pay $10 every time they get banned, which happens | multiple times a day. | | You could even automate the bans by banning anyone who gets | blocked by more than two people they sent messages to, which | anybody can avoid by not sending messages to people who would | block them, and if it happens to someone innocent, it's still | only another $10 to reactivate your account. | jtriangle wrote: | Session.app solved this problem well | collaborative wrote: | Typical HN comment saying I will pay $ for xyz feature (which | everyone, including the poster, knows to be BS) | brewdad wrote: | I don't understand the concern. Signal has never been about | anonymity. If you need to be anonymous, use a different tool. I | like the fact that a phone number provides an additional | verification that the person I am chatting with is who they say | they are. As far as risk associated with having your phone | number leaked to bad actors, that ship sailed years ago. I | guarantee your number has been leaked a thousand other ways | starting with by your phone provider. | MuffinFlavored wrote: | If you really wanted to talk to somebody in a "non-decryptable" | fashion, could you set up like a channel that encrypts itself | with a ton of different encryption methods, keys, etc. (encrypted | payloads inside each other) | | Signal encryption is its main feature (I think) and how easy it | makes it (abstracts handling key transfer and all that), I'm just | trying to think through... if I wanted nobody to read what I was | saying , would I use an app/target as popular as Signal or | something homegrown? | jedberg wrote: | You don't need multiple security protocols (and in fact that is | almost always a bad idea). You just need one good protocol and | a way to securely exchange the keys. What signal solved for the | most part is the secure key exchange. | | If you want to talk to one person, you can give them a USB key | in person with a set of crypto keys and then use that to | encrypt your messages over any transit method and it will be | secure. | | The hard part is the key exchange. | Buttons840 wrote: | It's a bit off topic, but I've wondered the same. | | We could stack a hundred layers of encryption algorithms, and | if just one of them works, then the whole stack is secure. | jedberg wrote: | You could, but you'd be adding complexity to solve a mostly | non-existent problem. Security is rarely broken because the | algorithm itself is broken. It's usually because one end has | a key logger or other vulnerability. Or they are literally | storing the unencrypted text in an unencrypted data store | after reading it. | | In the meantime, the added complexity adds new places for | errors. | kube-system wrote: | Yep, people who think about messaging security as a problem | of sending data from one computer to another are missing a | huge part of the attack surface. To fully understand the | entire problem set, we need to consider the entire pathway | from one human's brain to another. | sterlind wrote: | lots of drug traffickers went with something homegrown (Anom), | which turned out to be an FBI front. they'd have been a lot | safer sticking to Signal. and you can audit the Signal client's | source code, which is enough to verify its secrecy. | jonfw wrote: | I think the biggest risks for most people are going to be | around key management, social engineering, and exploitation of | terminal devices (i.e. if somebody has compromised your device | running signal and can observe the message before encryption or | after decryption). | | More layers of encryption doesn't really solve those problems. | vjk800 wrote: | > Another $19 million a year or so out of Signal's budget pays | for its staff. Signal now employs about 50 people, a far larger | team than a few years ago. | | What? I know silicon valley salaries are a thing, but absolutely | everywhere else in the world this would be insane. Maybe change | the headquarters to somewhere cheaper? | sky_rw wrote: | I keep re-reading this section of their blog post trying to | figure out what I'm missing here. $2.6 million full load per | employee on avg? Is this heavily weighted to a few executives? | Can somebody explain this to me? | | Edit: I'm stupid and did the math backwards. | candiddevmike wrote: | Only thing I can think of is it incentives them not to put | backdoors into Signal/get fired. | jedberg wrote: | You mathed backwards. It's $380K per person fully loaded. | Which is pretty inline with decent tech salary these days. | datpiff wrote: | That is their total cost, not the salary paid. | jedberg wrote: | Yes, which is why I said "fully loaded" | dangoor wrote: | I think your math is off? $19M/50 people = $380,000? | dale_glass wrote: | You're doing that division backwards. | winterismute wrote: | Isn't it 380k per person in average? Seems like in-line with | FAANG salaries in major US cities. | hansSjoberg wrote: | A few employees and their compensation are listed on their | Form 990, page 7. Sidenote: did "Moxie" legally change his | name from Matthew Rosenfeld? | | https://projects.propublica.org/nonprofits/organizations/824. | .. | rodlette wrote: | They have devs and support engineers earning 700k, more | than the CTO? | hansSjoberg wrote: | 700k to drag your feet on implementing usernames for a | full decade, seems cushy. | contact9879 wrote: | It's in testing now; you'll soon have to switch to | complaining about some other thing. | | Anyway, considering usernames required an extensive | redesign of how Signal works, it's not surprising it took | 5 years (3 years of full time) | datpiff wrote: | Costs for staff are not just salaries. It's also pensions, | taxes, benefits, the offices, software licenses and all the | other stuff. I've often heard 50% of total cost going to | salary, but it varies. | | Still does seem high though. | gamblor956 wrote: | Pensions aren't a thing in the U.S. anymore, especially not | for tech. And when a U.S. company says "staffing costs" that | does not include licenses, offices, etc. It's strictly salary | and benefits. | | According to Signal's 990, it's paying multiple employees | over $700k. That's above-market for corporate compensation, | and it's _way_ above market for non-profit compensation, to | the point where it could be considered private inurement. | contact9879 wrote: | They cover this pretty substantially in the post on | Signal's website (I know they merged the Wired article into | this one). | | Signal is trying to compete with the richest companies in | the world; including for talent. And considering Signal's | origins and motivations, they're not going to lower | salaries or decrease benefits because some people believe | that working for a non-profit automatically means lower | compensation. | V__ wrote: | Signal had 40 million active users in 2021 [1]. With 14 million | in infra cost, that comes to .35 per user/year. Total expenses | are about 33 million, so about .825 per user/year. All in all | that seems very reasonable. | | [1] https://www.businessofapps.com/data/signal-statistics/ | rogerkirkness wrote: | Based on App Store downloads on both platforms, they are well | over 200M at this point. | nvy wrote: | A lot of people, myself included, have it installed but never | use it after they dropped SMS support. | | Only a tiny fraction of my contacts use Signal, and most of | those are also on Whatsapp, Telegram, Discord, and others. | | Signal offers essentially nothing to me. | rasso wrote: | Except real privacy? | sam_lowry_ wrote: | Not even that, because it is linked to phone numbers. | OoooooooO wrote: | Afaik you can crrate an account without a number. | wkat4242 wrote: | No. You can just hide it from other users in group chats | now (and perhaps 1:1, didn't yet check but you still need | one to sign up) | crtasm wrote: | Where is the option for group chats please? | matricaria wrote: | Not yet, but they are working on that. | leotravis10 wrote: | Yep, a great example: https://dessalines.github.io/essays | /why_not_signal.html#phon... | marvinborner wrote: | Username registration is currently being tested: | https://community.signalusers.org/t/public-username- | testing-... | ixwt wrote: | > and register for a new account with a phone number (you | can use the same one you're using in Production). | | I hope that they make it so you can register WITHOUT a | phone number. Perfectly fine if it's not the default. | This is post is currently implying that is not currently | the case. | umanwizard wrote: | Why is it more private than WhatsApp? | Ar-Curunir wrote: | I encourage you to read the article, but Signal minimizes | the metadata it stores about you, doesn't hold on to you | contact list, doesn't keep information about your IP | address, etc. | | WhatsApp instead makes tons of money from this kind of | metadata. | crtasm wrote: | Using WhatsApp means Facebook/Meta knows the timestamp, | sender and recipient of every message sent. | kroltan wrote: | Pay attention to WhatsApp's wording (all privacy/security | claims start with "your messages"), and their privacy | policy, and you'll see that while message involving with | individuals (non-Business users) are secured, your | contact list is not, neither are chats with businesses or | the metadata about you chatting (destinations, frequency, | time) | hiatus wrote: | The sms decision made signal go from THE messaging app on | my phone to an app I only use with a very small subset of | my contacts. It is infuriating that they didn't allow users | to retain that functionality when it costs them nothing, | and they could have disabled it by default. | urig wrote: | You paid them nothing and are infuriated. Interesting. | nani8ot wrote: | Many people care about Signal, and it is okay to dislike | their decision. OP didn't demand from Signal to support | SMS, but they expressed their emotions about the change. | | Signal is an awesome project but some of their decisions | annoy many users. E.g. Signal does not allow to | automatically save all pictures in the gallery. It's a | privacy feature, but it's inconvenient since it forces me | remember to download each image seperately. | psalminen wrote: | I still use Signal a lot, since most people I frequently | talk to use it. However, this was extremely frustrating. | Having 1 messaging app for so long was incredibly nice. | hezralig wrote: | My lawyer stopped using signal due to the sms support being | dropped. It became too much of a hassle and wasn't worth | it. | | Many of my family also dropped Signal. | | It is now really only used by the hyper-privacy conscious. | leptons wrote: | I'd be happy to pay $1/year for signal, and I'd pay $2/year if | it were decoupled from my phone number. | lxgr wrote: | If you pay Signal $1/year, they'll realistically see about | 60-70 cents of that - and that's only considering payment | processor fees. | | Now add the cost of providing support (it's a paid product | now!), payment handling on their end (in a privacy-preserving | way, which excludes most common payment methods), and top it | off with the immense damage to the network effect by | excluding all the users that can't or simply don't want to | pay $1/year... | | Donations seem like the much better option here. | eviks wrote: | You can also charge for a 10 year minimum and get to a | higher retained % | | You don't need to provide support, even much more expensive | consumer services live without a proper one, so being | explicit about the fact that you only pay for | infrastructure could suffice | | Not sure why payment privacy has to be so strict for | everyone | | The network effect damage is real, but maybe it could be | limited with donations :) | lxgr wrote: | Selling a service automatically opts you in to all kinds | of consumer protections, either legally or de facto | through the dispute mechanism of the payment methods your | customers use. | | Just ignoring customer complaints and selling the service | "as-is" is usually not an option. | eviks wrote: | Why is it not an option when it already exists in many | places (all these protections fail all the time)? Your | first sentence doesn't imply high/expensive level of | customer service | | Besides, even now they're not ignoring all the | complaints, the do fix bugs? | | Maybe to be more specific, how much did it cost WhatsApp | when they had $1 price and a tiny team? How does it | compare to the cost of SMS? | leptons wrote: | Thanks for over-analyzing my comment. $1/year, $2/year, | $5/year, is all insignificant in the wide array of things I | pay for. Sure, I'd pay $10/year for Signal as it is today | if they really needed me to. And I never said to make | payment mandatory. You're just way over analyzing a simple | comment. | caeril wrote: | I'd pay much more than $2 if they offered account identifiers | other than phone numbers. Trying to get a burner SIM or DID | while still staying anonymous is getting increasingly | difficult. | | But I think it's pretty clear by now that this is a feature | for FVEY IC, not a bug. FFS, they burned development | resources on _stickers_ , but abjectly refuse to offer | alternative account identifiers. The standard apologist | response is, "but phone numbers make adoption easier". Sure, | but nobody is asking to _replace_ the identifiers, or even to | make them nondefault. We 're just asking for the _option_. It | could be hidden behind a developer mode for all I care, but | it should be there. | | The fact that they abjectly refuse to do it is enough to tell | you about what their true motivations likely are. | nurple wrote: | Agreed, at this point I don't believe the "privacy" aspect | of Signal's sales sheet means anything. Most that I know | use it primarily because they can have clients on all | platforms, including desktop. | XorNot wrote: | I'd pay substantially more for Signal if I could bot | accounts. | | I'd like a signal daemon on all my servers for alerting which | could message me via Signal. This is worth a monthly fee to | me. | | I know people running small businesses who would really like | to have a business Signal account: an ability to send Signal | messages as a business identity without tying it to some | specific phone number. This would be worth a subscription | even if they had to get their customers to install Signal. | | Signal need to figure out what product they sell that's going | to fund the privacy objective: because there's plenty and | they're worth having. | jenny91 wrote: | If you want one for just personal use; this works well: | https://github.com/AsamK/signal-cli | | Just sign up with a Twilio number (using voice call) and | you can make your own bot. | renewiltord wrote: | I wonder how many people paid the $5 for WhatsApp back in the | day. It gave you nothing but you were able to do it. I think I | did. | abdullahkhalids wrote: | Whatsapp was asking for $1/year [1] | | [1] https://www.theguardian.com/technology/2016/jan/18/whatsa | pp-... | lxgr wrote: | I've been using WhatsApp when the nominal $1/year fee was | still around, but somehow never ended up being actually | charged, and I don't know anyone that did. | | It's possible that they were only enforcing it in some | regions, though. | abdullahkhalids wrote: | Indeed. I just ignored the dialog box the first time it | popped up. But next year I paid. It was quite a big deal | because back then it was equal to my entire monthly | cellphone bill in Pakistan. | | But I remember other people started to en masse switch to | other messengers like Viber(?). And Whatsapp had to stop | enforcing the fee. | renewiltord wrote: | The price changed a few times but they definitely had a | lifetime thing once. | | All pricing was entirely optional | | Here's one reference to a different price (can't find | lifetime except for people complaining that Facebook didn't | honor it on original ToS) | | https://www.wired.com/2011/11/whatsapp-messenger-app/ | bilal4hmed wrote: | I have an old receipt in my Google Pay for whatsapp at a | whopping 99 cents :) | 2OEH8eoCRo0 wrote: | Definitely reasonable but the ultra privacy-conscious/paranoid | can't easily donate or pay privately. | groby_b wrote: | Sure, but privacy isn't black or white. A donation to signal | does not compromise the content of your messaging. | | So what you've leaked is the information that you have an | interest in private conversations. This might be a problem in | some countries, but I think it's fair to ask folks in | affluent countries with working (sorta) democracies to | shoulder that burden. I.e. you don't donate if there's | elevated threat to your safety, there are enough people who | aren't under elevated threat. | | There's also the possibility of using a donation mixer like | Silent Donor, though I'd evaluate that very carefully. | (There's a record of the transfer in, and the mixer needs to | keep temporary records for transferring out. There's also the | question how you verify the mixer doesn't skim.) | | Some donation mixers accept crypto currency, so for maximum | paranoia, I suppose crypto->crypto mixer->donation | mixer->charity might be workable. Or hand cash to a friend | who donates in your stead. | | As always, the best path is to set aside paranoia and build a | threat model instead to see what the actual risks are. | godelski wrote: | There's never enough talk like this and I'm not sure why. | It's always about the threat model. In this respect I | always like to think of it in terms of probability. | Probabilities and likelihoods aren't just about capturing | randomness like quantum fluctuations or rolling dice, they | are fundamentally about capturing uncertainty. Your threat | model is your conditions and you can only calculate | likelihoods as you don't know everything. There are no | guarantees of privacy or security. This is why I always | hated the conversations around when Signal was discussing | deleting messages and people were saying that it's useless | because someone could have saved the message before you | deleted them. But this is also standard practice in | industry because they understand the probabilistic | framework and that there's a good chance that you delete | before they save. Framing privacy and security as | binary/deterministic options doesn't just do a poor but | "good enough approximation" of these but actually leads you | to make decisions that would decrease your privacy and | security! | | It's like brute forcing, we just want something where we'd | be surprised if someone could accomplish it within the | lifetime of the universe though technically it is possible | for them to get it on the very first try if they are very | very lucky. Which is an extreme understatement. It's far | more likely that you could walk up to a random door, put | the wrong key in, have the door's lock fall out of place, | and open it to find a bear, a methhead, and a Rabbi sitting | around a table drinking tea, playing cards, and the Rabbi | has a full house. I'll take my odds on 256 bit encryption. | V__ wrote: | There are clever ways around that. I use posteo as my | mailprovider. They have a system where you can pay | anonymously: https://posteo.de/en/site/payment | godelski wrote: | They take checks by mail. You definitely can do a cashier's | check and I'm sure they'd take the "cash in an envelope" | method that places like Mullvad do too. Looks like they also | support crypto, and that includes Zcash. So I don't think | this is a great excuse. The only "can't easily donate" aspect | is going to also be tied with the "can't easily get a | cashier's check or find an anonymous person to sell me | bitcoin for cash" kinda issues, and when you're operating at | that level I'm not sure anything is "easy." (but that's not | that hard usually) | | https://support.signal.org/hc/en- | us/articles/360031949872-Do... | wkat4242 wrote: | How is a check in any way private? Your name is on it. | godelski wrote: | A cashier's check doesn't. | wkat4242 wrote: | Ah ok I didn't know those still existed. In fact even the | named checks are long gone here in Europe lol. | godelski wrote: | Oh yeah, I have an old checkbook that I've had since like | 2010 because the only ones I've ever used are for random | landlords. Otherwise it's literally easier to get a | cashier's check, which you can (in America) do at any | bank or grocery store. Note that some are free and some | aren't, so check beforehand. I don't think these will | ever really go away tbh | wkat4242 wrote: | I think they will, America is just very traditional. | Things tend to stick around for longer. The magstripe | also lingers there even though we've got rid of it for | years (though unfortunately our cards still have them in | case we need to visit the US - I don't like having them | because they are skimmable). | | Nobody would accept a check here anyway as they're not | guaranteed. These days I pay with my watch or phone | everywhere (Samsung Pay). I don't even use the chip on my | card anymore. And payments between people happen | digitally too (a system called Bizum here in Spain). | heavyset_go wrote: | Signal requires a real phone number to open an account, you | are not anonymous to Signal. | sneak wrote: | Phone numbers can be obtained anonymously in many | countries. I have several anonymous Signal accounts, each | with their own anonymous phone number. | caeril wrote: | It's possible in the US, but it's getting very difficult. | I don't know anywhere you can buy or or borrow a DID with | Monero anymore. Looks like they got to Telnum recently. | | You can still buy a SIM, a prepaid PIN, and a phone with | cash, but you'd need to pay a non-correlated person to be | seen on CCTV to do it, at a non-correlated time, and hope | they don't just take your money and leave you nothing at | the dead drop. | | Then there's the hassle of setting up the account in a | way that's not correlated with your location, normal | waking hours, etc. | | All of this could just be avoided if Signal did the right | thing. | | But they won't. Ask yourself why. | pizzafeelsright wrote: | Why are you typing my comments? | | Exactly. They won't because .... reasons. | sneak wrote: | Why would you not need to be seen on CCTV? This has | nothing to do with the privacy of Signal. | | I buy all of my anonymous prepaid SIMs with cash at | retail myself, and they are still anonymous. | | The only time you'd need to stay off CCTV is if you were | using them to commit crimes and expected a significant | investigation to be undertaken. | | Your casual assertion of malice on the part of Signal is | not supported by any facts. | nerdbert wrote: | I can pop into almost any phone shop around here and walk | out with a free SIM card, which I can top up for cash. | abdullahkhalids wrote: | Mastodon org + Mastodon.social also have costs of 0.6 EUR/year, | though they have two orders of magnitude less users [1]. This | is really what most social media costs. These rates are even | payable by many in poorer countries. | | [1] https://news.ycombinator.com/item?id=38117385 | fmajid wrote: | IIRC WhatsApp used to charge $1 per year | | https://venturebeat.com/mobile/whatsapp-subscription/ | jeroenhd wrote: | With how much Mastodon.social tends to fall over when Twitter | does something stupid (again), their rates are probably a bit | too low for a more robust service like Signal. | | Signal also intentionally doesn't store too much data, long | term data costs will slowly grow over the years. I imagine | for a bigger platform, costs can grow to multiples of the | rates for Signal and smaller Mastodon servers. | | EUR10 per year should be more than enough for most users, | though, and it should be quite affordable for most countries. | teekert wrote: | Whatsapp got pretty big at 1 eur/year (iOS) and 1 eur for | lifetime (Android) here in the netherlands. | | I do fear they'll loose most tech un-savvy users because they | don't know how to pay (safely). | wkat4242 wrote: | That doesn't mean they were actually profitable at those | rates though. They could have been in growth hacking mode | with venture backing. | danielheath wrote: | They were well-known for not doing that, though. | wkat4242 wrote: | Hmm but then how did they manage before asking for that 1 | euro? There were a whole lot of years where it was | completely free (yes before the Facebook takeover). Here | in Europe we've only needed to pay once or so until it | got taken over. | | There must have been some kind of venture backing because | there was no money coming in at all from users for a long | time. | lencastre wrote: | It's beginning to sound like the 1 EUR/year that at some point | WhatsApp wanted to charge and it seemed reasonable to me at the | time. Signal is even better and even more so justified. | rany_ wrote: | They used to "require" a subscription of 1$/year but it was | not enforced. If you missed the deadline, nothing happened. | It was basically the WinRAR model but for an online service. | politelemon wrote: | That may have been an A/B testing of sorts then, because I | was booted right away. | rany_ wrote: | > whether you've been required to pay WhatsApp's annual | fee depends very much on when you joined the service, and | even on what country you live in. | | Source: https://venturebeat.com/mobile/whatsapp- | subscription/ | gwd wrote: | This is kind of the number I was looking for -- "Cover your own | costs: $1/year. Cover yourself and five other people: $5/year." | I feel like something pointing out that the costs are around | $1/year on signing up, maybe with a reminder once a year, would | get most people self-funding pretty quickly. | tobinfricke wrote: | Reminds me of ... WhatsApp :D | | (Originally WhatsApp charged $1/year.) | yetanotherloss wrote: | Who is the active user base for signal these days? Everyone I | knew who was using it dropped off after the SMS debacle, which | was a shame. | | Edit: Wow some weird haters on HN today. I was honestly curious | as an active signal user that was no longer able to use it to | message people in North America and had never seen anyone using | it in East Asia. Apparently this makes some other signal users | very angry. | freeqaz wrote: | I've converted all of my friends and family to using it. It's | the "social media" for my world now. I'm probably an outlier | for that, but it makes me happy! | OfSanguineFire wrote: | I've been to a lot of meetups in the last year and exchanged | contacts with people. As a nerdy idealist running a deGoogled | Android with no proprietary software, I always have to tell | them that I don't have WhatsApp, just Signal. Again and again I | have heard the reply, "Oh, yeah, I've got Signal, I use it to | buy drugs." | | So, that's some of the active user base in my city, but none of | those users are very motivated to use Signal with their network | of contacts in general. There WhatsApp reigns. | Krasnol wrote: | > "Oh, yeah, I've got Signal, I use it to buy drugs." | | Funny, people around here in Germany say that about Telegram. | bongripper wrote: | Buying drugs from shady people online like on Telegram | channels is a good way to get you not high or killed. | Apparently they're selling HHC now that looks like bud? No | thanks. I'll stick to my local guy straight from behind the | bushes next to the park. | rchaud wrote: | those users probably have a far lower impact on Signal's | operating costs because they're only sending the occasional | message instead of using it as a broadcast platform. | yetanotherloss wrote: | That's been similar to my experience in the last year. | WhatsApp or even worse, Snapchat, seems to be the preferred | "private" messaging platforms, which is depressing to say the | least. | j45 wrote: | Lots people are replacing meta/insta/WhatsApp with signal chats | | Especially for long term chats with friends and fam. | | I happened to start using it with my spouse only to apple just | one kind of messaging notification to come thru. | zozskuh wrote: | I still use it, and ask my friends & family to use it as well. | | What would you recommend to use instead of Signal? | yetanotherloss wrote: | I have yet to find a replacement that both I like and other | people use. Matrix and Session I have yet to find anyone | using, telegram seems to be almost entirely bots in my area, | and WhatsApp etc are owned by Meta. | Krasnol wrote: | Same people who use WhatsApp for example. | | The SMS issue was mainly a problem in the US where people used | it for SMS and therefore never mattered since that | communication was never secure. Those people probably never | even cared for security since they, as you said even went out | there and actually uninstalled an app. Something people seem to | rarely do. | | I use it for friends, family and colleagues. People now started | asking me for it (or safe alternatives to Facebook Messenger) | since Facebook started asking people to pay for non-targeted | ads recently. They actually got people to think about the data | they share with an outdated social network. | rchaud wrote: | Yep, the whole point of Signal for me was the SMS component. I | put up with the old-fashioned UI for that reason. Now it just | looks and acts like a Telegram clone. | ActorNightly wrote: | Has anyone tried setting up their own Signal server? Be cool to | do this, and then give all your friends the ip for truly private | messaging. | | https://github.com/signalapp | | Seems like all their stuff is open source. | kyawzazaw wrote: | unlikely the people i want to talk will bother setting this up | Aachen wrote: | And the people those friends want to talk to. And the friends | of those friends. | | To have self-hosted chat services, you either need a niche | enough service that you'll never have two parties that would | want to talk to each other while being on different servers, | or federation. Signal chose the former, so here I am with | eight communication apps on my phone. | | Maybe the next best thing could be to support multiple | servers, like how email clients let you fetch data from more | than one email provider, if they're so worried about | federation inhibiting their ability to control the ecosystem | that they plainly won't go there and hold speeches about how | harmful that situation would be. Then we could have self | hosting and also Signal wouldn't have to care about | federating with my self-hosted server. | ActorNightly wrote: | I mean the idea would be you download the app but use my | server instead of of the default ones. | newscracker wrote: | Which app would they all use and from where would they get it? | Signal does not (intentionally) support the official app using | other servers or the platform itself supporting federation. [1] | | [1]: https://signal.org/blog/the-ecosystem-is-moving/ | YeBanKo wrote: | This can be a premium feature. Run your own server and for a | little bit of money you can configure your client to use an | alternative server. Client code is what make it private and | secure, so you want to use their verified client even with your | own server. | Sol- wrote: | Offering self-hosted servers would probably just degrade the | security guarantees of Signal if people misconfigure them. | Doesn't seem to be worthwhile for the Signal foundation to run | into this risk of undermining their own reputation for a niche | user base who cares about self-hosting. | autoexec wrote: | > Doesn't seem to be worthwhile for the Signal foundation to | run into this risk of undermining their own reputation | | It's a bit too late for that. They undermined their | reputation when they started permanently keeping sensitive | user data in the cloud (like a list of every person you | contact), and then again when they refused to update their | privacy policy which lies to users about their data | collection practices, and then again when they killed off the | ability to get both "secure" communications and unsecured | SMS, and then again when they started adding weird cryptoshit | nobody asked for. Signal seems to be telling people as loudly | as they can not to use/trust them. | exabrial wrote: | Some of these things raise an eyebrow and I'd like them further | broken down (but in the mean time, I'm still donating): | | * $19 million for 50 staff - That's $338k/head on | average. At face value for a nonprofit, I'd like these costs | broke down as this seems excessive. There is far cheaper IT labor | available outside SV. | | * 20 petabytes per year of bandwidth, or 20 million gigabytes, to | enable voice and video calling alone, which comes to $1.7 million | a year - I'd drop these features if possible, or | give them to donors. | | * Storage: $1.3m, Servers: $2.9m - I was actually | expecting this to be far higher - Long term storage | should probably be donor-only - Servers could likely | be optimized by going hybrid cloud with colocation and owning own | hardware, but again, was surprised how "little" they're spending | on this. | | * Sms registration fees: $6m - Stop contributing | and supporting the "Your phone number is your identity" problem. | - Move towards helping educating society and establishing a set | of encryption keys as their long term identity | | It's easy to criticize from the bleachers. Still thankful for the | app and I'll continue to donate. | simcop2387 wrote: | One thing I question with that is that if you gave features to | donors only, wouldn't that mean that signal now needs to track | users in ways that aren't privacy preserving? I.e. you'd be | able to know if any given user using signal now has given | payments to signal. I'm not sure that'd work with what they | want to do as an organization. | asylteltine wrote: | They need to dump sms entirely. Use on device private keys. If | users mess it up, it's on them. People need to get educated | about how to manage private keys. | vore wrote: | As someone technically savvy, I don't trust myself to manage | my own private keys sufficiently for a service that's the | point of contact for all my friends and family. I think it's | a much taller order for someone without the technical knowhow | - remember that Signal's audience includes very non-technical | people who don't have time to learn the technical ins and | outs but absolutely require its utility, like journalists and | dissidents. | a_vanderbilt wrote: | Then few will use it and Signal will die. There is this gap | between the ideals of the technically-minded and the reality | that users live in. They tried to dump SMS - and people | responded by not using alternatives. The entire sales pitch | of Signal is that it is easy and unobtrusive. | mushufasa wrote: | It's easy to say that "you should do x" from the bleachers but | when you're in the arena you run up against reality. For | example, Signal had a blog a while ago about how they tried to | avoid the sms features, actually for privacy reasons, but they | found people just didn't use other alternatives. Here's a | reddit thread of users advocating for SMS support | https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup... | . | | So it was the best of all the available options practically, if | they wanted to grow and retain the users. | bpfrh wrote: | That was for sending SMS via Signal, not for verifiyng users | via sms and they did remove that. | | https://signal.org/blog/sms-removal-android/ | | edit: wording, forgot the word remove | vore wrote: | - That's $338k/head on average. At face value for a nonprofit, | I'd like these costs broke down as this seems excessive. There | is far cheaper IT labor available outside SV. | | You get what you pay for, though. $338k/year seems like a | reasonable salary for people working on something as privacy | critical as Signal - just because you're working for a | nonprofit doesn't mean you have to work for less competitive | wages. | jallen_dot_dev wrote: | Also, employees cost more than just their salary. | foobarian wrote: | I wouldn't be surprised if overhead turned out 1/3 of that | figure. | zimpenfish wrote: | > $338k/year seems like a reasonable salary for people | | That $19M/year was total employee costs which, as best I | understand these things, can often work out to be double the | raw salaries which would bring the average down to a slightly | less excessive $170k/year. | superfrank wrote: | IIRC, employees cost the business ~150% of their salary. That | means we're looking at more like a $220k/yr salary on | average. For a bay area company, that seems completely | reasonable. | eschulz wrote: | Nonprofits, as with for-profits, must pay competitive wages | or they will have trouble getting the expertise that they | need. $338k/head seems reasonable when you also consider | taxes the company must pay for each employee. | raesene9 wrote: | Whilst competitive salaries are important, it's fair to say | that, outside of the US, you can get good people for a _lot_ | less than $338k /year. | | To give one example of a (not that cheap) market, outside of | London average developer salaries are probably under $50k in | the UK. Even accounting for additional costs like taxation | and equipment, that's likely to be under $100k fully loaded. | JumpCrisscross wrote: | > _outside of London average developer salaries are | probably under $50k in the UK_ | | For top-notch security developers, I call bullshit. Signal | would be worthless if it started offshoring development to | nickel and dime. | raesene9 wrote: | I said Average for a reason :D I didn't say you can get | "top-notch" security developers for that. | | I don't think there's industry numbers for that set of | people in the UK, as it's not a big enough set. However | I'd be surprised if they were 150K plus though, that's a | very rare salary in the UK. | | Also there are cheaper countries than the UK who have | great devs. | jtakkala wrote: | There's definitely top-notch software and security | engineers making well north of PS150k in the UK. As you | go up in levels, it's indeed a small set of people, but | FB / Google comp for a top L7 engineer working in the | same space as Signal engineers can be $700k+ in the UK. | Just have a look at levels.fyi, and you'll see that even | finance will pay over $500k in London. Furthermore, given | how small the group of people are at the top of these | companies, very few will self-report their incomes | publicly, which is why you'll rarely hear about the | engineers making $1M+ - but those cases do exist. | | The people behind Signal pioneered end-to-end encryption, | and as is pointed out in the blog post, there's still a | lot of novel cryptography development involved in | building a privacy-first messenger. You can't do that | without top-notch talent. | hutzlibu wrote: | "just because you're working for a nonprofit doesn't mean you | have to work for less competitive wages" | | Actually it does usually. Because when people see real | meaning in their work, as opposed to find yet another way to | manipulate people on other peoples behalf, then you don't | have to buy their consciousness as well. | | So sure, it is awesome, that signals employers get to have | meaning _and_ money. But I would bet, you would find | competent people working for less. (And maybe somewhere else) | | But .. they do have a working app and organisation right now | and drastic changes could destroy that. | vore wrote: | Why shouldn't we want to pay people working at non-profits | the same for their labor than they would get at for- | profits? If they are doing just as or even more important | work, why do we want to bend over backwards to justify them | getting paid _less_ for it? | hutzlibu wrote: | Because funding is limited. And the goal is to maximize | the impact, not make some people happy. | yieldcrv wrote: | costs for a nonprofit are the same as costs for a forprofit | | there's just a bunch of nonprofit employees or personnel that | play on the pauper perception because its convenient, but | "nonprofit" and no money is not correlated to anything | | so if those employee costs were excessive for _any_ | organization, saying non profit doesn't make them more or less | excessive | | I think tech talent is undervalued and should at least compete | directly with FAANG, for many organizations this is not | possible, for organizations with other liquid assets they | create (like Signal) it is possible. All employment hasnt risen | with cost of living, I'm not familiar with other sectors. | Canada wrote: | > That's $338k/head on average. | | Oh come on. Just because the organization is non-profit, | meaning that it's not out to make a profit for shareholders, is | no justification for the staff to be paid below their market | worth. In fact, they could definitely earn more by quitting and | working at for profit companies. And that is especially true | for those who are getting the higher end of the compensation. | | And say that staff number was like, $5m/year less? It doesn't | change the fact that costs of running are substantial and more | donation is needed from those who want it to remain viable. | davidhyde wrote: | < "* 20 petabytes per year of bandwidth, or 20 million | gigabytes, to enable voice and video calling alone, which comes | to $1.7 million a year - I'd drop these features if possible, | or give them to donors." | | How about they pull their socks up and use peer to peer | technology instead? Messages are asynchronous so they need to | be temporarily stored but routing real-time audio and video is | a technology problem that they have chosen the expensive way to | solve. | NOWHERE_ wrote: | If signal adds username only accounts it makes sense to relay | calls if users don't want their IP leaked to the other | person. | contact9879 wrote: | They are peer-to-peer by default between people in their | contacts list. That is for when calling someone that isn't in | your contacts list or for people that have enabled the relay | all calls option. | darth_avocado wrote: | > far cheaper IT labor outside | | This is a product that solves some of the harder problems of | engineering, and has a staff of 50. Cheaper isn't going to get | you the best. If you had a staff of 1000, you could make that | argument. Besides that's not a lot of money to begin with. 340k | is a senior engineer salary and I am sure the people running | the company are far more capable than senior engineers. | | > drop those features | | That's a valid argument, but 1.7M for that 20PB of bandwidth is | not a lot of money. Dropping or making the features paid, | defeats the purpose. If you're trying to be the privacy first | app that competes with WhatsApp and others, this would make it | harder to be a viable alternative. | | > sms registration fees | | Education is a harder problem to solve, but offloading some of | the costs to users may make sense here. | yt-sdb wrote: | > $19 million for 50 staff. That's $338k/head on average. | | How did you compute this? 19/5 is 3.8 | AnthonyMouse wrote: | > I'd drop these features if possible, or give them to donors. | | They can't really do that, it deters adoption of something with | a network effect. | | The real issue here is that direct connections have privacy | implications (maybe you don't want the other party to know your | IP address), so they relay everything. If they could solve that | they could save a lot of money. | | For example, detect if the user is connected via a known VPN | service (which is likely given Signal's user base) and then let | the VPN hide the user's IP address instead of Signal having to | pay for it. Or make a deal with popular VPNs to put the relay | servers in their data centers, which gives a similar advantage | and they might be able to get better pricing from them in | general because the VPNs already have a lot of bandwidth, are | sympathetic to what Signal does and could use it as PR. | olejorgenb wrote: | Making it so that only one party need to have a pro account | might help a bit | AnthonyMouse wrote: | Still doesn't work. Any two people don't have a pro account | and they stop using it in favor of a competitor, and then | their _other_ contacts use the competitor too. You can 't | charge for something WhatsApp has for free. | kuon wrote: | I wish I could use signal without a phone and phone number. | Otherwise it is useless to me. | codemac wrote: | > As a small nonprofit organization, we cannot afford to purchase | all of the physical computers that are necessary to support | everyone who relies on Signal while also placing them in | independent data centers around the world. | | This is really the crux of the problem. ~$3M of servers per year | is more than enough to start purchasing hardware, I wish there | were easier ways for people like me to participate and help | Signal on the cheap. | | As someone who participated in the builds they complain about | being expensive (and ignoring their , I don't think it's a | function of centralization or "troubling" as much as it is | practical. Meta, Google, etc all have many billions they could be | saving if they could figure out how to make it cheaper too. | RosanaAnaDana wrote: | Is it possible to self host signal? Can signal move towards a | model like the fediverse where the software development is | decoupled from the hosting costs? | dindresto wrote: | They are actively working against self hosting, which is why I | want matrix to succeed and signal to die | rufi wrote: | Registration Fees: $6 million dollars per year... how come | sending sms cost so much? | nvrmnd wrote: | I donate to signal, and use it frequently. But I would much | prefer for the app to simply charge users rather than beg for | donations. Even better would be to charge users in a way that | reflects the costs. | | For instance, maybe verifying a new number over SMS should cost | $0.10 if that's going to make up 14% of the operating costs. | | Begging for donations to subsidize excessive use by other users | just doesn't seem sustainable. | arsome wrote: | I would certainly prefer the donation begging - chance of | getting family and friends to use it with an upfront cost: 0. | lxgr wrote: | How are you going to charge users $0.10? Micropayments is a | huge unsolved problem. | renonce wrote: | Buy 50 invite codes for $5 | NotYourLawyer wrote: | Yes, let's tie every user of this privacy-focused messaging | platform to a credit card number. | mmanfrin wrote: | > I donate to signal, and use it frequently. But I would much | prefer for the app to simply charge users rather than beg for | donations. | | Hard disagree. If you charge, the number of people who will use | it shrinks by several magnitudes, and then you lose your | network effect, you lose the ability to get your less | technically inclined friends to install it. | ruffrey wrote: | I would pay for a few signal features: 1. encrypted backups or | backup integration of my chats, photos and videos. 2. business | features (backup, directory integration, search) | | I have not used: 1. voice and video | | Incredible that SMS costs so much. I wonder if it's worth it | because it _saves_ so much in spam and other sorts of fraud or | bad behavior? | Aachen wrote: | I have some good news: go into the settings and turn on | encrypted backups. The clients also all come with a search | function, even if it only matches against start-of-word (which | includes URLs, so you can't search for domain names which | regularly bothers me). | | Directory integration, as in, importing a vcard with everyone's | phone number into your device such that you can tap on anyone's | name and message them on Signal if they've got Signal | installed? | crtasm wrote: | The backup option is Android-only. | Aachen wrote: | O.o TIL. That's weird, apple users already have plenty of | lock-in and own-data-inaccessibility, but so maybe they | figured they clearly don't care? Weird as heck either way | | Then what I can recommend is installing the desktop client | on a server somewhere and reading its sqlite-like (but with | some flaky encryption extension) messages database | rodlette wrote: | I'd prefer a federated solution, but XMPP doesn't yet have decent | support for group chat that doesn't depend on being connected. | https://xmpp.org/extensions/attic/xep-0369-0.1.html is still | experimental. | | Bravo to Signal for being easy enough for my family to use! | fsflover wrote: | What about Matrix? | godelski wrote: | Fwiw, I've seen users suggest hybrid approaches. Interestingly | it could reduce some of the costs they list here and looks like | a route one could take to slowly build towards a fully or | hybrid federated system instead of jumping straight there. But | I am unsure how much the community likes the idea and judging | by that last post it doesn't seem like the mods do. But this | one takes note as two users were willing to place a bounty on | the feature request | | https://community.signalusers.org/t/signal-airdrop/37402 | NoGravitas wrote: | Matrix fixes that issue (and also the issue of the server your | group chat is hosted on disappearing). It has plenty of other | issues, of course. | ZeroCool2u wrote: | Signal is one of the non-profits I happily donate to. Myself, my | family, and my friends use it almost exclusively. | Canada wrote: | Seriously consider setting up a recurring donation if you prefer | Signal. They have delivered consistently over the years. I set | the $20/month back when they introduced the option. | | I'm curious what the breakdown of donations is. I only have 1 | contact with a $10/month and 1 with a $5/month badge. Of course | there could be others not displaying the badge. Signal really | needs 500,000 people giving $20/month and plus the rich guys | giving some millions on top of that to be in a safe financial | position. | | Maybe something that could be done to encourage donations is have | the client estimate how much raw infra costs your usage created | and display in the donation screen. | rglullis wrote: | I fail to understand the point of supporting an organization | that is completely against self-sovereignty like Signal is. Why | would I want to pay someone to develop something that traps me | into their platform and does not offer a way out? | BlueTemplar wrote: | Not _completely_ ? Their server seems to be open source too | now (with the exception of the spam filter) ? | rglullis wrote: | Can I operate my own Signal server and talk with people on | the "main" one? | Caligatio wrote: | You're moving the goal post from "self-sovereignty" to | supports federation with an infinite number of servers. | Nothing is stopping you from compiling your own Signal | server and modifying a Signal client to use your server. | | Given that Signal is free as a service, supporting | federation only increases their expenses. | rglullis wrote: | Without federation, Signal is still working with the | advantage of network effects. So an open source server is | not enough of a way out. | | Element can do it for their Matrix servers. Process.one | can do it for ejabberd. Prosody as well. Why can't | Signal? | sowbug wrote: | Back to your original point: please don't support an | organization that doesn't share important values of | yours! That is absolutely your choice! | | You've named several products that share your values. | Perhaps those would be a better fit if you were to | donate. | Clamchop wrote: | Federation can only make security worse and I do not want | it. You can have something else. | SpaghettiCthulu wrote: | Genuine question: Does Tor fall under the definition of | federation? Either way, a Tor-like model would have | security benefits over a centralized system like Signal, | right? | danielheath wrote: | Given how many activists have used it in overthrowing | dictatorial governments, self-sovereignty seems an odd choice | of words to claim it doesn't support. | rglullis wrote: | Perhaps it was a bad choice of words. What I mean is that | they say "you don't need to trust us", yet they _require_ | you to run through them. They refuse to build their system | in a decentralized way, and the more that time goes by the | more the decentralized alternatives are showing they are as | secure as Signal _without_ forcing us to accept their | restrictions like mandatory use of phone numbers for | authentication. | Barrin92 wrote: | > "you don't need to trust us" | | you literally don't. It's a fully encrypted service. _The | literal purpose of encryption is to move data securely | through insecure or even adversarial channels_. Which you | can verify, it 's audited and open source. | | They refuse to build the app in a decentralized way | because decentralization is an ideological obsession that | is useless in this context, and because centralized | organizations can actually ship polished software that | works for normal people and move quickly. | lrvick wrote: | Centralized supply chain, and metadata protection is | anchored on SGX. | | They can use their pick of SGX exploits to undermine the | weak metadata protections and they (or apple/google) | could, if pressured, ship tweaked versions of their | centrally compiled apps to select targets that use "42" | as the random number generator. No one would be the | wiser. | | Signal is a money pit with a pile of single points of | failure for no reason. | | Matrix is already proving federated end to end encryption | can scale, particularly when users are free to pay for | hosting their own servers as they like, which can also | generate income. | chimeracoder wrote: | > They can use their pick of SGX exploits to undermine | the weak metadata protections and they (or apple/google) | could, if pressured, ship tweaked versions of their | centrally compiled apps to select targets that use "42" | as the random number generator. No one would be the | wiser. | | Signal builds on Android have been reproducible for over | seven years now. That's not to mention the myriad of | other ways that people could detect this particular | attack even without build reproducibility. | illiac786 wrote: | Just don't use it, don't generate cost for them, don't be | trapped by them. Everyone wins. | rglullis wrote: | The 50 million using them all lose because they are locked | into a monopolistic platform. | illiac786 wrote: | they can communicate to anyone with WhatsApp, SMS, | iMessage.... This is a closed system, not a monopoly. | Aachen wrote: | 20/month for every chat service I use is very steep. I'd be | spending more on chat services than on mobile data + unlimited | calling + landline + DSL + streaming services combined! | | They actual costs are apparently about 1 USD per _year_ per | user. I usually at least double (usually more) my incurred cost | when the donation is optional, to cover for those who can 't or | won't pay, but paying 240x the cost price seems wasteful as | well when there are other nonprofits that can do more good with | every dollar you give them (be it solving poverty, climate | change, whatever you find valuable) rather than one which has | mostly fixed fees | climb_stealth wrote: | Same. I have been doing the recurring payment since they | offered it. Even though I'm effectively only using it with my | partner. But that is every day | | It feels good supporting something worthwhile. | bayesianbot wrote: | https://archive.is/k90dC | flower-giraffe wrote: | Did I read that right $19m people cost for 50 people. | notachatbot123 wrote: | It's crazy, 400,000k per person. It would feel like nothing but | an unfair waste of my "cheap-country" money to fuel | "overpriced-county" with a donation. | atlasunshrugged wrote: | But that's not salary, that's the total cost per employee. So | if you factor in ~40% cost for healthcare, pension, perks, | and various taxes, then the average salary is closer to | $240,000 which will still a bit high, is probably less than | market for the average engineer working at the company. | gamblor956 wrote: | Per the 990, which is just salary, multiple employees at | Signal are getting paid over $650k. That's way above market | for the nonprofit sector for comparable positions. | macNchz wrote: | From page 2 of Schedule J (at the bottom) they break out | the components of the compensation, showing that most of | those numbers incorporate a base salary that looks fairly | normal with 2-600k of bonus & incentive comp on top. | | In curious Googling to see if there was an explanation | for how their structure works, I stumbled on this | interesting Glassdoor review: | | > The bonus structure promised up to a 100% match with | salary, but in practice the system was set up so that | nobody got more than 50%, if that. Had I understood this | I probably would have taken a competing offer that | ultimately would have had much higher comp. | | > The quarterly cliff on the bonus system, where a | feature failing to ship within the quarter specified | (even if just by a single day) was counted as if you | hadn't done it at all. This led to death marches each | quarter as everyone scrambled to try to finish | unrealistic goals. It wasn't possible to get help from | anyone else at these times since of course they too had | the same problem. | | > Nominally, the quarterly goals were set in a | collaborative process. In practice it was a 2 day full | day meeting where we were told what Moxie had decided we | were going to do - our input wasn't really considered at | all, including if it was even viable to complete in a | quarter. I'm fine with top down control, that's how most | corps work, but I disliked the false patina that this was | some democratic process. | | > Internal communications are a disaster, because Signal | uses Signal for everything, including things Signal isn't | at all designed for or good at. Bug tracking is literally | done in a giant group chat. I have a newfound | appreciation for JIRA. | | https://www.glassdoor.com/Reviews/Signal-Messenger- | Reviews-E... | notachatbot123 wrote: | Even in central Europe $240000 would be way more than what | an average engineer would cost. I'd estimate ~$150000 for | well paid jobs there. | thomasjudge wrote: | Would be interesting to know exec salaries, the latest | nonprofit disclosure I could find was from 2019 | jenny91 wrote: | Form 990 from Dec 2021: https://projects.propublica.org/nonpr | ofits/organizations/824... | oconnore wrote: | Would you actually want Signal to be cheaping out on the | developers that are maintaining the cryptography software that | protects millions of people? | | Someone with that level of expertise is going to be expensive. | Aissen wrote: | The cloud tax is crazy (especially bandwidth). Pretty sure Signal | has reached the scale where they would be cheaper by building | their infra, maybe starting with the most expensive (storage + | bandwidth), and then doing others. | | SMS is (unfortunately) core to the product, so I'm not certain | how they could make it cheaper, while retaining the same | properties (user+pass registration would be a nightmare for spam | and change the UX). | Rastonbury wrote: | Anyone know much does it become worth it to build your own? | They spend around $3-4m on storage and bandwidth | maxfurman wrote: | Data centers cost billions. Signal, and pretty much everyone | else who isn't already in the data center business, is far | away from breakeven on that. | Symbiote wrote: | There are several steps between using AWS and building a | datacentre. | | - Using similar services from cheaper cloud providers | | - Renting VMs | | - Renting whole servers | | - Renting rack space + power | | - Renting larger spaces (many racks, or part or all of a | whole floor) | hotnfresh wrote: | The small ISP/phone/cable company I worked for in high | school had a data center. Maybe 20 racks. It was pretty | damn reliable (old-school phone infra techs knew how to | make shit stay "online"). I guarantee it wasn't above the | single-digit millions to build, inflation adjusted. | frakkingcylons wrote: | That example of your small telecom company isn't really | relevant here, is it? Signal needs to work well for | people around the world. | hotnfresh wrote: | You can serve tens to hundreds of millions of messaging | clients with data centers (plural) that don't cost | _billions_ , even collectively, to build. | Aachen wrote: | > millions upon millions of new people suddenly switched to | Signal in January 2021 after WhatsApp updated their Terms of | Service | | From a footnote of the article. Maybe this is why they've | stayed with "infinite scale, infinite costs" (commonly known | as "cloud") so long? Surely at some point this is worth | considering though, I would also be curious where that point | lies | | Virtually anyone, also when spending only 100 euros/month on | server providers, can save a large percentage of costs by | taking it in-house. There might be a gap where you need | dedicated personnel and it's briefly cheaper to outsource | before you grow and it inverts again, but generally if you've | got a stable service then this is nearly always worth it | | Maybe a hybrid, where new users onboard onto cloud and they | buy hardware for expected loads (i.e. current users), would | be the most cost effective. I wonder how hard that is to | combine the two worlds, but anything that requires more than | one server already has that sort of communication going on so | there shouldn't be any real blockers. Maybe the two types of | infra add costs/risks again and that's why one rarely sees | this setup? | melbourne_mat wrote: | I know AWS - and I would guess the others too - discourage | hybrid by setting the egress traffic costs to extreme | levels | poutinepapi wrote: | Understood, $7 CAD per month are heading your way since I use | Signal quite a bit. | jdoss wrote: | I started paying for Signal when they rolled out the | subscription feature at the $5/mo plan and after reading this | post, I just moved to the $10/mo plan because of how much I | value this service since I use it every day. I hope other users | subscribe if they are able to do so. | narinxas wrote: | but what does this mean in terms of VISA vs MasterCard? | kirbypineapple wrote: | I would pay a subscription fee if only to get back SMS | capabilities. | ChrisArchitect wrote: | [dupe] | | More discussion over here: | https://news.ycombinator.com/item?id=38291427 | popol12 wrote: | 2 ideas to limit costs: Make it a 2 tier plan: free tier is text | and images only, paid tier adds audio/video calls Remove the need | for phone number verification | | I'd be happy to pay 10 bucks a year for Signal. | alternatex wrote: | They do that and everyone moves to WhatsApp or Telegram. Your | comment ignores the whole private chat app landscape. | ThinkBeat wrote: | I am too cynical by far, but Signal being run by an ex-Googler is | not at all reassuring me of its long-term commitments to security | and privacy. | nottorp wrote: | To be cynical in another direction, if it wasn't run by an ex- | Googler it would probably cost 1/3 of what it does now to run | it :) | mushufasa wrote: | Every time I hear about Signal's donation notices I start | thinking about ways they might generate revenue. I'm sure Signal | staff have considered a ton of options already. Anyway, | | - can't do personalized ads or geo-specific ads, so doing generic | ads wouldn't drive a ton of revenue anyways | | - can't require users payment because when payment (most forms, | including bitcoin!) can be used to identify people | | - No real benefit to themed group chats (like discord nitro) | since it doesn't focus on community groups | | I'd love for someone to figure this out, though, because a | nonprofit structure for an app is not sustainable. | olah_1 wrote: | So charge everyone $2 per month to use it? _shrug_ | | If you're not going to show how much money you get via donations, | I'm not donating. I'm not going to donate more than you actually | need, for example. | bongripper wrote: | Signal already has a very hard time competing against the | network effects of WhatsApp and Telegram and getting people on | the app, a fee would only increase that. But making it n$/year | but with the option for an account withiot a phone number like | other people are suggesting sounds nice, peace | AnonHP wrote: | > Signal already has a very hard time competing against the | network effects of WhatsApp and Telegram | | May not be the best thread to say this in, but Signal isn't | as good as Telegram and WhatsApp on features. People can be | persuaded to switch, but may have different expectations than | what Signal can satisfy. | frivoal wrote: | https://projects.propublica.org/nonprofits/organizations/824... | lxgr wrote: | Their competitors are free. Charging $2 would make Signal a | non-alternative for many of their users, and due to how the | network effect works, it would greatly reduce the utility for | everybody willing to pay as well. | | And that's all without even considering the significant | overhead of collecting low-value payments internationally. | olah_1 wrote: | If you have a sustainable business model, you don't _need_ | the network effects. Threema is fine with a smaller userbase | because they have a business model that works. | lxgr wrote: | Yes, but Signal and Threema seem to have a pretty different | mission. | NoMoreNicksLeft wrote: | I always wonder why no one ever mentions Session. Is there some | defect in its tech, or is it just not a comparable product? | RunSet wrote: | It's an uphill battle. I asked to recommend Session on the | privacy subreddit- which the moderators denied because Session | lacks a well-documented endorsement from a public figure | regarded as an authority with regard to privacy. | | That is a non-starter specifically in the context of vetting | privacy-enabling software. Anyone got a list of privacy | celebrities with enough spare time to vet reddit content? | NoMoreNicksLeft wrote: | It really comes down to that? Wow. | | Thanks for answering though, it really bugged me, and I | couldn't find anything on it. | RunSet wrote: | If you ever have nothing better to do, view the revision | history on the wikipedia entry for Session Private | messenger and witness the petty roadblocks thrown up as | objections to allowing it to have an entry. | | I'll just say Session had to meet a lot of criteria merely | to _have_ a wikipedia entry that Signal 's entry did not | meet at the time. | | To this day Session's hard-won wikipedia entry is saddled | with a "limitations" entry best summarized as "Session is | not Signal". | | https://en.wikipedia.org/wiki/Session_(software) | collaborative wrote: | FB only wanted whatsapp to preempt a potential competitor. They | are happy to give the service for free (at a loss) | | There is no room for monetization because of FB. In other words, | you can't compete with a monopoly, even if you are in a different | business. They simply take all | newscracker wrote: | FB is getting and using some metadata from WhatsApp. FB also | said it would be introducing ads in WhatsApp. While WhatsApp | may not be raking in a lot of money, it's not a complete loss | for Meta either. | swaraj wrote: | Love Signal over Telegram, Wickr, etc. | Brian_K_White wrote: | I am imagining a donate page in the app that incorporates this | willingness to be public about the costs. | | It offers a way to configure a recurring donation for whatever | amount and whatever schedule you want. $100/year for instance, | but as you slide the slider or enter a number, it shows you if | that number leaves Signal in deficit, covered, or surplus, if all | other users who are currently paying anything paid this much. | | Instead of just trying to suggest an amount with no explaination | of what it means, is $5 still leaving them starving? is $5 5x | more generous than needed? You still get to use it for free. But | if you are of a mind to be one of the ones chipping in to keep it | alive, you see exactly what is the right amount. | | When 10k people are paying for 10m other people, that "covered" | amount may be pretty high, apparently 5x what the average donater | is currently paying. (article says it's 20% of total) | | But with that little bit of non-repulsive non-abusive game | theory, just honest information but presented in an immediate | way, a lot of those other 10m users would start to chip in, and | the covered amount would come down. Some users will say, well, I | can swallow 5x what I was paying, and others can just leave their | donation level in the red. But I think a lot more people would go | from 0 to a few bucks if they could see exactly what it means and | know that it wasn't a waste. | | Maybe the donate function could even have a setting track the | current covered value automatically so that your bill | automatically comes down as other people start adding to the | pool. | | Also have it display the 3% or more transaction fee overhead | going to the debit card and other payment processors, to show | right there graphically how much you're wasting by paying a small | amount monthly vs a large amount yearly. Everyone always hides | that but I say show it prominently. | superseeplus wrote: | While I would be willing to pay a fee to use Signal, most people | won't and then Signal would turn into a deserted landscape full | of privacy nerds who only talk with each other. On the other | hand, being better at soliciting donations more often would be | more helpful. I'm a regular Signal user and didn't even know I | could donate. | NotYourLawyer wrote: | Just donated $100. I've gotten way more than $100 of value from | them. | bilal4hmed wrote: | If your employer matches don't forget that ... Easy way to | double your donation | amluto wrote: | I find this surprising: | | > As a small nonprofit organization, we cannot afford to purchase | all of the physical computers that are necessary to support | everyone who relies on Signal while also placing them in | independent data centers around the world. Only a select few of | the very largest companies globally are still capable of doing | this. | | Signal may be "small," but they're spending plenty on this. | Registration is expensive and hard to do without using one of the | large expensive providers. But there's $7M for servers, storage | and bandwidth. These are comparatively easy: servers and storage | ( _especially_ for a service like this where availability for the | substantial majority of the data is not terribly important) come | in nice pre-manufactured boxes that can easily saturate 10Gbps | and can store quite a few TB at very very high IOPS. [0]. And the | forwarding model isn't very latency sensitive - several hundred | ms for most users is _fine_ , and sending media via Signal is | quite slow regardless. So having many points of presence doesn't | seem terribly important. I bet that two small colocated | facilities could cover all of North America quite nicely. | | Bandwidth costs outside the cloud world, at least in North | America, are comically cheap compared to the major clouds. | | [0] A service like Signal ought to need relatively little | processing compared to bandwidth and storage for the data plane. | AWS and the like may not have a particular good match in their | catalog for this use case. | Maskawanian wrote: | I would use Signal, but it ties to a mobile number, that is why I | don't use it. Been using Element/Matrix instead. I'd consider | switching if I could primarily use it on a Desktop decoupled from | a mobile device. | rob74 wrote: | > _she wanted to call attention to how competitors pay these same | expenses: either by profiting directly from monetizing users' | data or, she argues, by locking users into networks that very | often operate with that same corporate surveillance business | model._ | | There is also a third alternative: Threema | (https://play.google.com/store/apps/details?id=ch.threema.app...) | is a privacy-focused messenger app that tries to cover its costs | by *gasp* asking for _money_ for the app! But of course those | notoriously financially-conservative Swiss can 't hold a candle | to Signal, who first decided to give away their app, same as | those other messenger-making companies flush with cash, and then | found out that supporting all those users who download your free | app actually costs money... | newscracker wrote: | This was a nice, detailed read. At some point, Signal would have | to move out of cloud providers at least for a few things to | manage costs better. | | I was happy to note this about employee compensation since paying | them well is a good thing apart from their personal motivation to | work on this (even at a comparatively lower pay than in other | companies/projects): | | > When benefits, HR services, taxes, recruiting, and salaries are | included, this translates to around $19 million dollars per year. | | > We are proud to pay people well. Our goal is to compensate our | staff at as close to industry wages as possible within the | boundaries of a nonprofit organization. | | That said, I really dislike Signal for a few reasons. The first | is what many people have already talked about very often -- | forcing to use a phone number to register. Since the SMS or call | costs are quite high, Signal could adopt the iMessage approach to | verification, which is having the user send an SMS to the service | (this will cost the user some money depending on which country | the SMS is sent to). This could be decided based on the country | code so that the current SMS OTP model can coexist. | | Signal is obstinately user unfriendly on a few aspects on user | experience, more so on iOS/iPadOS. Firstly, it refuses to provide | a data backup mechanism for iOS/iPadOS. If someone loses their | devices, there is no way to restore older messages. Even setting | up a new device requires the old device to be in physical | proximity to transfer the data. Signal does integrate with | CallKit (to act like a phone app) and with Apple's notification | services, but refuses to allow the user to backup the data with a | password to encrypt it. | | Secondly, I found this paragraph in this post to be disingenuous: | | _> Such practices are often accompanied by "growth hacking" and | engagement maximization techniques that leverage dark patterns to | keep people glued to feeds and notifications. While Signal is | also free to use, we reject this kind of manipulation, focusing | instead on creating a straightforward interpersonal | communications app. We also reject business models that | incentivize such practices._ | | Signal on iOS/iPadOS wants the user to enable notifications and | to share contacts. If notifications are disallowed and if | contacts upload is disallowed, it will pester every few days | about it. One might think this is a silly mistake that Signal | isn't aware of. But it was reported some years ago and Signal | responded that it will not fix it because it believes this is the | only way. [1] Not even an option where this is a toggle for those | who want no notifications or don't want to share contacts (Signal | does have a toggle for contact joining notifications). | | Signal is also not that reliable in delivering messages in a | timely manner compared to other apps (the GitHub repo has many | repetitive issues on this topic over all these years). | | Finally, since Signal has poorer UX in general, which isn't an | easy or cheap thing to handle, I use it only with less than a | handful of people who I know and who use it. | | I'd donate occasionally so that Signal can continue to exist, but | I don't feel like supporting it every month with all these | issues, some of which look like Signal ignoring the user and UX | issues completely. | | Edit: Removed some hard words. | | [1]: https://github.com/signalapp/Signal- | iOS/issues/4590#issue-72... | Y-bar wrote: | > Firstly, it refuses to provide a data backup mechanism for | iOS/iPadOS. If someone loses their devices, there is no way to | restore older messages. | | This is not the only case where Signal has decided that users | should not be in control of their own data. For example an | Apple Store or authorised repair shop may need to reset the | phone, or an OS upgrade goes badly and needs a restore will | also lead to data loss even if there is a full local encrypted | backup made. | | It is really orthogonal to the much of what Signal claims to | stand for them to so boneheadedly insist that users should not | be allowed to own and control their own data. | m3kw9 wrote: | They could use a free plus subscription model for really pro | features, like "extra privacy", "faster sending speed", "create | bigger group rooms", these are bad features but you get it | YeBanKo wrote: | As soon as there is "extra privacy" for a premium, I would | ditch Signal immediately. It's either provate and secure or | it's not. Certain things cannot be half measured. | eviks wrote: | Or the extra privacy could be the current misfeature where | you can't properly sync messages across devices. No reason to | ditch over that? | BlueTemplar wrote: | Not having to rely on a phone number would be extra privacy. | | They are stuck with SMS though _because_ it 's a costly... | signal that prevents spam. | | (Sounds like an opportunity ??) | | But then this might solve the funding issue for them, but | being tied to most payment systems would only somewhat | improve the situation for the users. | | I understand now why they dabbled with cryptocurrencies | (Monero having proved that these can be anonymous short of | having NSA levels of computing power ?). I haven't been | keeping up, how did that work out ? | nottorp wrote: | Ok, have they decoupled my identity from my phone number yet? | | I mean, to donate to them I'd have to use it. I don't need | another WhatsApp. | contact9879 wrote: | almost, usernames and phone number privacy are in testing now | AnonHP wrote: | That's only phone number privacy from other users. | Registration would still require a phone number, which is | what GP seems to be unhappy about. | nottorp wrote: | I don't see the point of all that encryption when the ends | of a conversation are tied to publicly available info like | a phone number. | | Do you think $SECRET_POLICE will care that they can't | decrypt my messages when they know I have exchanged said | messages with a known dissident's phone number? | | $SECRET_POLICE doesn't do innocent until proven guilty. | contact9879 wrote: | Signal's design for usernames and phone number privacy | means they won't know | | Also, dissidents aren't the only (and definitely not the | primary) intended users for Signal | akprasad wrote: | I just donated $10 to Signal. Here's how to do so on iPhone in | less than a minute: | | 1. Open Signal and click on your user icon in the upper left. | | 2. Go to "Settings" --> "Donate to Signal". | | 3. Click "Donate", select your donation options, and pay with | Apple Pay. | olejorgenb wrote: | Does this entail a 30% cut to Apple/Google? | bilal4hmed wrote: | https://support.signal.org/hc/en- | us/articles/360031949872-Do... | | Easy google , but no it doesn't | aendruk wrote: | #cut | smolyeet wrote: | Does it matter. 70% of something is better than 100% of | nothing. | mplanchard wrote: | I've got a recurring donation of $5/mo I set up ages ago | Melting_Harps wrote: | > I've got a recurring donation of $5/mo I set up ages ago | | Thanks for that, I did a one off 300 euro donation back in | '21 during the bubble market; Meredith has been doing the | rounds [0] and she hits on lots of good points, and even went | to the UK over their now failed bill during the Summer. | | 0: https://www.youtube.com/watch?v=ykfABSBeAVo | niuzeta wrote: | Me too! Set it up once and forget. I love their work and | Unlike any other charity/nonprofit that I've donated to, they | never bother me any further. | godelski wrote: | Also a reminder, your work might have a donation matching | system. All the major tech companies do, so you can really | boost your effect. | nurple wrote: | I guess maybe I'm missing the purported point of signal, | attaching your phone number to use it notwithstanding, but | attaching payment identity to it as well? Like, what's the | point of going through the pain required to use it? | Krasnol wrote: | Signal is not for anonymity. | | It's for security. | hutzlibu wrote: | It is not meant as a anonymous messager, but an encrypted | one, you can trust to not sell you out. | chimeracoder wrote: | > I guess maybe I'm missing the purported point of signal, | attaching your phone number to use it notwithstanding, but | attaching payment identity to it as well? Like, what's the | point of going through the pain required to use it? | | Your payment info is not connected to your account. | | https://support.signal.org/hc/en- | us/articles/360031949872-Do... | nerdbert wrote: | Most people using Signal - and particularly most people | likely to donate - are not using it to hide their identities, | but to decrease the chance of unknown parties reading their | conversations. My Signal account has my full name on it, and | checking my top contacts, most of them do too (some only have | their first name). | hgomersall wrote: | There doesn't seem to be a way to pay annually, which I'd | prefer to a monthly payment. PS5/month is just a little high, | but I'd merrily pay half that or PS30/year. | qwerpy wrote: | I had an old Apple Store & iTunes gift card laying around so I | redeemed it and attempted to use it to donate via Apple Pay, | but get "Apple Account - Not enabled for in app payments". | Google isn't very helpful about exactly why. Am I missing some | KYC somewhere or are payments of this type prohibited from | "Apple Account" balances? | denysvitali wrote: | So you donated to Apple too in the process? | Vicinity9635 wrote: | Thanks, I just setup a $5 a month donation. | | Love what signal's doing for the world. | marssaxman wrote: | Thanks for the suggestion; I just signed up for the $5/month | plan. I have been using Signal for years, but never considered | donating anything before. | YeBanKo wrote: | Nothing seems out of the ordinary in terms of costs. But there | some features that would be pertinent to their core mission of | providing a secure messenger, and stories and payments aren't | some of those. Stories button takes up half of the bottom | navigation bar, I have not seen anyone using that feature. Their | non-product approach is what prevents men from becoming a | recurring donors. They are finally testing a build with | usernames, but it has been long over due. | dang wrote: | Related: https://www.wired.com/story/signal-operating-costs/ | | (via https://news.ycombinator.com/item?id=38291490, but we merged | the comments hither) | ilaksh wrote: | I donated $5. | mortallywounded wrote: | I don't understand how storage can cost a million dollars when | they don't store anything. Even if messages are queued, how do | you get millions of dollars in queued storage? It's hard for me | to imagine... even if you receive and send trillions of messages | I don't think you would end up storing much at all. | | As for registration fees, it sounds like they should use | authenticator instead of SMS... and stop requiring a phone number | to sign up. That is why I left Signal (went with Matrix). I don't | see why _anyone_ would want to tie their Signal to a phone. If | you value privacy, why would you do that? | | Servers cost seems excessive as well. I don't believe you need | that many servers, even if you served a boat load of requests. | | As for bandwidth.. okay, that may be the case. I am not sure how | you can get that cost down. | AnonHP wrote: | > Even if messages are queued, how do you get millions of | dollars in queued storage? It's hard for me to imagine... | | The details are there in this post, but I can offer a few | guesses. Users may be using multiple devices. And the service | has to deliver to all the linked devices before ejecting the | message from its storage. The time limit for storing and | waiting for linked devices to come online is about a month. | With tens of millions of users, this could add up. | mortallywounded wrote: | Even if every user had dozens of queued up messages, I don't | think it equals millions in storage costs. Maybe I'm naive, | but I have a storage/database/queue with billions of records | and it costs <$700/month. | | _shrugs_ | charles_f wrote: | You have to appreciate the complete transparency, gently nudging | towards giving without ever begging for it. | | Refreshing compared to the alternative that Wikipedia is showing, | with the tantrum-like emails we receive from their CEO like "LAST | REMINDER" or "We've had enough" ; which they ironically send to | people who gave. | GabeIsko wrote: | Those are just non-profit fundraiser consulting tactics. Don't | take them personally, just ignore them. The reason they exist | is that Wikipedia has too much money, so they spend some on | consultants who say they can raise more. It's weird, but that's | how the world works. | | I would much prefer the Wikipedia endowment model of non-profit | orgs. They have a standard operating procedure with a | predictable budget, and endowment that let's them run | indefinitely, and we just have to suffer through pledge drives. | I just block them with ublock filters. I gave them 6 dollars | back in 2012, and according to their marketing that is enough | for life. | wpietri wrote: | > Don't take them personally | | No. They are meant to manipulate me personally, as well as | other persons I care about. I will take them personally. | | More broadly, I don't have to excuse bad behavior just | because somebody's making money off it or because it makes | some too-narrow metric go up. Yes, it's a complex and | imperfect world. But to me that's a reason to work harder to | make things better, not a reason for people to say, "fuck it" | and make the world worse. | charles_f wrote: | > They are meant to manipulate me personally, as well as | other persons I care about. I will take them personally. | | This, absolutely! they play on people's psyche and mental | cabling by trying to guilt you in the same way your parent | would ; it's manipulative, and I have an absolute hatred | for these tactics. | dheera wrote: | I'm good at detecting manipulation now, and the more | someone _tries_ to manipulate me the less I will give in. | | I just put my money toward people who don't do that crap, | and I want the manipulators to see that I'm giving money | to their non-manipulating competitors. | GabeIsko wrote: | I'm not saying they are not wrong - it's unfortunate that | there is a second hand market for fundraising consulting. | It doesn't accomplish anything productive, yet here we are. | The key point is to understand that this is caused by | Wikipedia having too much funding, not too little. As | internet denizens, we can be proud that an open source | store of knowledge has money to blow on wasteful | consulting, and then proceed to create our ublock filters | worry free. | | This is different than what is currently going on with | venture backed services like reddit and youtube. I would | argue that we should block ads there too, but there it is | an arms race where we have to consider ways to protect | ourselves from encroaching privacy violations. It's much | ruder, and that is something we should actually be mad at. | JohnFen wrote: | > Those are just non-profit fundraiser consulting tactics. | Don't take them personally, just ignore them. | | I don't take them personally, of course, but they do | encourage me to avoid forking over any money. | tivert wrote: | > Those are just non-profit fundraiser consulting tactics. | Don't take them personally, just ignore them. The reason they | exist is that Wikipedia has too much money, so they spend | some on consultants who say they can raise more. It's weird, | but that's how the world works. | | It's still shitty, even if it's a shitty "standard practice" | and not a shitty thing being done to me particularly. | | Honestly, it seems like Wikipedia's goodwill is seen as an | exploitable resource, that people in Wikimedia are using to | do other, unnecessary things (probably building little | personal fiefdoms). | | Sort of like Mozilla, actually. IIRC, they literally won't | let you give them money to fund Firefox development, and any | donations you give them go fiefdoms almost certainty entirely | unrelated to why you gave them money. | halyconWays wrote: | Wikipedia is particularly insulting because they make enough | money to cover the actual costs of running Wikipedia (the site) | in days if not hours, and could operate for years without any | additional donations: | https://news.ycombinator.com/item?id=32840097 | mhh__ wrote: | Is that including staff + trying to do new stuff or just the | servers. | _Algernon_ wrote: | Why should Wikipedia do new stuff? Or rather, why is it | okay for Wikipedia to _lie_ to people to get funding for | their new pet projects? | qingcharles wrote: | Some of those new projects are directly applicable to | potentially improving Wikipedia. Some. | wpietri wrote: | > Why should Wikipedia do new stuff? | | Because it's not perfect yet? | | The point of Wikipedia is not to have some servers | ticking over. The project has a vision: "Imagine a world | in which every single human being can freely share in the | sum of all knowledge." | | I agree it's not ok for them to lie, and am bothered | enough by their dubious fundraising tactics that I | stopped donating. But that's a totally separate concern | than whether Wikipedia's mission is complete. | starttoaster wrote: | What is the mission for Wikipedia beyond doing what they | already do, which is just hosting the largest internet | encyclopedia? Purely curious because I thought Wikipedia | was pretty much at its end game for what it wants to | accomplish that is the job of the organization rather | than the job of all of its volunteers. | karaterobot wrote: | It includes staff, but not new stuff. The new stuff seems | to be mostly things not directly related to Wikipedia, like | funding third-party projects or causes. I'm trying to be | politic here: many people don't like the projects they are | funding with donation money, and others just don't like | that they give money to any projects, and other people | don't like that they keep the banner up after they've paid | for salaries and keeping the lights on. | JohnFen wrote: | And others, like me, resent any hard-sell tactic and | won't give money to anybody using them. | MrDresden wrote: | Is it personally insulting to you that a completely free high | quality services sometimes ask if you want to donate what | ever small amount you'd like? | | You'll be proper mad when you realize how much money that | other company, whom you regularly pay for access to their | services, has in the bank. | vander_elst wrote: | 19M for ~50 people is quite a good compensation | nwellinghoff wrote: | Wish they provided some numbers of actual messages, type etc. per | day. Seems like a good game plan would be. | | 1) Get off the major cloud providers that charge insane egress | fees. 2) Remove SMS verification. A simple solution might be the | app gives you a code and then you dial in to them and punch in | the code to them. Like a reverse voice based authentication. 3) | Remove voice and video calling for non donating users. 3) Remove | media texting until both users allow a p2p connection. 4) Remove | no contact list message hosting for non donating users. | | Lot of unpleasant trade offs there. But I would rank having a | text based private messaging app as the top feature. Everything | else is a "very" nice to have. I applaud what they are doing and | the sacrifices that have been made so far. | rando_person_1 wrote: | does the dial-in suggestion work? Seems like spoofing phone | numbers is trivial, while spoofing numbers for inbound SMS is | harder. | jpollock wrote: | About the SMS verification, it depends on the goal. If the goal | is to verify a phone number, you can't trust the _sender's_ | address in the phone network. | | So, you can't trust the address in the "From" on an SMS or the | "From" of a phone call. | | That means a voice call to Signal would not work to validate | phone numbers. | nwellinghoff wrote: | Good point, I guess we are proving why the resorted to using | numbers in the first place. Unless you have a verification | point that includes a "charge". Indirect or direct, your | platform gets flooded with spam/bots. Does anyone have ideas | of how this problem can be solved while also preserving | privacy? | | Problem: A system that enforces a monetary penalty to prevent | sign up abuse while also not tying a users identity to said | system. | | Without doing some pain in the a crypto stuff it seems like | there are no easy solutions other than the # | forgotusername6 wrote: | You can charge for SMS. You send a message to signal, charged | at an amount to cover the return message which contains a code. | hnlmorg wrote: | > Get off the major cloud providers that charge insane egress | fees | | At on demand prices, yeah. But companies of sufficient demand | can enter into volume discount programmes. | jahabrewer wrote: | > Get off the major cloud providers that charge insane egress | fees. | | And run their own DCs? Cool, they'll just need a lot of upfront | capital aaaaaand they're back in the "need money" boat. Except | more so. | heavyset_go wrote: | There's a ton of options between paying premium cloud prices | on egress and running your own data centers. | GuB-42 wrote: | Removing essential features like voice/video calling for non- | paying users would be a terrible choice IMHO. This is a | communication app, which means it is only useful if others use | it too. | | And how are you going to convince others to pay for Signal when | there are many free alternatives, including WhatsApp, which | most people already have and while not as privacy focused as | Signal, does have end-to-end encryption. If Signal makes people | pay for voice calls, they will simply use WhatsApp, regular | phone calls, or whatever is free and popular at the moment. | | The success of Signal came from being very low friction, | privacy is the "nice to have" feature, at least for most users. | But add friction and they will look elsewhere, Signal is not | WhatsApp, it doesn't have enough of a critical mass to keep | users on its network. | | All that will remain will be a small core of cypherpunks and | people who _really_ have something to hide. This is bad because | one strength of Signal is that it is a mainstream app, making | it hard to single out "interesting" people compared to those | who just use it because their geek friend told them to and they | like the shade of blue. | nwellinghoff wrote: | Valid but if there is no model that is sustainable then who | cares if its successful? Some trade offs will have to be | made. How can they keep going if the vast majority of people | don't pay? They don't have the model of "ok we are going to | flip and monetize after we get to X mass". Its like a growth | startup but with no end game plan. | GuB-42 wrote: | Call to donations, ads, pre-mined cryptocurrencies, selling | cosmetics, premium features no free service offers, | partnering with other organizations, etc... | | They already do some of these, and some are less popular | than others, but the key is to keep the essential features | free and easy. | | On Discord for instance, a free account is enough to cover | all of most people needs, but you get a little extra by | paying a subscription, and it is enough for Discord to be | worth billions. Maybe not the perfect example since Discord | has a critical mass, but no one wants to leave just because | they don't have premium features (larger uploads, higher | resolution streaming, flashy emoji) for free. | | For Signal, it seems like just calling for donations is | enough. They have a good image, so they can do that. It can | actually be a solid business plan, look at Wikipedia, they | get more than $100M a year doing that despite the | controversy. | dpc_01234 wrote: | Signal should be able to bring in some revenue other than | donations. Premium features that don't compromise the privacy? | Premium stickers? Extended emojis only if one paid $1 etc.? | vlovich123 wrote: | I feel like investing in p2p approaches and having people donate | spare server capacity might be better. For example, relay calling | was p2p in the original Skype and worked well. Apple private | relay is a similar concept whereby there are two intermediaries | to make things private. It gets trickier since in mobile land you | can't run servers really, but I feel like the Signal population | has enough spare capacity to offload bandwidth and stuff and | could be an easier sell than "please give us money". | | For the sms verification, I feel like forcing the requester to do | some bitcoin mining for you could potentially pay for itself. | siliconc0w wrote: | Can they require users to send them a SMS instead for | verification or that more easily spoofed? | greyface- wrote: | An entirely peer-to-peer instant messaging network, which doesn't | rely on a central authority, is technically possible. A $50M/yr | burn rate to implement that authority as an act of charity is | simply unsustainable. Why do we insist on continuing down this | path? | | Attempts to decentralize or federate Signal are met with | hostility. The Signal Foundation tells us that this is the only | possible way; "the ecosystem is moving", and we must exist in | competition with commercial offerings, rather than build | something small, sustainable, and decentralized. This is great, | until the AWS bill is due. | contact9879 wrote: | Because peer-to-peer messaging is not a solved issue. People | want asynchronous conversations and not have to expose their | location to everyone they talk to. | | There are other platforms that are working on federated e2ee | services (it's not easy. matrix was completely broken a year | ago). | greyface- wrote: | I'm not suggesting that it's a solved problem, but it's a | solvable problem, and the Signal Foundation should be using | its (significant) resources to solve it, rather than slowly | bleeding them out to AWS, GCP, Azure, and Twilio. | Unfortunately, solving that problem also significantly | reduces the scope of the Foundation, so there's little | incentive. | melbourne_mat wrote: | Total salary bill: $20m. 50 staff so average salary: $400k. I'd | be happy with $200k USD - that's more than I get paid in my | country at current exchange rates. | cfn wrote: | Probably includes taxes, social security, health insurance, etc | nonameiguess wrote: | I've actually posted Signal's tax return before, but a great | thing about US nonprofits is the tax return is publicly | available from the IRS website: | https://apps.irs.gov/pub/epostcard/cor/824506840_202012_990_... | | The last one available is from 2020, though. They tend to lag a | few years behind. They're required to report key employees plus | top-five compensated who aren't "key." Brian Acton and Meredith | Whittaker both earn no salary at all. Their COO got $290 in | 2020. Moxie Marlinspike and their top five developers/managers | were all in the 400-600 range. | | I'm sure they pay well (don't have much choice if you're going | to be based in San Francisco), but I highly doubt 400 is an | average salary. The expense being reported is total cost of | employment, which includes FICA taxes paid by the employer, | 401k matches, and probably most notably healthcare, but all | benefits and in-kind compensation. | hiatus wrote: | > The expense being reported is total cost of employment, | which includes FICA taxes paid by the employer, 401k matches, | and probably most notably healthcare, but all benefits and | in-kind compensation. | | This is incorrect, reportable compensation on a 990 is the | amount in box 5 of the employee's W-2, which does not include | health insurance, taxes, etc. | | https://www.irs.gov/charities-non-profits/exempt- | organizatio... | wolverine876 wrote: | It's amazing what they produce with their headcount: | | _First, we have three distinct client teams, one for each | platform (Android, Desktop, and iOS). These teams are constantly | working: adjusting to operating system updates, building new | features, and making sure the app works on a wide variety of | devices and hardware configurations. We also have dedicated | engineering teams that handle the development and maintenance of | the Signal Server and all of its infrastructure, our calling | libraries like RingRTC, and core libraries like libsignal. These | also need constant development and monitoring._ | | _Product and design teams help shape the future of the app and | determine how it will look and function, while our localization | team coordinates translation efforts across more than sixty | languages. We even have a full-time, in-house support group that | interfaces with people who use Signal and provides detailed | technical feedback and real-time troubleshooting information to | every other team. This is an essential function, particularly at | Signal, because we don't collect analytics or telemetry data | about how people are using Signal._ | | -------- | | How many people does it take to perform all that? | | _In total, around 50 full-time employees currently work on | Signal ..._ | | ! | rglullis wrote: | Does anyone else think that this strategy of growing the userbase | with a "free" product and then start panhandling for donations is | outright dishonest? | | There are tons of smaller XMPP or Matrix providers that didn't | get access to millions in funding from these big corporations | like Signal did. Who have to run a business in a way that | requires paying customers from the start. But now that cash is | tight (and _after_ they built a sizable user base) and they can | no longer just outspend the competition, suddenly they remind you | of TANSTAAFL and are asking you to cough up the cash. | | It is the same shitty playbook used by VC-funded companies, | except that is now dressed as some virtuous thing of "looked at | how much it cost to build all this..." It makes some emotional | appeal but it tries to hide from the audience that these costs | are solely due to them insisting on controlling everything. | | If it is so expensive to run Signal, then _open it up_ to let | other people run their own servers instead of trying to control | everything. Don 't give me this bullshit of "we are a non-profit | but we are in the same lane of big tech corporations". You are | there because it served you. You can not have it both ways. | discard124 wrote: | > open it up to let other people run their own servers instead | of trying to control everything. | | If you know of a good open architecture that solves the | problems of spam and impersonation while maintaining the | convenience and ease of use necessary for mass adoption, please | share it. | rglullis wrote: | I could get my parents who are nearing their 70s to use | Element (Matrix) and it took them less than 10 minutes, even | with me asking them to register to a non-default homeserver. | | Screw "convenience". It's a poison pill. "Convenience" should | never be put above "resilience" (not to mention "freedom") in | a value scale. The American obsession with "convenience" is | turning us all into cattle and it's getting harder and harder | to get the rest of society to function without being | controlled by some corporate overlord. | discard124 wrote: | With all due respect, it seems that you have conceded that | a convenient, spam free, open option not only doesn't exist | in practice, but can't in principle. | | That's more than even I believe. I just think nobody in the | OSS space has put the work in to figure it out yet. | | > I could get my parents who are nearing their 70s to use | Element (Matrix) and it took them less than 10 minutes, | even with me asking them to register to a non-default | homeserver. | | Well in that case Element would be the solution we're | looking for, except that not everyone's parents have | someone like you to help them. | | And as for the desire for convenience, it's hard to imagine | you seriously believe that only Americans value convenience | over resilience. If that were true, the rest of the world | would be using Element rather than WhatsApp. | | Simply railing against people's needs doesn't change them. | wolverine876 wrote: | Support for Signal development supports all privacy-oriented | software and systems, because Signal is open source. | | The Signal Protocol already is an industry standard. What other | Signal development - either the components, the code, or the | concepts - are used by others? | contact9879 wrote: | The only issue I'm aware of is that _The Signal Protocol_ is | only really defined in Signal 's GPL'd code. So it's almost | impossible to write a clean room implementation (e.g. Wire | tried and ultimately failed. they ended up also GPL-ing their | library). | wolverine876 wrote: | It's used by many major services, such as WhatsApp. How could | it be that hard to define and implement? | xor25519 wrote: | Given the few fees, what about charging/giving the option to pay | $1/year? Whatsapp had this in practice before they got acquired. | tamimio wrote: | >Privacy | | That's a very bold statement from an app that still requires a | phone number using a broken protocol (gsm) to "verify" your | identity and authenticate it, sim swap attacks can be carried out | by kids these days. Also, don't expect privacy when you are using | a proprietary OS like iOS or one full of Google services that | also have proprietary firmware drivers, they (the adversaries) | don't need to even decrypt these "privacy apps" when it's easier | to access the backdoor-ed OS or hardware, but enjoy the illusion | in the meantime. | contact9879 wrote: | I'm always intrigued by people that have this POV. Security and | privacy are not binary for fucks sake. Improvement on the | status quo is great and Signal improves a hell of a lot. | | Not to mention that half of your comment is non-issues. | dingnuts wrote: | there's a big social cost to trying to get others to use | Signal, and it's not worth it if the advertised features | don't work as advertised.. | | that said I stopped using Signal years ago because of basic | deliverability being less reliable than SMS.. I switched back | to SMS so I could communicate reliably with a loved one | during an emergency when Signal randomly stopped letting me | respond to messages, and I won't pay the social cost twice of | trying to convince contacts to use it after having to abandon | the service when I really needed it. | | Actually between Element and Signal and the differences | between their usability as advertised versus the reality of | using them with non-technical users, I've used up all of my | social capital for convincing people to use "better" networks | and mostly just use SMS/RCS now. | contact9879 wrote: | I understand that. Signal has put in a lot of work since I | started using it fulltime and is much more reliable now | than it was just 2-4 years ago. The only time I've had | issues now is when I'm backpacking in areas with spotty | connection. SMS delivers quicker and is more reliable. | tamimio wrote: | Right, so instead of 20 entities tracking you for example now | you 18.. the false sense of privacy is far more dangerous | than knowing your messages are not private (Like when Tucker | Carlson used Signal thinking it was private to find later all | his messages were not, regardless if it was a bugged app or | an OS, the false sense of privacy is worse, he probably won't | texted those on iMessage for example). Same argument you can | see with "vpn is private and we keep no logs because you can | trust us!" plus it can be defeated with browser | fingerprinting, or paying a hefty price for this "top private | email" provider when the recipient doesn't even use any | privacy settings or anything let alone email as a protocol is | not meant to be private, it's all a business model, and the | gullible buys it, you "have" to trust that Signal server is | not backdoor-ed in real time, and as the old rule in | security, if you can access the physical hardware you can in | theory access anything in there, you don't know the hardware | is used there, is there any memory injection exploit that get | activated after the so called audits? You can't know, you | have to trust that. | contact9879 wrote: | I'm honestly interested in what your solution for private | communication is that will also get mass adoption among | hundreds of millions of users. (And it's definitely not | running your own XMPP server and getting everyone to switch | to Linux phones). | jzb wrote: | I'll probably donate, but I find it annoying that Signal only | offers Linux packages for Debian-based distros. I've had | headaches with the Flatpak. I would think that the Linux desktop | audience - while not huge - would be the most interested in | Signal. That is, might not be a lot of Linux users but | percentage-wise I'd bet more Linux users are interested in Signal | than macOS or Windows users. | | Even an AppImage would be lovely. | NoGravitas wrote: | The Flatpak works fine for me on Fedora, though of course it's | an Electron app, and it periodically has to be re-connected if | I don't use it much. | fourstepper wrote: | Seconded, the Flatpak is the way to go. | zucker42 wrote: | Signal Desktop is available in the Arch repositories. | https://archlinux.org/packages/extra/x86_64/signal-desktop/ | jzb wrote: | That would be very helpful... if I ran Arch. | NorwegianDude wrote: | Paying over 100 USD per 1 TB of data transfer is just stupidly | expensive. That's insane pricing... | godelski wrote: | Just a reminder, many of the places you work will match your | donations. | | Edit: Not sure why people downvoted this. Boss, is that you? I'm | increasing my donation. | Funes- wrote: | P2P alternatives are less convenient (always on to deal with | notifications, adding contacts typically requires extra steps, | etcetera), but the difference in costs is abysmal. In any case, | it's been years since I've tried to make my social circles move | to any of those platforms (Briar, for example). It's a losing | battle. | sneak wrote: | It's somewhat puzzling that Signal doesn't let me donate with | Mobilecoin. | daedalus_j wrote: | Tells you how much faith they have in that "feature".... I'd | love to see some usage numbers on it, and perhaps removal of it | when it turns out the usage is near zero... (Or maybe I'm | totally wrong, which would be interesting too!) | sneak wrote: | If they remove it, it would render several hundred dollars I | have in that wallet inaccessible without extra work on my | part. | | Usage numbers are not possible because Signal doesn't include | spyware in the app. There is no indication which transactions | on chain came from the Signal app or any other app. | rvba wrote: | I always wonder what is the level of safety of Signal fron state | level actors. Signal uses telephone numbers as user IDs + sends | those verification SMS. Also 50 employees? So how many are | monitoring the infaratructure 24/7 (on a side note, a project | with 50 employees is probably still better than those with | thousands - what do those people even do). | | If the data leaks somehow, telephone number as ID sounds very | bad. | coyotespike wrote: | This was the nudge I needed - super easy to donate $5 a month via | the app using Apple Pay. | james_pm wrote: | Same. I'd donated here and there in the past, but I easily get | $7CAD/month of usage and would be sad if it didn't exist. | mikece wrote: | If Signal drops the requirement to have a phone number I'll | support them with money. If they allow me to change the name of a | contact to what makes sense to me, I'll donate again. Follow the | example of Session on this! | conductr wrote: | I'm seeing all the comments about the $6m Twilio expense, but | nothing commenting on how their cost per employee is $380,000 | totaling $19m. I think they could optimize this easier if the | will was there. I know HN is very SV/tech centric, and that | number makes sense there given the run up of VC money, etc. but | I'm willing to bet they could source talent from cheaper places | and slash this in half; if they wanted to. Just an observation, | not my place to tell anyone how to run their business, but for a | nonprofit that is trying to drum up donations to fund their | operations, I'd think they would want to be leaner. | websap wrote: | If you want to hire the best talent - engineering and ethics, | you need to pay top dollar. 380k is senior engineer comp at | most FAANG adjacent companies. It's not a lot. | conductr wrote: | This is SV tech logic that I mentioned. I'm just not usually | of the opinion it's necessary. There's a lot of talent around | the world. And I'd guess only a few really "top talent" folks | are needed to build the unusual problems/cryptographic parts | of their app. A lot of it could likely be build by an average | dev with some oversight. | | I say this as a person that regularly and successfully hires | devs from low COL areas. I know the common pitfalls of it and | know it's completely possible to manage and get high quality | outcomes. It requires a management approach that's slightly | different than having 100% top tier talent from high COL | areas but it's possible all the same. | wg0 wrote: | Craftsmen's compensation is a non negotiable matter IMHO. | | It's not someone's fault if they happen to live in a particular | economic climate. | | The real root cause isn't the engineering or infrastructure | cost. | | It is about people paying their fair share myself included. | 0xjmp wrote: | This idea that an equivalent level of talent to SV is readily | available in Indiana or Costa Rica for cheaper pay is deeply | flawed. | pzo wrote: | OP didn't mentioned to slash salaries just by half not by | 75%. Most IT people in western countries in Europe are not | making even 200k per year. Even in London is hard to get 120k | unless you maybe working as a contractor. | | A lot of those SV talents are not american but migrated from | europe or elsewhere - there are still talented people in EU | who just simply don't want to move to USA these days even if | salaries are at least 2x. You wouldn't have a problem finding | real talent in eastern europe for 150k. | bzbz wrote: | This number includes taxes, benefits, etc, not just raw salary. | | Notably Signal employees do not get equity, so the salary must | be higher to remain competitive. | | Signal is probably the hardest class of product to build. Name | an optimization/distributed systems problem, they probably have | it. And quite literally, a Signal bug could jeopardize an | activist/journalist's life. | | So for a <$200k salary and no equity, how many world-class | engineers do you think you could hire? | | I simply wouldn't trust the product, if it had mediocre | engineers. | benreesman wrote: | It grinds my gears when people on a hacker forum lobby for | hackers to make less. | | When it's people who are running a worldwide communications | network on the cheap without getting hacked all the time? | Absolute pros. | | I don't downvote, let alone flag, but I hate this comment. | mlboss wrote: | Think from the perspective of the non profit. $19m/year is a | lot of money to raise year after year from donations. | | What's the game plan if the donations stops coming in ? | melbourne_mat wrote: | Silicon Valley is not the only place to find engineers who | know what they're doing. Some of us want to stay in our home | country and/or don't want to jump through the hoops that | American tech companies demand. | conductr wrote: | Well I don't get paid to hack, it's a hobby and sometimes I'm | and entrepreneur so I don't have the same bias as thinking | all devs should be making $500k+. I actually think of cost | controls and how to build more with less, so kind of polar | opposite motives. | | Cheap is also a relative concept. I have a guy on full time | that I pay $1500 a month. It's more than twice than he's ever | made in his life and he's an excellent dev. If I needed to, I | could find 50 more like him. Sure if I was FAANG scale trying | to hire 30,000 of these people it might get tough. But, I | could probably create an entire training program and just | apprentice people for less than they paid new grads out of | 2-4 schools they normally hire from. | drapado wrote: | Are you the same kind of people that think that NGO workers | should work for free or for a small wage that is not | representative of the market wage for their positions? | conductr wrote: | No, I'm the type of person who thinks tech salaries are | bloated in certain areas and certain companies and that does | not follow the distribution of talent. It's followed the | distribution of VC money and profits of large companies. The | evidence of such is that the median software engineer in the | US is in the low-mid $100s (depending on what source I want | to believe it's $110k-$140k). But I also believe that same | talent can be sourced outside the US is many cases and for | far less expense. | | I also view most apps/tech as not very novel. It's largely | the same engineering "problems" that are known and well | documented. A lot of it can be done by average developers and | "top tier" talent isn't usually needed other than probably | the cryptographic components in Signal's case. Scale is | certainly a concern, but that is a familiar problem that's | has a lot of documentation solutions and approaches. | | I could be wrong. Maybe they're already doing this and it | just happens most of their expense is going to a couple high | paid execs. Could be that I'm underestimating the complexity | as well. But I find my statements to be true in many cases. I | can even point to the number of times I've talked to | consultants and top tier devs about building things for me. | What they would charge $1m for I can often piece together for | less than $50k by hiring a few folks in low COL areas and | then just spending a little effort refactoring their code to | be as pretty as I like it to be; sometimes I outsource that | too but the point is having a whole company of top tier | talent isn't usually necessary, it's a choice. Just like | believing that top tier talent only exists in the high cost | tech hub cities is a choice more so than the truth. | legohead wrote: | I interviewed at Signal for a senior developer. They do not pay | well. I didn't even get past the phone interview because they | were nowhere near my range. No idea where the $380k comes from, | executives maybe? | vizzah wrote: | $6 million per year on outgoing SMS? Do not send SMS to users, | make users send SMS to you instead to confirm their numbers! I | have this solution for years and it works >90% of the time. The | rest 10% is calling a verification number which drops calls with | busy signal (no fees for the caller) but sees who is calling and | is able to verify their number. | illiac786 wrote: | Significantly less secure. Faking the sending number is much | easier than hacking SS7 and getting SMS routed to you which are | not destined to you (which is also doable but require an order | of magnitude more skills and ressources in my view). | nickff wrote: | This is correct; anyone with relatively basic knowledge of | VOIP can spoof any number (and CID name) they want. | costco wrote: | I don't think ANI is spoofable in practice. But that | requires a toll-free number which costs money per minute. | johndoe18637 wrote: | It would be great if Signal wouldn't require a phone number for | account setup at all | illiac786 wrote: | this is in testing and coming to you early next year. | traviswt wrote: | Would invites be a solution? Anyone can sign up if they | provide a number, otherwise you need an invite from someone | with a number linked. It would clump the | identity/legitimacy for all invitees into origin number, | but still allow disparate accounts. | novok wrote: | It's not about legitimacy but having a bootstrapped | contact list to talk to along with other user friction | reasons | serial_dev wrote: | In that case it doesn't make sense to make it required. | | Sure, I don't mind if they ask for my phone number if | they think that's a better default onboarding flow, but | allow users to bypass it. | | With all that said, I don't think it's really only about | user friction. | dheera wrote: | Or just kill SMS entirely. SMS is old tech from the 1990s. We | have better things now, like e-mail over LTE/5G, that work | across countries, across devices (whoa!), across providers, | across SIM cards (wow!) allow more than 140 characters (wow | wow!), and allows easy-to-remember alphanumeric identifiers for | user ids (wow wow wow is this the future!). I hate SMS | confirmations, I don't want to use my phone number as a | username, and I will most certainly never donate to an | organization that is using my donations to pay for stupid SMS | texts after e-mail was invented. | pmlnr wrote: | > We have better things now, like e-mail. | | Funny how email, being from the 70s, is actually better. | walteweiss wrote: | It's so well written so long post, I afraid I well never read it | as carefully. Tonight I'm too tired to delve into its depths. | Tomorrow I won't remember, possibly. And the day after that I | won't remember for sure. | | Sorry everyone for this off-topic, I just think it's needed to be | addressed, but I have no idea what to do here. | pizzafeelsright wrote: | Quit using SMS and phone numbers. | | How hard would it be to use a different signal server? | terminatornet wrote: | appreciate their transparency, but boy do their devs make a lot | of money. their 2 highest paid engineers make around $750k USD | yearly. I guess if that's competitive good for them, I'm mostly | jealous. | | https://projects.propublica.org/nonprofits/organizations/824... | DavidSJ wrote: | Personally, I refuse to financially support Signal so long as | they're still holding my chat logs hostage on my old iPhone and | seem not at all concerned about solving this problem, which has | existed for years. | | There was (and still is, so far as I know) no upfront warning to | users that if they don't first sync with a desktop client, and | their phone gets lost or stolen, their iTunes backups do not | (unlike most iPhone applications) contain their Signal chats. And | furthermore, there's no way to export those chats in backup | format from an old phone. | | (You can _transfer_ , but the transfer deletes the data from the | original source, which is extremely foolish and dangerous IMO, | and anyways isn't a proper export accessible from other | applications. Furthermore, so far as I know there's no support | for transferring from very old versions of the Signal client.) | | This has been a critical bug for years [1], it's one of the most | complained about issues, and Signal has done (and intends to do) | absolutely nothing to fix it. It is absolutely unacceptable to | have our own data held hostage by them in this way, especially | without any upfront warning. | | [1] https://community.signalusers.org/t/ios-backup-keeping- | messa... | bhtru wrote: | Interesting, I always saw this as a deliberate feature aligned | with what I first came across Signal for (sensitive | communications between trusted parties that may need wiping at | a moment's notice). If a journo reporting in a less than | hospitable regime had their phone confiscated then they need | not worry about their chat logs compromising them. | DavidSJ wrote: | Sorry, how is this any safer for the journalist? If their | phone is compromised in a way such that someone can login and | control their Signal app, their chat logs are already | compromised. I'm just saying there should be the ability to | export those logs once you've logged in. | | But if they don't want to provide that, then: | | 1) Why does the Android app support this? | | 2) They should warn users of this BEFORE holding their data | hostage, and not market Signal like it's the right solution | for everyone. | marssaxman wrote: | Perhaps Signal is not the right choice for you? It seems odd to | be so concerned about data retention from a system which | prominently features support for disappearing messages! | DavidSJ wrote: | I expect messages to disappear when I turn on disappearing | messages and not when I don't turn them on. | | But yes, I agree it's not the right choice for me and many | others who want to have full ownership over our data, and | they should make that clear in advance. | kortex wrote: | > But yes, I agree it's not the right choice for me and | many others who want to have full ownership over our data, | | The whole _point_ of Signal is you have full ownership of | your data. You said you can _transfer_ the data to another | device, right? I get that inability to export cleanly is an | annoying bug, but technically you have full control over | your data the whole time. It seems to me that it 's easier | to guarantee no one else can get your data (at the expense | of data export friction), than it is to provide "do | anything you might want with your data" while still | guaranteeing privacy. | DavidSJ wrote: | Being able to transfer to another copy of the same app, | but not to a different app, and being forced to delete | the original data in the process, is not ownership of | your data. | thefz wrote: | > It is absolutely unacceptable to have our own data held | hostage by them | | Most likely this is just one of the walls of the walled garden. | daedalus_j wrote: | I completely agree with you, even though the situation is at | least a tad better on the Android side... However, it's worth | noting that Signal seems to consider this a feature and not a | bug. | | I hate that. I use signal to chat with my friends. We trade | pictures of our cats. I am not a whistleblower who needs my | data deleted instantly for safety. I provide the noise that | acts as cover for those people. And I would have a _LOT_ easier | time bringing onto the network if they were able to keep that | chat history. (I take a backup on Android and export it and | clean my Signal install periodically because it gets large and | starts taking up too much space on my device.) | | I love Signal. I want it to succeed. I think they have a little | bit of problem understanding who their users actually are | though, or perhaps just a disconnect with telling us who the | users they _want_ to have are... | codethief wrote: | Maybe I'm the only one here but this so-called "transparency" in | the form of a single blog post doesn't instill much trust in me. | I have been an avid Signal user since the TextSecure days and | still recommend Signal over any other messenger. However: | | - There were times (e.g. during the introduction of MobileCoin) | when the Github repositories hadn't seen any update for months, | while they were still releasing new app versions on a regular | basis. Heck, last time I checked there were not even public | changelogs for any of the apps. Calling Signal "open-source" is a | stretch at best. | | - The Signal team time and again has failed to react to criticism | of the usage of Intel SGX, or of how they completely messed up | the introduction of the Signal PIN. And let's not talk about | MobileCoin. Yes, being "open-source" or "nonprofit" doesn't imply | they need to ask their users for permission or respond to every | complaint. However, a minimum amount of openness and debating | critical features in public would go a long way here. | | - I would like to see some transparency regarding the overall | foundation and corporate structure, beyond just silently filing | form 990 years with significant delay. For instance, it seems | Brian Acton can elect and dissolve the entire board just by | himself[0, 1]? | | Long story short, before donating to Signal I'd like to see a | _proper_ and _continuous_ commitment to transparency, not just a | once-in-time blog post. | | [0]: (German) https://www.spektrum.de/news/mythos-signal-licht- | und-schatte... | | [1]: | https://projects.propublica.org/nonprofits/organizations/824... | yankput wrote: | Didn't they do some sort of cryptocurrency thing. How is that | going? | | edit: it was called MobileCoin right | | edit2: they do | | https://support.signal.org/hc/en-us/articles/360057625692-In... | | is that generating any revenue? | asymmetric wrote: | I have held off donating to signal so far exactly because there | is no clarity around this token, why it was even added to | signal and who profited from that. | pushcx wrote: | And they stopped updating the server code repo for a year, | apparently to hide the launch of this token: | https://news.ycombinator.com/item?id=26725915 | | I don't think they ever confirmed that this was why they | stopped updating, or did a postmortem on how poorly that | launch went. I vaguely recall there was also an unexplained | spike in MobileCoin trading shortly before the public launch | that looked quite a bit like insider trading, though right | now the stories I can turn up about it here are about | similarly disconcerting and unexplained issues in its | provenance: https://hn.algolia.com/?dateRange=all&page=0&pref | ix=true&que... | | It's hard to take this fundraising plea seriously when this | financial disaster is never even mentioned. I hope I've just | missed whatever Signal has done to try to repair trust after | the, but the fact that they haven't even removed it from the | app is not promising. Can anyone share updates? | jmprspret wrote: | Probably not much at all. Thankfully they didn't shove it down | user's throats - its kinda hidden behind a setting. I guess if | they did push it harder to users it may have generated more | revenue, at the cost of users who won't put up with | cryptocurrency rubbish. | thewanderer1983 wrote: | People should be aware that Signal may be able to provide good | e2ee and methods to make reading your messages or calls a | challenge, they don't do to enough to obfuscate. Therefore | censors can identify who is using signal and even block it. | https://github.com/net4people/bbs/issues/63 | | Privacy tools can make you stand out. Unless methods are used to | obfuscate your data. | gloosx wrote: | I admire Signal and everything they do. Basically Software-as- | Charity, for the greater cause. Now knowing this charity is | actually millions drives me nuts. I hope the less expensive | solution can be achieved in decentralization of the whole thing. | Im sure it is possible to sustain it ourselves as a public | service forever if everyone involved will have to pay with his | personal computing resource - just like we are able to sustain | decentralized finance now. And of course - the idea of a phone | number as identity is very much flawed and unsustainable on | itself, hopefully Signal team will be able to break through this | problem as well | ponymontana wrote: | give the option to sign in without phone number paying a fee in | bitcoin (sats on lightning network would be the perfect fit) | would solve a lot of economic and privacy problems. Also dont | waste money on phds post-quantum bullshits would be great. | lrvick wrote: | Signal is centralized, expensive, and desperate. | | It results in decisions like this: | | 1. MobileCoin premines 250m coins | | 2. Moxie is paid for being on their board | | 3. Moxie directs non-profit Signal to integrate MobileCoin | | 4. MobileCoin offers 50% of their premine for sale. | | 5. Signal/Mobilecoin news spikes price to $60 | | This is why we need decentralization. | yandrypozo wrote: | I thought this was an article explaining how they move out of the | cloud and saved millions using bare metal servers. | devit wrote: | These costs seem absurd. | | For instance, 1.3$ million per year for storage??? Apparently, | they have 40 million users, so 1 MB per user (seems reasonable | for Signal) means 40TB. You can buy a 4TB SSD for $200, which | means you need $2000 one-time for 1MB per user. | | How they get from $2000 to 1.3$ million is a mystery. | | As for SMS registration, if they are spending 6 million, maybe | they should find some way of doing it for free, e.g. Google might | be offering it with Firebase, Twitter used to have it, etc. It's | not great for privacy, but if they care about that they should | just stop using phone numbers. | | Routing video calls through a server to obscure IP address seems | totally pointless while you are revealing the phone number | anyway. And again there might be a way to do this for free, e.g. | perhaps using one of free WebRTC STUN/TURN servers that e.g. | Google seems to run. | | As for bandwidth, a very conservative estimate seems 100 MB per | month for each of 40 million users, giving 4 PB per month (though | I guess the real usage is 1/10 that at most). Hetzner charges | $1/TB, so that gives $4000 per month or $40k per year, | overestimated. | | Again a mystery how they get from $40k per month to $2.7 million. | | Maybe the problem is that they use AWS/GCP/Azure/etc.? They have | to be real idiots to use them since everyone knows they are | insanely overpriced and should never be used unless a large | corporation or deep-pocketed investors are footing the bills or | they is no other possible solution. | | Perhaps they need to consider stopping dumping money down the | drain before asking for donations. | all2 wrote: | Did they also add their cost of dev, admin, etc. into the | calculation? This could have a big impact as well. | heyoni wrote: | Yes like paying 30$ for Tylenol in a hospital. You didn't pay | that much for the pill but for a nurse to enter that you need | that into a schedule and then actually deliver it to you. | spandrew wrote: | I'm starting to suspect there's more to securely stowing user | data than throwing it on a bunch of 4TB SSDs! | k_bx wrote: | Sorry, how does 1 mb per user seem reasonable? I'm sending tons | of videos, documents and pictures, probably beyond a gigabyte | daily. Just one video is like 40Mb. 1Mb assumption seems absurd | tobinfricke wrote: | It's not stored on the server, except perhaps transiently. | ghosty141 wrote: | 1MB per User? People share tons of pictures and videos, I'd | guess that the average is more in the 0.5 to 2GB range. | devit wrote: | I assume they only need to store it between the time it is | sent and the time it is received by the recipient. | | Maybe the problem is that the Signal app doesn't eagerly | download messages upon notification? They should start doing | that given the money issues. | rbut wrote: | If you only have the phone app then yes they are instantly | downloaded and removed from their servers. | | But if you have Desktop client(s) registered, then they | need to hold onto those messages until you open your | client(s). | | That is why they have a 30 day login limit on Desktop | clients. If they didn't they'd potentially have to hold | onto messages forever. | | https://github.com/signalapp/Signal-Desktop/issues/4730 | https://community.signalusers.org/t/dont-unlink-devices- | afte... | 3836293648 wrote: | Signal doesn't save history so at any given time most users | use 0 storage | tekla wrote: | 1mb per user? What is this 1992? | wmfiv wrote: | Was this intended as satire? I honestly can't tell. | resonantjacket5 wrote: | I think it's satire? Or perhaps they didn't know one can send | pictures and videos on Signal and assumed it was only text. | devit wrote: | Hmm, no? | | Photos are generally <1MB in size and I think have a single | photo sent but not received on average per user seems | reasonable (most users probably almost never use Signal, | and of those that do probably most only use text, and those | that use photos probably most don't send more than one or a | few per day). | | Videos are probably relatively rare and if not maybe they | should do something about them, like not storing overly | large ones them on servers and requiring both phones to be | online to transfer. | | There's a 500x margin between the estimate and their costs | anyway. | nojvek wrote: | Surely 1MB/user for the whole year is more than enough. | | It's in the realm of "64KB of RAM should be more than enough | for any computer" | spullara wrote: | Worked for me. $10/month seems reasonable. | kjhdfgkjhdfkgj wrote: | > Another $19 million a year or so out of Signal's budget pays | for its staff. Signal now employs about 50 people | | Yeah, not getting any donations from me. ___________________________________________________________________ (page generated 2023-11-16 23:00 UTC)