[HN Gopher] Privacy is priceless, but Signal is expensive
___________________________________________________________________
Privacy is priceless, but Signal is expensive
Author : mikece
Score : 661 points
Date : 2023-11-16 16:18 UTC (6 hours ago)
(HTM) web link (signal.org)
(TXT) w3m dump (signal.org)
| Dunedan wrote:
| > Storage: $1.3 million dollars per year.
|
| > Servers: $2.9 million dollars per year.
|
| > Registration Fees: $6 million dollars per year.
|
| > Total Bandwidth: $2.8 million dollars per year.
|
| > Additional Services: $700,000 dollars per year.
|
| Signal pays more for delivering verification SMS during sign-up,
| than for all other infrastructure (except traffic) combined. Wow,
| that sounds excessive.
| bilal4hmed wrote:
| is there any way they can reduce that cost?
| java-man wrote:
| Yeah, decouple Signal user identity from the phone number.
| tapoxi wrote:
| This will probably never happen. One of the reasons
| WhatsApp blew up is because using a phone number as your
| source of identification means there's much less friction
| in the signup flow. No username/password to create and your
| social graph is already there in your contact list.
|
| My mom was able to get our entire extended family on Signal
| without my involvement, which is a testament to how easy
| that is.
| yjftsjthsd-h wrote:
| They're already working on it:
| https://www.bleepingcomputer.com/news/software/signal-
| tests-...
|
| Not whether that's a good idea is more debatable; you're
| not wrong about discoverability.
| tapoxi wrote:
| Those are in addition to the phone number, but it will
| still require a phone number under the hood.
| yjftsjthsd-h wrote:
| In the short term it will, and quite possibly in a long-
| term also, but if you were going to fully make phone
| numbers optional, I'm pretty sure this is the first step
| you would take. At the very least it sure looks like
| they're starting to build the possibility.
| GuB-42 wrote:
| They also blew up because it was also quite decent SMS
| app, so you just had to install Signal and use it instead
| of your default SMS app. All your messages are there, you
| can continue to communicate exactly like you did before,
| except that now, if the other person also has Signal,
| your messages are encrypted.
|
| They stopped doing that (and I uninstalled Signal as a
| result), so they can also stop with the phone number
| thing, in fact, it would make more sense than with the
| current situation where Signal needs a phone number but
| doesn't use it (except for registration). I could even
| reinstall Signal if they do this.
| panarky wrote:
| Why not both?
|
| If I want discoverability, let me provide my phone
| number.
|
| If I want privacy, just assign a random identifier.
| lxgr wrote:
| Nobody is demanding them to stop supporting phone numbers
| as identifiers/verification methods.
|
| I'm not mad at all if somebody prefers using their phone
| number and not having a password for a service - just
| give me the option to use my email address and/or a
| username.
|
| There are too many "phone number only" services out there
| these days.
| tapoxi wrote:
| Usernames are currently available in beta, the post I was
| replying to wondered if SMS verification could be removed
| because it's expensive.
| xhkkffbf wrote:
| Which might be said to increase privacy. I suppose there's
| something to the point about combating spam. But surely
| there are other ways to do this, right?
| smt88 wrote:
| Getting rid of phone numbers would make anonymity easier,
| but it wouldn't affect privacy. Signal is explicitly
| private but not anonymous.
|
| In most countries, you can get an anonymous phone number
| anyway.
| j45 wrote:
| Phone numbers are the easiest login for people, especially
| in a world where not everyone has an email address.
|
| I know this will invite comments about usernames. I would
| like usernames a lot too.
| lxgr wrote:
| If only it was possible for a service to support both!
| i67vw3 wrote:
| Send them via whatsapp. A lot of online services give an
| option to send OTP via whatsapp along with SMS/Email.
| lxgr wrote:
| As far as I understand, this is even more expensive than
| SMS in many cases due to WhatsApp's B2C messaging fee
| structure.
|
| It's also not a great idea to make sign-ups for an instant
| messaging service contingent on having an account with
| another, competing service.
| blakesterz wrote:
| Twitter said that's why they got rid of the SMS 2FA. They said
| it was costing millions to have that enabled for them.
|
| https://www.cnn.com/2023/02/18/business/twitter-blue-two-fac...
| chimeracoder wrote:
| > Twitter said that's why they got rid of the SMS 2FA. They
| said it was costing millions to have that enabled for them.
|
| Previous Twitter employees have said that this is incorrect.
| Because Twitter began as an SMS-only (and then SMS-first)
| application (remember 40404?), they very early on established
| direct-connection infrastructure for sending SMS, meaning
| that they have a marginal cost of literally $0.00/message in
| most markets. Twitter still has to maintain that
| infrastructure, because they didn't get rid of SMS 2FA - they
| just restricted it to Twitter Blue users, so the overhead is
| still the same.
|
| Almost nobody else who delivers SMS today has that
| infrastructure, because it doesn't make sense for most
| services to build.
|
| The only place where Twitter was paying significant amounts
| for SMS was due to SMS pump schemes, which is a consequence
| of Twitter gutting its anti-spam detection, resulting in them
| paying for SMS pumping which was previously blocked.
| hn_throwaway_99 wrote:
| > they very early on established direct-connection
| infrastructure for sending SMS, meaning that they have a
| marginal cost of literally $0.00/message in most markets.
|
| I am very, very interested to understand how that works,
| because without more detail or sources I'm calling
| bullshit. I definitely understand how Twitter could have
| greatly reduced their per-message fee with telecom
| providers, but at the end of the day Twitter is _not_ a
| telecom and is still at the mercy of whoever is that "last
| mile" for actually delivering the SMS to your phone, so I
| don't understand how they have no marginal cost here. Happy
| to be proven wrong.
| dghlsakjg wrote:
| Not who you are responding to, but my guess is that it
| was all fixed costs. They spend $20mm (or whatever) to
| maintain access, and maintain infrastructure and they get
| to send as many SMS messages as they want.
|
| So sending 1 costs the same as sending a 10 million. It
| isn't that they are free to send, its that they are
| charged for access to the system, but aren't charged per
| message.
| lxgr wrote:
| > spend $20mm (or whatever) to maintain access, and
| maintain infrastructure and they get to send as many SMS
| messages as they want.
|
| This is not how SMS pricing works in many, if not, most
| countries.
| dghlsakjg wrote:
| Is that true at scale? If I tell the telecoms that I want
| to send a billion messages per year it seems like they
| might be willing to take a lump sum instead of setting up
| the systems to bill based on usage.
|
| I have no experience directly with foreign telecoms, so I
| was simply explaining how something with no marginal cost
| could still be a very expensive system.
| nerdbert wrote:
| I don't know of countries that mandate a minimum price.
| If you are doing high volume you are free to work
| directly with carriers. If you are drawing as much
| billable traffic as you are sending, then that could even
| be a wash.
| toast0 wrote:
| Carriers that run their own messaging infrastructure can
| allow for direct connections from 3rd parties, and set
| the price per message to whatever they want, including
| zero.
|
| For something like Twitter where you could post by SMS,
| the balance of traffic might have been such that giving
| Twitter free outbound SMS was balanced by the charges
| incurred by customers sending to Twitter's shortcode. Or
| it might just be balanced by increased customer happiness
| when they can use the product more effectively.
|
| If the carrier doesn't run their own messaging infra,
| they might be paying their IT provider on a per message
| basis, and might not be able or willing to set the
| messaging rate to zero.
|
| For a use case where SMS is used to show control of a
| phone number, getting a zero cost direct route is a
| harder sell, but it can happen if the routing through
| aggregators is poor and the carrier is concerned about
| that, or if there's some other larger agreement in play.
| peanut-walrus wrote:
| If you require global connectivity, managing hundreds of
| carrier APIs, contracts, etc seems like major overhead.
| Also, there are companies whose only purpose for existing
| is providing messaging, like Twilio, are they just...not
| doing this or do the carriers just not play ball? In that
| case, why would the carriers agree to sell to you at a
| discount?
| toast0 wrote:
| Aggregators do some of this, and they can negotiate
| pricing to some degree, but a carrier is unlikely to
| intentionally give them zero cost traffic, and even if
| they do, they're not going to pass that through at zero
| cost.
|
| I ran the engineering side of carrier integrations at
| WhatsApp. Carriers wanted to sell data plans with special
| pricing for data with WA and use WA branding in
| advertising, because it attracted customers that might
| later convert to a bigger general purpose data plan. As
| part of that, we would ask for zero rated SMS to their
| customers for verification. When it was available, it was
| generally faster and higher success vs sending messages
| through an aggregator.
|
| We also had some, usually small, carriers approach us
| asking us to set up direct routes to them for
| verification, because their customers would not always
| receive our messages when we sent through an aggregator.
| Early in my career at WA, we would just send these
| carriers to our aggregator contacts, and often things
| would get linked up and then we'd still pay $/message but
| it would work better. As we got a little bigger and built
| support for direct routes anyway, it was usually not too
| hard to set up a direct connection and then there'd be no
| cost for that carrier. Messing around with IPSEC VPNs and
| SMPP isn't fun and the GSMA SOAP messaging APIs are way
| worse, but once you get the first couple implementations
| done, it becomes cookie cutter (and FB had built way
| better tools for this, and a 24/7 support team, so I
| never had to be up, on the phone with telco peeps at 3 am
| kicking racoon or whatever ipsec daemon we were running
| until it finally connected)
| hn_throwaway_99 wrote:
| Thanks very much for sharing your experience and detail!
| This kind of info is what I was looking for and is super
| helpful.
| baby wrote:
| I really wonder why it's so expensive to run. I always hear
| things about scaling but I used to run a top 500 alexia website
| and it was just a php app running on a mutualized offer for
| $5/month. Lots of manual caching though but still.
|
| My wild guess is that either the stack is not really optimal
| (last I heard it was java) or they do other costly things at
| scale (sgx?)
| suriyaG wrote:
| I guess, then the question is how real time was the website.
| Was it as real time as supporting, instant messaging,
| voice/video calls etc
| baby wrote:
| Oh I forgot that signal is not just about forwarding
| messages. I'm wondering how much the VOIP costs.
| AlecSchueler wrote:
| Don't forget media!
| zimpenfish wrote:
| FTA: "Signal spends around $2.8 million dollars per year
| on bandwidth to support sending messages and files (such
| as photos, videos, voice notes, documents, etc.) and to
| enable voice and video calls."
| willsmith72 wrote:
| how is that in any way comparable? it's not about java vs php
| mi_lk wrote:
| > the stack is not really optimal (last I heard it was java)
|
| how's java relevant here?
| hotnfresh wrote:
| Java in theory and in synthetic benchmarks: damn near as
| lean and mean as C.
|
| Every actual Java project: "oh, did you want that memory
| and those cycles for something else? Yeah, sorry, I need
| them all. Why no, I'm _not_ actually doing anything right
| now, why do you ask?"
| belltaco wrote:
| 100% true in my experience. Literally anything else is
| far better when it comes to bloat, including C#, RoR etc.
|
| Increasing the Java heap size just makes it so that when
| garbage collection eventually hits, it causes an even
| more massive slowdown across the entire application.
| callalex wrote:
| In this case we don't need to speculate at all. Signal is
| open source. Back when I was at Twilio we even did some
| at-scale experiments with running Signal. The intensive
| parts have absolutely nothing to do with Java because the
| server logic is relatively simple. The hard parts of
| Signal are the database storage/retrieval and the
| encryption.
| j45 wrote:
| Java is likely the most optimized part of the stack.
|
| Many startups move up to the jam when there is little else
| that has optimized performance and efficiency like the jvm
| for 20-30 years.
|
| Of courses this is a moot conversation if you've never used
| Java at scale. Apple and others are Java houses.
| bombcar wrote:
| Java is entirely performant if you treat it right, and many
| of the problems with GC in J8 are fixed in later versions.
|
| You can push Java _very_ far.
|
| Of course you can also write horribly ugly code in it.
| dexwiz wrote:
| You can't send an sms yourself like you can an email. Instead
| of setting up a server, you have to work with a telco
| provider (an aggregator specifically). Any SMS service
| eventually hands off to one of these. Many SaaS SMS providers
| are just frontends for legacy telco services. They charge
| insane fees because they can, that is all there is to it.
|
| Sending mass email is still difficult. Its probably easier to
| pay a provider than set up and establish reputation for
| yourself. But they don't charge near the rates. Last time I
| compared rates it was something like 10x-100x to send an sms
| compared to an email, but it has been a while.
| bombcar wrote:
| Maybe they should flip it on its head - get a thousand? Ten
| thousand? numbers that can _accept_ SMS and tell people to
| "text 473843 to this number" to verify.
| lxgr wrote:
| That's in fact how iMessage does phone number
| verification. It works really poorly internationally.
| dexwiz wrote:
| It's usually even more expensive to support receiving
| messages than sending them, beyond keywords like
| Unsubscribe. If you want any sort of threading its going
| to be extra. Also its extra for dedicated shortcodes.
| When you get an SMS from a random shortcode, there might
| be multiple companies using that code, but they mix the
| pools enough that its unlikely you will receive two
| messages from two companies from the same code. Also
| shortcodes are usually country/region locked. So if you
| want to international support, you need to buy shortcodes
| in multiple regions, and different regions have different
| telco laws. On top of that, provisioning is very manual
| compared to the modern cloud.
|
| I supported a marketing platform for a while, and it was
| so much easier to send an email than an sms.
| toast0 wrote:
| SMS sender isn't generally something you can trust. If
| you get the SMS directly from the carrier that's
| responsible for the number, and you have reason to trust
| their SMS sending to verify the sender, then yes. But in
| countries with number portability, you still need to pay
| to lookup the carrier responsible for a number.
|
| And you'll need to maintain ingress numbers in all the
| countries you support, and maybe numbers per carrier,
| depending, and you'll need to tell the user the right
| number to text to ... it's a lot, and it might not work
| well or might not save much money.
| rezonant wrote:
| > Many SaaS SMS providers are just frontends for legacy
| telco services.
|
| I worked on an automated SMS marketing system back in the
| day so I have seen this in action, at scale. This would be
| stuff like "text LAKERS to 12345 for Lakers updates"- we
| didn't handle the Lakers but we did handle many sports
| teams. Though I wasn't privvy to the financial side, I got
| the sense that the per-text cost ended up being manageable
| at scale, but this is because we were one organization who
| would apply the rules onto our own customers, and if we
| failed to do so properly we risked losing the interconnects
| to the various carriers. We typically used a single
| contracted "aggregator" service which provided a unified
| API for the carriers. When I left, we were using
| OpenMarket.
|
| When you have a self-service SaaS offering such as Twilio,
| the per-text costs are going to go up because the barriers
| for sending unwanted texts (or fail to follow the rest of
| the rules mandated by the TCPA) is so much lower, and
| Twilio has to address that organizationally which adds
| cost.
|
| Additionally, Twilio does not purchase short codes (ie
| 12345) which means its harder for the carriers to track bad
| behavior across their network. There is an initial cost
| (fairly high) to acquiring a short code, though you can
| also share short codes across customers in some cases.
| Acquiring a single short code and sending all messages from
| that short code would likely reduce costs.
|
| I would love to see more detail from Signal about what sort
| of SMS interconnection they are using, because directly
| connecting with an aggregator instead of a SaaS offering
| (if they haven't already) could save a lot of money, and
| they are definitely at the scale that would allow for it.
| And given that they only use it for account verification
| and are a non-profit, it seems likely they could get a good
| deal since the risk of TCPA violations is effectively zero.
| dexwiz wrote:
| Yeah, aggregator is a very industry specific term, so I
| just merged into teclo provider. But yeah, all the issues
| with short codes, national laws, and reputation, makes it
| very complex. I worked at a company like Twillio that had
| contracts with different aggregators across the world,
| and sold a platform to manage SMS interactions. They
| added a layer to make ensure customers respected opt-out
| keywords, or opt-in for specific countries, so it would
| help manage TCPA (and other) violations. I imagine this
| helped keep costs down. We would definitely fire
| customers for trying to get around the safeguards.
|
| I was on the support side, so I just saw when it went
| wrong, which was a lot.
| toast0 wrote:
| > Additionally, Twilio does not purchase short codes (ie
| 12345) which means its harder for the carriers to track
| bad behavior across their network. There is an initial
| cost (fairly high) to acquiring a short code, though you
| can also share short codes across customers in some
| cases. Acquiring a single short code and sending all
| messages from that short code would likely reduce costs.
|
| Twilio offers short codes, but short codes are country
| specific, and the costs for sending to the US are low
| anyway < ~ $0.01/message for most services, lower with
| volume; IIRC, short code messaging costs were half, but
| then you've got some overseas destinations where it's
| $0.10/message and that's real money.
| RunSet wrote:
| I did my part to help reduce costs by switching to the
| decentralized alternative, Session.[0]
|
| Bonus: Session does not demand users' phone number. Also no
| bundled cryptocurrency.[1]
|
| [0] https://getsession.org/
|
| [1] https://www.stephendiehl.com/blog/signal.html
| bsilvereagle wrote:
| > Also no bundled cryptocurrency.[1]
|
| It seems like Session relies on Oxen's network, so while
| there is no inherent coin it is blockchain backed.
|
| > Session's onion routing system, known as onion requests,
| uses Oxen's network of Oxen Service Nodes, which also power
| the $OXEN cryptocurrency. Check out Oxen.io to find more
| information on the tech behind Session's onion routing.
|
| https://getsession.org/faq#onion-routing
| pluto_modadic wrote:
| Session depends on the Loki blockchain, so I dispute point 1.
| RunSet wrote:
| I don't consider Session to "bundle" the Loki blockchain or
| the Oxen network in any sense.
|
| Here is more information about what I meant when I used the
| term "bundled".
|
| https://www.techopedia.com/definition/4240/bundled-software
| xkcd-sucks wrote:
| Cool, glad to hear about this - However, it is still
| _coupled_ to a cryptocurrency (https://oxen.io/) even if not
| bundled wechat-style
| itstaipan wrote:
| I think simpleX[0] is a better choice at this point with all
| the recent issues around oxen: not coupled to any crypto, no
| user ids, can host your own servers if need be, etc
|
| [0] https://simplex.chat/
| TacticalCoder wrote:
| And as a bonus Session has the best line ever: _" Send
| (encrypted) Messages, not metadata"_.
|
| They've given Signal quite the fork.
| jawns wrote:
| Phone numbers have become the de facto version of "Internet
| stamps" for identity verification.
|
| They are near-ubiquitous on a per-user level, but hard to
| accumulate without significant cost. (Unlike email addresses.)
|
| But the down side is that phone verification tends to be on a
| per-service level. So, for instance, Signal incurs these costs
| when they verify their users, and every other service incurs
| these same costs when they verify _their_ users.
|
| There are a number of businesses out there that are trying to
| act as clearinghouses, where they verify the users once, then
| allow the users' verified profiles to be confirmed by multiple
| services.
|
| I wonder if any of those could be used to reduce these
| "registration" costs.
| supriyo-biswas wrote:
| Phone number verification is used to verify the user's
| registration intent, so not really.
| explaininjs wrote:
| A Flow:
|
| > Service A => User: Please Enter Your Phone Number and
| Email
|
| > Service A => Clearinghouse: Please verify phone number
| XXX wants to sign up for an account with us
|
| > Clearinghouse => User (SMS): Please respond with the
| Email you used at signup to confirm you want an account
| with Service A
|
| Later...
|
| > Service B => User: Please Enter Your phone number and
| Email
|
| > Service B => Clearinghouse: Please verify phone number
| XXX wants to sign up for an account with us
|
| > Clearinghouse => User (Email): Please verify you want an
| account with Service B
|
| Not saying it's great (providing email twice is annoying),
| but it's something.
| rezonant wrote:
| This does not reduce the overall cost, it just shifts it
| to the clearinghouse. Who pays the clearinghouse so that
| they can cover their own exorbitant SMS costs?
| explaininjs wrote:
| You miss the crux of it: the second time onward the
| clearing houses uses email to authenticate the
| previously-SMS-verified account.
| supriyo-biswas wrote:
| The clearinghouse may not have the user's most recent
| email address, which is common amongst non-tech people.
| My mom and aunts have lost many email addresses this way
| and forcing them to use an older email would cause many
| issues.
| explaininjs wrote:
| The app has to ask for email/phone to begin with (see
| step 1), if the email doesn't match then phone would be
| used as fallback, or potentially as a "Didn't Receive
| Code?" gesture.
| Aachen wrote:
| "Sign in with $Clearinghouse" could bring you to a page
| that prompts whether you want to share a user ID or the
| phone number, as required, with that service.
|
| The clearing house verifies you only once, or once a year,
| instead of every time. If the clearing house were to be a
| nonprofit, perhaps even set up by Signal themselves to
| spread costs with similar services, that has to be cheaper.
|
| It also gives users confidence that only a randomized user
| ID was shared, so it won't be used for cross-service
| correlation and tracking, if the service didn't actually
| need your phone number but only some identifier.
| beefee wrote:
| A service that requires a telephone number simply shouldn't
| be called an Internet service. It can't be used purely over
| the Internet.
|
| Telephone numbers are fundamentally incompatible with
| privacy. Signal's leadership knows this, but they don't
| appear to care.
| supriyo-biswas wrote:
| > we can rent server infrastructure from a variety of providers
| like Amazon AWS, Google Compute Engine, Microsoft Azure
|
| Moving off cloud services to lower-cost provider like Hetzner,
| Vultr and DigitalOcean might provide a lot of cost savings.
|
| I also imagine they're using managed SMS services from one of
| these clouds, and moving off them to a combination of local SMS
| gateways in each country can also further reduce costs (and in
| one case I've personally observed, by upto two orders of
| magnitude). This obviously pushes a lot of complexity on
| Signal's side, but is usually worth it.
| slaw wrote:
| Any idea what prevents Signal from using cheaper
| alternatives?
|
| Edit: I meant moving off cloud to Hetzner, Vultr,
| DigitalOcean.
| supriyo-biswas wrote:
| As I understand it, you have to often use multiple gateways
| based on which one is cheaper and can deliver your message
| to the recipient, and also take care of handling retries in
| case one gateway fails. This is not something you typically
| want to handle if you're not aware of it, and the process
| of having to talk to each vendor and figure out their
| limitations is tedious.
| lxgr wrote:
| There's a lower bound on what these services can charge in
| the form of interconenction fees charged by the mobile
| service providers delivering the messages.
|
| In the US, that's effectively zero due to the US phone
| infrastructure largely using a shared-cost model, but in
| most other countries which use "sender pays", these fees
| can be significant.
| wolverine876 wrote:
| In business, you get what you pay for. Cheaper hosting
| might raise more issues that need to by handled by your
| employees, who also are expensive, and also the
| organization's focus gets disrupted. The hosting company /
| cloud vendor has an enormous economic advantage, with
| access to the entire hardware and software stack, the
| engineers who built it, people whose full-time job is
| operating it. Often it's cheaper to pay more for better.
|
| As I have to explain about open source, 'Free is only free
| if your time is worth nothing.' (And I use a lot of FOSS,
| it just not always the solution.)
| hotnfresh wrote:
| DO, at least, has bad peering agreements that _will_ cause
| you noticeable, unfixable (if you stay on DO...) persistent
| problems at large enough scale.
| ocrow wrote:
| So ... hire staff to manage that complexity?
| j45 wrote:
| Might not be cheaper at scale and truly globally.
|
| The loaded costs should have the numbers run.
|
| It would be a fascination under the covers look with
| signal.
| wombarly wrote:
| They probably already have that staff for GCP, Azure, AWS?
| munk-a wrote:
| SMS rates are absolutely bonkers considering the technical way
| they're transmitted. The US is an outlier in SMS rates actually
| being reasonable (usually unlimited or close to) for consumers
| - but for the rest of the world the insane mark up on that
| communication method has mostly obsoleted it...
|
| That'd be all well and good... the technology would die
| naturally, but all my American relatives continue to stubbornly
| use iMessage.
| lxgr wrote:
| > for the rest of the world the insane mark up on that
| communication method has mostly obsoleted it...
|
| For P2P communication. SMS is alive and well for B2C
| messaging, most importantly for 2FA OTP delivery, but also as
| a first line of defense against spam/bot account creation.
|
| It's not a good solution to either problem, but it's slightly
| better than nothing (which apparently makes it good enough
| for many), so I suspect we're stuck with it for now.
|
| > That'd be all well and good... the technology would die
| naturally, but all my American relatives continue to
| stubbornly use iMessage.
|
| iMessage is not SMS, though. It just uses phone numbers as
| identifiers, but so do many other popular over-the-top
| messengers, including the most popular one globally.
| munk-a wrote:
| To clarify - iMessage does not use SMS if you're going from
| Apple to Apple device and both devices have data/wifi
| available. iMessage refuses to support messaging to Android
| clients and defaults to SMS for these messages.
|
| I've got an Android phone so all iMessage transmissions
| come across as SMS (or MMS).
| lxgr wrote:
| Ah, I see what you mean. That's not what I'd call
| iMessage though, that's just SMS:
|
| The iOS application is called "Messages"; iMessage is the
| over-the-top Apple-exclusive messaging service.
| cmiles74 wrote:
| Messages inflexible reliance on SMS for communication to
| non-Apple devices is definitely an Apple issue, in my
| opinion. Apple has made it clear that they continue to
| default to SMS for non-iPhone communication solely
| because it's unpleasant for everyone involved.
| munk-a wrote:
| There's apparently even "green bubble bullying"[1] of
| kids who have Android devices and thus have their
| messages appear different. In this particular way Apple
| is happy compromising the mental health of young people
| to secure a larger market share - it's awful and they
| deserve a lot more negative PR for it.
|
| 1. https://www.wsj.com/articles/why-apples-imessage-is-
| winning-...
| JumpCrisscross wrote:
| > _apparently even "green bubble bullying"[1] of kids who
| have Android devices and thus have their messages appear
| different_
|
| Bullies will bully. Targeting the articles of bullying
| versus the source is fruitless; the former is unlimited.
| AYBABTME wrote:
| > Apple is happy compromising the mental health of young
| people
|
| Dramatic exaggeration and attribution of evil intent is
| counterproductive and disingenuous.
| miki123211 wrote:
| On the other hand, I have saved many a dollar by
| instantly knowing that I just sent a legacy text to
| somebody I normally iMessage with.
|
| My carrier charges an arm and a leg for international
| texting, and if distinguishing between texts and
| iMessages wasn't as easy as it is, I would probably have
| to pay hundreds in carrier bills at least once.
| lxgr wrote:
| > In this particular way Apple is happy compromising the
| mental health of young people to secure a larger market
| share
|
| Should we also force luxury brands to offer stipends so
| that teenagers whose parents can't afford them (or simply
| don't want to participate in that nonsense) don't feel
| stigmatized?
|
| It would be a completely different story if Apple were to
| ban third-party messaging apps on their platform, but as
| restrictive as they are in other areas, they aren't doing
| that.
|
| It literally only takes a free app download to get a
| cross-platform messaging experience at least on par with
| iMessage (and in my personal view superior in many
| regards).
| asoneth wrote:
| Agreed.
|
| It reminds me of the "Blue eyes/Brown eyes" exercise
| (https://en.wikipedia.org/wiki/Jane_Elliott) so let's say
| this was a real psychology experiment. Middle-schoolers
| and high-schoolers are encouraged to communicate via a
| chat application with rich multimedia functionality. But
| any conversation that includes even a single individual
| who belongs to an arbitrarily-defined "out-group" has its
| functionality degraded and the application highlights who
| the out-group member(s) are. After a year you compare the
| mental, social, physical, and academic well-being of both
| groups. Would your university's IRB approve such an
| experiment?
|
| I initially gave Apple the benefit of the doubt that this
| was simply a technical limitation. And of course kids
| will always bully each other about _something_. But at
| this point it does indeed seem like a billion-dollar
| company is intentionally amplifying and leveraging this
| sort of bullying to drive marketshare. If you don 't find
| this immoral then I'm not sure what to say.
| oarsinsync wrote:
| What does the default Android messaging app do?
| rezonant wrote:
| Google Messages, which is fast becoming the default
| Android messaging app across Android OEMs uses RCS when
| both participants support it and falls back to SMS when
| that is not the case.
|
| RCS is an open standard that any carrier/OS/messaging app
| can support, unlike iMessage, which is exclusive to
| iPhones.
| lxgr wrote:
| That's exactly RCSs biggest problem: It requires active
| carrier support. (As far as I understand, Google runs the
| infrastructure for many international carriers at this
| point, but they still need to opt into that.)
|
| Using my phone number as an identifier and authentication
| factor for so many things these days is bad enough; I
| really don't want the messaging layer itself to touch my
| phone provider at all.
| sneak wrote:
| RCS-the-open-standard is not end to end encrypted.
| cmiles74 wrote:
| Android's messaging app does much the same thing.
|
| My preference would be that Apple drop SMS support from
| Messages all-together and market it as an iOS only
| communication method. People with iPhones would then have
| to pick some alternative, perhaps they would use Signal
| or perhaps something else.
|
| I already have to install a handful of applications to
| talk to all of my friends and co-workers, at least I
| wouldn't have to continue to use SMS.
| JLCarveth wrote:
| https://www.android.com/get-the-message/
| lxgr wrote:
| RCS is Google's idea of a solution - a company not
| exactly widely known for their excellence in all things
| instant messaging.
| JLCarveth wrote:
| Do you have a source that it was started by Google? From
| looking around, they support its development but it was
| an industry initiative, and Samsung was one of the first
| OEMs to support it.
| cmiles74 wrote:
| My phone runs Android, I'm pretty much forced to use SMS
| in order to communicate with anyone who uses an iPhone
| and that's most of my family. While it can be argued that
| iMessage provides a good enough experience on an iPhone
| for most people, I have wondered if they are the one
| thing keeping SMS alive.
| rezonant wrote:
| > I have wondered if they are the one thing keeping SMS
| alive.
|
| Absolutely they are. Most of my friends and family are
| Pixel users and we all communicate using RCS. If Apple
| would just support the modern replacement for SMS (which
| includes end to end encryption), iPhone users would be
| much safer and would have a better experience.
| lxgr wrote:
| I really dislike iMessage, but somehow Google has managed
| to deliver an even worse alternative with RCS:
|
| It apparently just doesn't work with dual-SIM phones,
| requires a phone number and an active plan with a
| supported operator (at least iMessage lets me use an
| email address!), the multi-device story is non-existent,
| to just name a few.
| FalconSensei wrote:
| > For P2P communication. SMS is alive and well for B2C
| messaging, most importantly for 2FA OTP delivery, but also
| as a first line of defense against spam/bot account
| creation.
|
| In Brazil, businesses use Whatsapp to communicate with
| consumers. You order pizza and book doctor appointments
| over whatsapp
| kurthr wrote:
| I think I understand your comment, since iMessage isn't SMS,
| but defaults to SMS for those not using it.
|
| There are opensource self hosted solutions like BlueBubble
| that allow reasonably secure communication through iMessage
| to the other chat platforms on desktop/Android etc. I have
| zero affiliation, but I know others who happily use it. There
| are also less secure and paid solutions I can't speak to.
|
| https://bluebubbles.app/faq/
| aalimov_ wrote:
| > stubbornly use iMessange.
|
| Personally, I prefer it over downloading yet another client,
| dealing with additional credentials, wondering about who can
| access my messages, and so on and so forth...
|
| And all that just to message the handful of people that I
| know who use <popular in other country third party app>.
| itslennysfault wrote:
| If only someone would release a universal protocol that the
| app's native messaging apps could utilize to eliminate the
| need for these 3rd party messaging apps. Oh, right, it's
| called RCS and Apple refuses to support it.
| JumpCrisscross wrote:
| > _only someone would release a universal protocol_
|
| Nobody wants this. Universal access means universal
| access for spammers. iMessage won over SMS because of
| cost and spam filtering.
| ParetoOptimal wrote:
| > Nobody wants this.
|
| Not nobody.
|
| > iMessage won over SMS because of cost and spam
| filtering.
|
| Really? I've never used imessage.
| JumpCrisscross wrote:
| > _Not nobody_
|
| Within the scope of messaging network effects, nobody.
|
| > _Really?_
|
| Yes. iMessage spam is rare and stamped out fast. Open
| protocols tend to have spam problems the moment they
| begin scaling.
| lxgr wrote:
| RCS is anything but universal. It requires the explicit
| cooperation of mobile phone providers, which makes it a
| non-solution in many scenarios - including usage on any
| device that happens to not be a phone.
|
| RCS is exactly what it says on the box: A modern
| successor to SMS. That does not make it a good modern
| instant messenger.
| troupo wrote:
| > Oh, right, it's called RCS and Apple refuses to support
| it.
|
| No one wants to support it. Even telecoms don't want to
| support it.
| DANmode wrote:
| Telecoms don't even want to roll out all of the
| infrastructure they get paid by the government to, I
| don't know that their willingness to do anything is a
| point I'd try to stand firmly on.
| lxgr wrote:
| Exactly, so how on earth does Google think that it is a
| good idea to put them in charge of running the
| infrastructure powering the future of instant messaging?
|
| Any chance at all it has something to do with the fact
| that they've acquired an RCS infrastructure provider that
| they can sell to telcos?
|
| https://jibe.google.com/
| error503 wrote:
| _Someone_ has to run it. Logically, the obvious party to
| do so the carrier providing network access to the device,
| which also has a recurring billing relationship with the
| user from which to recoup its costs, and that the user
| knows to contact when they have issues. As a standard
| ostensibly replacing SMS, and coming out of the GSMA, it
| 's also pretty obvious it'd be biased toward a carrier-
| centric solution.
|
| There are a couple other options of course, but I am not
| sure they are better:
|
| * Fully federate this, a la Matrix or XMPP. I really wish
| this was a practical option, but without legislation I
| doubt any company wants to go willingly in this
| direction. Even if they did, it'd be difficult to contain
| spam at scale. It also creates 'first contact' issues;
| love it or hate it, the general public seem attached to
| the idea of phone numbers and it seems to work relatively
| well and unambiguously. It is also the most technically
| complicated and most brittle and unpredictable for users.
|
| * Phone / OS maker operates it for their devices. You
| don't seem to want Google running things, so this seems
| markedly worse than what they have actually done which is
| give you options (most people can at least choose a
| carrier, and carriers can choose implementations). It's
| unclear how operating costs are recouped here, especially
| for low-end devices. Does this lead to feature
| stratification? I hope not, but probably. It's a global
| single point of failure, both from a technical point of
| view as well as a policy/jurisdiction one (can $country
| LE subpoena my records because the company operating the
| service is ${country}an - or perhaps merely operates in
| $country, for example?). Also unclear how users are
| 'found', but maybe it's a bit easier than in a fully
| federated system.
|
| * Phone / OS maker partners operate the service, giving
| users a few choices. Not really sure why anyone would go
| in for this, but it's basically the same as if the phone
| maker operates it.
|
| None of these are great options, but I think the carrier
| is probably the least-bad one. You have an agreement with
| them. You have the legal protections offered in your home
| jurisdiction, with clear jurisdiction over the whole
| thing. They already have a ton of data on you and access
| to your traffic. You have a neck to wring if the service
| doesn't work properly.
|
| They really should have standardized E2EE though, not
| including it is ridiculous.
| Analemma_ wrote:
| Literally nobody wants RCS except Google and a handful of
| HN commenters. It's so unwanted that Google had to scrap
| their original plan of making the carriers host the
| infrastructure and do it themselves, because the carriers
| didn't give a shit.
|
| (And even Google doesn't _really_ have any love for RCS,
| they crawled back to it as a fallback plan with their
| tail between their legs when their own proprietary lock-
| in messaging apps didn't work out. Which makes their
| attempts to shame Apple into adopting it pretty
| hilariously disingenuous.)
| lxgr wrote:
| > with their tail between their legs when their own
| proprietary lock-in messaging apps didn't work out
|
| For what it's worth, they've worked tirelessly to ensure
| their failure.
| toast0 wrote:
| > It's so unwanted that Google had to scrap their
| original plan of making the carriers host the
| infrastructure and do it themselves, because the carriers
| didn't give a shit.
|
| To be fair, that wasn't Google's plan, that was the
| GSMA's plan. GSMA created the RCS spec, failed to get
| more than a handful of their members to use it, and kind
| of abandoned it to the wolves. For reasons I don't quite
| understand, Google decided it'd be a good idea to take it
| up, and then push it harder than any of their previous
| messaging services; but it's not like they came up with
| it.
| aalimov_ wrote:
| I see that you feel strongly about RCS, but as far as I
| know even some of the bigger US carriers dont support the
| universal profile on all the Android devices they offer.
| So maybe you'll get your wish some point after carriers
| align on RCS.
| sneak wrote:
| RCS the "universal protocol" is not end to end encrypted.
|
| Google has made some proprietary extensions to RCS to
| support end to end encryption but this is not the same
| thing.
| Cody-99 wrote:
| Apple announced today they are going to support RCS
| https://9to5mac.com/2023/11/16/apple-rcs-coming-to-
| iphone/
|
| RCS is better than SMS no doubt but lets not pretend it
| is on the same level as iMessage. Lack of end to end
| encryption alone makes RCS a dated standard
| morvita wrote:
| Good news, Apple just announced they'll start supporting
| RCS next year.
|
| https://www.techradar.com/phones/iphone/breaking-apple-
| will-...
| renonce wrote:
| For the purpose of 2FA and account registration let's view it
| as a tax for fraud prevention, where the real value in SMS is
| in verifying someone's identity rather than transmitting
| messages
| peanut-walrus wrote:
| If SMS actually worked for this purpose, it would be
| acceptable. However, SMS provides no guarantees about: 1)
| If it actually gets delivered 2) If it is delivered to the
| intended recipient 3) 1 and 2 without anyone reading or
| tampering the message while in transit
|
| Now, even if stars align, your SMS ends up on a route where
| nobody is mitm-ing or hijacking it, the telco systems work
| and it gets delivered, it is STILL not a guarantee of
| identity. It simply verifies that you have somehow got
| access to a particular phone number.
| fmajid wrote:
| Just because consumers get unlimited SMS doesn't mean
| businesses get that. The telcos are ruthless about extracting
| their pound of flesh at business rates.
| tofuahdude wrote:
| Why is it that SMS is so damn expensive? (or more specifically,
| what is it about Twilio et al's businesses that makes them cost
| so much?)
| j45 wrote:
| Nothing just profit and existing system access costs set by
| the incumbents.
| sonicanatidae wrote:
| In the US, shafting customers as hard and fast as you can is
| the current business model. What are they going to do? Move
| to 1 or 2 remaining competitors with the exact same business
| model?
| renewiltord wrote:
| When you control access to the customer you can charge people
| a lot. Just like Apple can take 30% primarily because they're
| the gatekeeper to iPhone users, telecoms are gatekeepers to
| their users so they can charge you a lot to text them. You
| don't really have a choice. L
| myself248 wrote:
| What's it cost to be an SS7 peer for a year? Could they spin up
| their own "phone company" for the purpose of delivering SMS
| verification and nothing else, cheaper than they're paying
| someone else's markup?
| lxgr wrote:
| What's expensive isn't (just) the technical infrastructure,
| it's termination/interconnection fees charged by the
| destination mobile networks.
| myself248 wrote:
| Huh, I knew those existed for voice calls, didn't realize
| they applied to SMS too. Makes sense, though.
| bloggie wrote:
| Funny, because that's the reason I can't use Signal - I don't
| have a phone number.
| barbazoo wrote:
| In case one isn't aware, you can get a $1/month throwaway
| phone number from Twilio for that purpose.
| lxgr wrote:
| That's a neat workaround for the people that can figure
| that out, but doesn't change the underlying problem for the
| majority of users at all.
| alternatex wrote:
| Majority of users don't have phone numbers?
| lxgr wrote:
| I'm referring to the majority of users not having (or
| wanting to use) phone numbers.
|
| Some of these will be willing and able to pay $1/month to
| Twilio for a workaround, but most probably won't.
| bonton89 wrote:
| Aren't these VoIP? Almost every service blocks VoIP numbers
| for sign ups these days, but perhaps Signal is an
| exception.
| barbazoo wrote:
| They work with Signal, Facebook, etc. Sometimes you have
| to try another one to get it to work.
| pierat wrote:
| Sounds like a great case to get the fuck away from SMS and
| phone numbers.
|
| But hey, they still want your whole address book, and announce
| you're on signal to everyone else on signal.
|
| The whole "secure" thing is a joke. Its all linked to your
| identity via your phone#.
| alternatex wrote:
| They want the address book because if you don't have
| engagement promotion features like that, there is no way to
| ever become remotely popular in the chat app space.
|
| Why is the security a joke? The data is e2e encrypted, and
| isn't related to a phone number in any way after
| registration. Do you know of a better way of combining
| privacy and anti-abuse measures? If you don't offload
| identity checks to telecom providers during registration some
| bad actor will immediately create a million accounts and send
| millions of spam messages and destroy the slim chance of this
| type of app to exist for free.
| pierat wrote:
| > They want the address book because if you don't have
| engagement promotion features like that, there is no way to
| ever become remotely popular in the chat app space.
|
| Intentionally ignoring the fact that Signal splatters your
| phone number to everyone else is a humongous problem. And
| you can even put your phone number block in your address
| book, and it'll tell you everyone who has Signal. This
| happens all the time, with Signal servers leaking all of
| this metadata.
|
| And doing "engagement promotion" is what companies do to
| sell more shit. So, exactly what are they "selling"?
|
| >Why is the security a joke?
|
| Metadata, pertaining to communication patters and to whom
| matters just as much as what's being said.
|
| And that metadata, like "your phone number" and "contact's
| phone number", and "when data is being sent to/from" is
| that metadata.
|
| > The data is e2e encrypted,
|
| > and isn't related to a phone number in any way after
| registration.
|
| Bullshit. I see new people hopping on signal fairly
| regularly. If that was true, it'd be a simple verify-once-
| and-delete. It aint.
|
| > Do you know of a better way of combining privacy and
| anti-abuse measures?
|
| I reject your claim of "privacy", with regards to metadata.
|
| Secondly, Tox has an alternate way to handle this, by
| allowing any number of accounts not tied to anything. Sure,
| it's a SHA256 id, but who cares. There, its secure AND
| anonymous.
|
| Basically, I look at Signal as "better than SMS, but not
| much". It's basically a way to keep the phone company from
| scanning messages.
| NoGravitas wrote:
| Signal actually jumps through quite a few hoops in order to
| let you and your contacts are on Signal _without_ Signal
| actually having access to a copy of your whole address book.
| It 's even mentioned in TFA.
|
| I do agree about being linked to your phone number - doing it
| that way means not considering a lot of people's valid threat
| models. They are working on moving to usernames, though. It's
| in beta now.
| progval wrote:
| > Signal actually jumps through quite a few hoops in order
| to let you and your contacts are on Signal without Signal
| actually having access to a copy of your whole address
| book. It's even mentioned in TFA.
|
| It doesn't say how it works. If Alice's phone can tell
| whether her contact Bob uses Signal without Alice and Bob
| doing any sort of a priori cryptographic exchange, why
| couldn't Signal itself do whatever Alice's phone is doing?
| Ar-Curunir wrote:
| Signal doesn't learn your contact list. See
| https://signal.org/blog/private-contact-discovery/ and
| https://signal.org/blog/building-faster-oram/
| renonce wrote:
| Just wondering, are they relying on these big name cloud
| providers (AWS/Azure/GCP), known for predative traffic and
| storage pricing? Have they considered cheaper providers such as
| Backblaze B2 for storage and Hetzner/OVH for servers? The fees
| for storage, server and bandwidth could be cut by 80% if they
| did that.
| macNchz wrote:
| Out of interest, their top vendor costs on their 2021 form 990:
|
| $7m Twilio
|
| $4m Microsoft
|
| $3m AWS
|
| $1.3m Google
|
| https://projects.propublica.org/nonprofits/organizations/824...
| wolverine876 wrote:
| Signal agrees: (from the article:)
|
| _... legacy telecom operators have realized that SMS messages
| are now used primarily for app registration and two-factor
| authentication in many places, as people switch to calling and
| texting services that rely on network data. In response to
| increased verification traffic from apps like Signal, and
| decreased SMS revenue from their own customers, these service
| providers have significantly raised their SMS rates in many
| locations, assuming (correctly) that tech companies will have
| to pay anyway._
|
| ...
|
| _These costs vary dramatically from month to month, and the
| rates that we pay are sometimes inflated due to "toll fraud"--a
| practice where some network operators split revenue with
| fraudulent actors to drive increased volumes of SMS and calling
| traffic on their network. The telephony providers that apps
| like Signal rely on to send verification codes during the
| registration process still charge their own customers for this
| make-believe traffic, which can increase registration costs in
| ways that are often unpredictable._
| sowbug wrote:
| SMS has become a kind of real-world PoW (proof of work)
| mechanism. A phone number typically has a recurring fee to
| keep it working. So a live number indicates that someone is
| spending money (a proxy for effort) to maintain it.*
|
| It still seems like a lot of money to spend on simple, old
| technology, but from the PoW perspective, making it cheaper
| would defeat its purpose.
|
| *Which is why many sites reject Google Voice numbers, for
| example, for SMS verification.
| chefandy wrote:
| I wish their justification for dropping SMS capability from
| their Android app to move away from phone numbers was a little
| more transparent about the obvious cost aspect rather than
| solely sticking to the patronizing "we're saving insecure
| messaging users from themselves" messaging they had. I found it
| pretty obnoxious. I think people generally get "valuable
| nonprofit + huge expense = not-sustainable = bad."
| rstuart4133 wrote:
| > their justification for dropping SMS capability from their
| Android app ... was a little more transparent about the
| obvious cost aspect
|
| I'm not following. Signal gets stung for the registration SMS
| costs because they send the SMS to the user. They don't pay
| when one user sends an SMS to another user. If you send an
| SMS, you're the one who pays.
|
| (I didn't realise they were moving away from phone numbers.
| Don't they they stay mandatory when PNP comes along?)
| mhh__ wrote:
| I wonder if you could do something clever such that you can
| have people volunteer their SIM for sending 2FA?
| jjav wrote:
| > Signal pays more for delivering verification SMS during sign-
| up, than for all other infrastructure (except traffic)
| combined. Wow, that sounds excessive.
|
| Particularly when the phone requirement is the biggest weakness
| in Signal.
|
| Getting rid of it will make it substantially cheaper to operate
| and much more private. Win-win.
| knoxa2511 wrote:
| All things considered. Pretty impressive how cheap it is to run
| given the adoption of the Signal.
| j45 wrote:
| Second time around benefits too, and the guest time was pretty
| efficient in WhatsApp too.
| craftkiller wrote:
| Back in the day Signal was called TextSecure and it did
| everything over SMS which required no centralized infrastructure
| aside from the cellular networks. They transitioned to internet-
| based messaging to support Apple devices. It seems that decision
| is now a 50 million dollar per year step backwards.
| lovvtide wrote:
| TextSecure! Wow this took me back to 2011.
| jadyoyster wrote:
| SMS would be a complete non-starter in Europe. Many (no?)
| countries lack unlimited texting plans.
| BlueTemplar wrote:
| Wait, still ?? Which countries ?
| sandworm101 wrote:
| It's not a step backwards for me. Our organization uses signal
| in many situations where SMS isn't an option. When I land in a
| new country it is normal for my cell/SMS not to work. But I can
| hop on some local wifi and get signal messages. We had a
| widespread cell outage in my area last year. Signal not being
| on cell/SMS meant that I could still communicate with family
| without need of cell towers. This is a big step forwards imho.
| nicolaslem wrote:
| > When I land in a new country it is normal for my cell/SMS
| not to work. But I can hop on some local wifi and get signal
| messages.
|
| WiFi calling is a standard feature that does exactly what you
| describe for texts and calls, without using a third-party. I
| have cell connectivity turned off constantly on my phone and
| yet receive texts and calls via WiFi.
|
| It is actually an awesome feature for receiving 2FA SMS at my
| parent's place where there is great internet but poor cell
| coverage.
| abadpoli wrote:
| WiFi calling isn't always free internationally though, it
| often gets charged according to your phone plan's
| international rates, which is discouraging for many people.
| Signal, on the other hand, just sees WiFi as WiFi.
| syspec wrote:
| If you check their costs, SMS (used for registration) is the
| most expensive part of their operation.
| parker_mountain wrote:
| You misunderstand how textsecure worked.
| craftkiller wrote:
| There was no "registration" and TextSecure never sent you
| messages. It was strictly peer-to-peer.
| sigmar wrote:
| You're mistaken. I still have my textsecure account
| registration verification text message (because I'm a data
| hoarder) from March 15, 2015
| craftkiller wrote:
| 2015 was after the internet-based-messaging transition
| but before the rename. Source:
| https://en.wikipedia.org/wiki/TextSecure
| Canada wrote:
| Right, I totally hate being able to text, voice, video, send
| files, and screen share with individuals or groups of people,
| including half my contacts who use iPhone. Also, fuck them for
| making all of it sync to all my computers. And I especially
| hate the fact that I was not billed by telecom carriers for the
| tens of thousands of messages I've sent and thousands of calls
| I've made over it over the last 10 years.
|
| Yes, indeed, how backwards. I wish I only used software that
| spied on me, or permitted others to spy on me, for those
| features.
| Night_Thastus wrote:
| I've loved Signal. It's been the only consistent way I've been
| able to send and receive high-quality pictures and videos at all.
| It's been the only way I've been reliably able to send _texts_
| when I 'm in an area with poor reception, which is frequent.
|
| The privacy is nice and it's been simple and easy to use.
|
| I hope they stick around. Everyone likes to bash more privacy
| oriented companies if they aren't absolutely 100% perfect in
| every single way, but IMO perfect is the enemy of good and Signal
| has been _very_ good.
|
| The hardest part has been convincing people to use it, and if I
| have to get people to jump to another one it'll all just fall
| apart.
| cloogshicer wrote:
| I know it's unpopular to say this on here but Signal will never
| be popular as long as they don't add basic features that all
| other messaging apps have.
|
| - If you lose your phone or it no longer boots, all your
| messages are irretrievably lost. There's no way to create
| backups on iOS. Why the hell can't I enable iCloud backups? I
| know it breaks privacy in some ways but let me choose the trade
| off. Put a giant warning if you have to.
|
| - The desktop app is awful and requires signing in again all
| the time. See the Telegram Desktop app for how to do it better.
| In my opinion it should be the gold standard for desktop
| messaging apps
|
| - Desktop app keeps losing message history
|
| As long as Signal treats _all_ messages as if they 're so
| important that even super spies should not be able to read
| them, and as a result, goofing usability in a way that standard
| features don't work, I 100% understand that the majority of
| people won't use it.
| autoexec wrote:
| > Everyone likes to bash more privacy oriented companies if
| they aren't absolutely 100% perfect in every single way, but
| IMO perfect is the enemy of good and Signal has been very good.
|
| Signal has not been good. The absolute least we should expect
| from any "privacy oriented company" is that they're honest and
| fully transparent about the data they collect and store, and
| Signal is none of that. Since they started collecting and
| forever storing sensitive user data in the cloud they've
| refused to update their privacy policy to alert people to that
| data collection.
|
| If you advertise your service to human rights activists,
| journalists, and whistleblowers whose freedom and/or lives are
| on the line you owe it to them to be extremely clear about what
| their risks are by using your service, but Signal outright lies
| to them in the very first line of their privacy policy.
|
| This isn't "perfect being the enemy of good" this is either a
| massive dead canary warning people not to use/trust Signal, or
| it's completely immoral and irresponsible.
| Night_Thastus wrote:
| Every single time I've seen Signal asked for data in a court
| case, they've basically handed back a unix timestamp of when
| the account was created and said "that's all we have". Or it
| was last access time, I could have misremembered.
|
| Either way, that seems quite good to me.
| autoexec wrote:
| You're right, that's how it used to be. They still have
| pages on their website bragging about times when they
| didn't have anything to turn over because they didn't keep
| any of it. A while ago that all changed. They started
| collecting and forever storing in the cloud the exact data
| those requests were asking for. Lists of everyone you've
| been contacting, along with your profile data (name, phone
| number, photo).
|
| https://community.signalusers.org/t/proper-secure-value-
| secu...
|
| If you're a Signal user and this is the first time you're
| hearing about this, that should tell you everything you
| need to know about how trustworthy Signal is.
| Night_Thastus wrote:
| The technical info in that community form is a few
| notches too technical, I work in a different knowledge
| base.
|
| If someone broke down what the timeline was, what new
| info is being stored that wasn't before, how that is
| known, and how Signal has responded, etc, then that would
| be useful.
|
| I'll admit it doesn't seem great. Phone number I
| understand, but name and contacts are more concerning.
| autoexec wrote:
| There's a good article on the topic here:
| https://www.vice.com/en/article/pkyzek/signal-new-pin-
| featur...
|
| Note that the "solution" of disabling pins mentioned at
| the end of the article was later shown to not prevent the
| collection and storage of user data. It was just giving
| users a false sense of security. To this day there is no
| way to opt out of the data collection.
|
| There's a lot more information about it in various
| places, but Signal went out of their way to be as
| confusing as possible in their communications so it
| caused a lot of people to get the wrong idea (see for
| example https://old.reddit.com/r/signal/comments/htmzrr/p
| sa_disablin...)
|
| The forums were in an uproar for months asking Signal to
| not start collecting data or at least give people a means
| to opt out. Here's a good thread with links to a bunch of
| the conversations people were having at the time:
| https://community.signalusers.org/t/mandatory-pin-is-
| signal-...
| jph wrote:
| Signal can be better, IMHO, by separating from phone number
| requirements. In other words, let users have secure random ids,
| rather than forcing each user to hand over their phone number for
| phone company verification.
|
| It turns out the budget shows the phone number registration
| problem: the costs to deal with phone number verification seem to
| be $6MM, which seems to be 10% of the entire budget.
|
| If Signal staff are reading this, I'd gladly pay $100/year for a
| phone-free solution for all users.
| minedwiz wrote:
| You're in luck:
| https://www.theverge.com/2023/11/9/23953603/signal-username-...
| SahAssar wrote:
| They will still require a phone number, it's just a alias.
| crossroadsguy wrote:
| I just hope they don't expose phone numbers if a
| conversation was started on usernames and one or both
| parties have phone numbers saved. I hope it is not this bad
| - something Telegram does.
|
| Also preferably clearing differentiating username and phone
| number messages.
| zitterbewegung wrote:
| Focusing on app features is one thing but the bigger picture is
| that Signal is at risk of not existing without capital... (just
| donated $20 today and I wish I could buy stickers off of them).
| foundart wrote:
| How would it be better? Is there anything beyond not having to
| provide a phone number?
|
| How would it be worse?
| zamalek wrote:
| The phone number requirement is why WhatsApp won the space over
| in the first place. There were loads of username+password-based
| services before it, but none reached the market it did. Why? An
| incredibly wide user funnel, singing up is frictionless.
|
| You might understand that it's a bad idea, but that makes you
| an outlier.
| aquova wrote:
| I don't really buy this argument. Is signing up with a phone
| number really that much easier for the average user than
| using a username/email account? Billions of people seemed to
| have no problems making a Facebook or Google account.
| Retric wrote:
| It's the building a social network part that's frictionless
| not creating user name process that's frictionless.
| aquova wrote:
| The lack of a social network is why I settled on Signal.
| Before using Signal I tried Telegram, which requires a
| phone number and if they recognize your number in any of
| their user's contact list (which many people seem happy
| to allow access to), they'll send them a notification
| telling them their contact has joined. I got a nasty
| message within 10 minutes of making an account from a
| woman accusing me of pretending to be her deceased
| father. I had inherited his phone number a decade prior,
| and it told her I had made an account. I was so shocked
| they not only allowed, but encouraged such behavior that
| I deleted it promptly and swore I'd never use it again.
| brewdad wrote:
| Signal does the same thing. Or maybe it used to but they
| changed it. I have a bunch of notifications of "so and so
| is on Signal" from when I joined years ago.
|
| Can't say I've ever gotten any psycho responses from it
| though.
| just_boost_it wrote:
| With WhatsApp, your phone number allowed you to see
| everyone in your contacts that you could message on there,
| so you could see everyone straight away. Without that,
| you'd have to bring your friends along and have them sign
| up as well, then give you their username so you can
| connect.
| FalconSensei wrote:
| Even Instagram allows you to search your contacts. If
| they have their number set in their profiles, it'll find
| a match
| Aardwolf wrote:
| Why not support both?
|
| Let one communicate from a computer (or phone) with a
| username+password account, with people who use the service
| with phone number account.
|
| This without the mechanism Whatsapp uses, where you can use
| it in a web browser, but it's still linked to your phone.
| brewdad wrote:
| Signal has an app to use it with your computer. It's a one
| time linkage through a QR code. As long as you connect with
| the app at least once every 30 days, you never have to
| worry about it and, unlike WhatsApp, your phone doesn't
| have to be online for it to work.
| lxgr wrote:
| Using phone numbers as identifiers (and by extension users'
| phone books as a contact discovery mechanism) is probably at
| least equally significant as a factor for WhatsApp's success.
| j4yav wrote:
| You could do both, no?
| linuxdude314 wrote:
| No, WhatsApp won because it successfully replicated and
| replaced the SMS experience in the developing world, where
| the cost of data was dirt cheap in comparison to the cost of
| a single SMS message.
|
| This is why it still has a stronghold as well...
| dzikimarian wrote:
| Experience on WhatsApp, Telegram or any other IM is vastly
| better than SMS. Unless by SMS you mean iMessage - then
| it's even simpler - most of the world doesn't use iPhones.
| dghlsakjg wrote:
| I think that's the gp's point.
|
| Given the choice between SMS and a service that provides
| the same functionality is free, superior in most ways,
| borderless, etc. the choice to use whatsapp is obvious.
| BobaFloutist wrote:
| Requiring a phone number also seems like a decent way
| increase friction for automated account creation - obviously
| it _can_ be overcome, but it probably reduces automated
| account creation by a few orders of magnitudes, which I would
| imagine reduces the amount of botting /phishing/ban evasion,
| which could all add up to be pretty expensive to an org.
| irrational wrote:
| What did WhatsApp win? I've never used it, so I'm not sure
| what anyone uses it for.
| FalconSensei wrote:
| In South America it's the standard messaging everyone uses,
| even businesses. No one uses SMS
| just_boost_it wrote:
| I'd say it's basically standard everywhere outside the
| US. I lived in Canada and Europe, and eneryone is on it.
| All my fellow immigrants in the US are all on WhatsApp
| groups.
| charcircuit wrote:
| Phone verification does have value in adopting the network
| effects of phone numbers and integrity by making it harder to
| mass create accounts.
| smt88 wrote:
| Right, it's a way to create a cost barrier without anyone
| giving Signal a credit card directly.
| yjftsjthsd-h wrote:
| It would have very particular ethical trade-offs, but they
| could just make signing up without a phone number a paid
| option. That has the advantage of actually turning a cost
| center into a profit center, at the distinct disadvantage of
| creating a moral hazard by the exact same virtue.
| cappax wrote:
| That exists, and is called Threema
| cl3misch wrote:
| A bit handwavy, but allowing sign-up without a phone number
| could massively increase bot/spam traffic and ultimately
| increase hosting costs for Signal.
| oconnore wrote:
| The deal could just be: no phone number, but you have to pay
| $x/year (I guess this doesn't work with 501c3?)
| binary132 wrote:
| I'd jump on that so fast.
| lxgr wrote:
| Accepting these payments would not be trivial, and linking
| them to Signal accounts would create a treasure trove of
| metadata that neither Signal nor its users would likely be
| very happy about.
| AnthonyMouse wrote:
| Just charge $10 to create an account without a phone number
| and accept Bitcoin. Most people can avoid the $10 by
| providing a phone number, privacy-conscious people only have
| to pay $10, it generates revenue, and the $10 puts the
| spammers out of business because they don't pay $10 once,
| they pay $10 every time they get banned, which happens
| multiple times a day.
|
| You could even automate the bans by banning anyone who gets
| blocked by more than two people they sent messages to, which
| anybody can avoid by not sending messages to people who would
| block them, and if it happens to someone innocent, it's still
| only another $10 to reactivate your account.
| jtriangle wrote:
| Session.app solved this problem well
| collaborative wrote:
| Typical HN comment saying I will pay $ for xyz feature (which
| everyone, including the poster, knows to be BS)
| brewdad wrote:
| I don't understand the concern. Signal has never been about
| anonymity. If you need to be anonymous, use a different tool. I
| like the fact that a phone number provides an additional
| verification that the person I am chatting with is who they say
| they are. As far as risk associated with having your phone
| number leaked to bad actors, that ship sailed years ago. I
| guarantee your number has been leaked a thousand other ways
| starting with by your phone provider.
| MuffinFlavored wrote:
| If you really wanted to talk to somebody in a "non-decryptable"
| fashion, could you set up like a channel that encrypts itself
| with a ton of different encryption methods, keys, etc. (encrypted
| payloads inside each other)
|
| Signal encryption is its main feature (I think) and how easy it
| makes it (abstracts handling key transfer and all that), I'm just
| trying to think through... if I wanted nobody to read what I was
| saying , would I use an app/target as popular as Signal or
| something homegrown?
| jedberg wrote:
| You don't need multiple security protocols (and in fact that is
| almost always a bad idea). You just need one good protocol and
| a way to securely exchange the keys. What signal solved for the
| most part is the secure key exchange.
|
| If you want to talk to one person, you can give them a USB key
| in person with a set of crypto keys and then use that to
| encrypt your messages over any transit method and it will be
| secure.
|
| The hard part is the key exchange.
| Buttons840 wrote:
| It's a bit off topic, but I've wondered the same.
|
| We could stack a hundred layers of encryption algorithms, and
| if just one of them works, then the whole stack is secure.
| jedberg wrote:
| You could, but you'd be adding complexity to solve a mostly
| non-existent problem. Security is rarely broken because the
| algorithm itself is broken. It's usually because one end has
| a key logger or other vulnerability. Or they are literally
| storing the unencrypted text in an unencrypted data store
| after reading it.
|
| In the meantime, the added complexity adds new places for
| errors.
| kube-system wrote:
| Yep, people who think about messaging security as a problem
| of sending data from one computer to another are missing a
| huge part of the attack surface. To fully understand the
| entire problem set, we need to consider the entire pathway
| from one human's brain to another.
| sterlind wrote:
| lots of drug traffickers went with something homegrown (Anom),
| which turned out to be an FBI front. they'd have been a lot
| safer sticking to Signal. and you can audit the Signal client's
| source code, which is enough to verify its secrecy.
| jonfw wrote:
| I think the biggest risks for most people are going to be
| around key management, social engineering, and exploitation of
| terminal devices (i.e. if somebody has compromised your device
| running signal and can observe the message before encryption or
| after decryption).
|
| More layers of encryption doesn't really solve those problems.
| vjk800 wrote:
| > Another $19 million a year or so out of Signal's budget pays
| for its staff. Signal now employs about 50 people, a far larger
| team than a few years ago.
|
| What? I know silicon valley salaries are a thing, but absolutely
| everywhere else in the world this would be insane. Maybe change
| the headquarters to somewhere cheaper?
| sky_rw wrote:
| I keep re-reading this section of their blog post trying to
| figure out what I'm missing here. $2.6 million full load per
| employee on avg? Is this heavily weighted to a few executives?
| Can somebody explain this to me?
|
| Edit: I'm stupid and did the math backwards.
| candiddevmike wrote:
| Only thing I can think of is it incentives them not to put
| backdoors into Signal/get fired.
| jedberg wrote:
| You mathed backwards. It's $380K per person fully loaded.
| Which is pretty inline with decent tech salary these days.
| datpiff wrote:
| That is their total cost, not the salary paid.
| jedberg wrote:
| Yes, which is why I said "fully loaded"
| dangoor wrote:
| I think your math is off? $19M/50 people = $380,000?
| dale_glass wrote:
| You're doing that division backwards.
| winterismute wrote:
| Isn't it 380k per person in average? Seems like in-line with
| FAANG salaries in major US cities.
| hansSjoberg wrote:
| A few employees and their compensation are listed on their
| Form 990, page 7. Sidenote: did "Moxie" legally change his
| name from Matthew Rosenfeld?
|
| https://projects.propublica.org/nonprofits/organizations/824.
| ..
| rodlette wrote:
| They have devs and support engineers earning 700k, more
| than the CTO?
| hansSjoberg wrote:
| 700k to drag your feet on implementing usernames for a
| full decade, seems cushy.
| contact9879 wrote:
| It's in testing now; you'll soon have to switch to
| complaining about some other thing.
|
| Anyway, considering usernames required an extensive
| redesign of how Signal works, it's not surprising it took
| 5 years (3 years of full time)
| datpiff wrote:
| Costs for staff are not just salaries. It's also pensions,
| taxes, benefits, the offices, software licenses and all the
| other stuff. I've often heard 50% of total cost going to
| salary, but it varies.
|
| Still does seem high though.
| gamblor956 wrote:
| Pensions aren't a thing in the U.S. anymore, especially not
| for tech. And when a U.S. company says "staffing costs" that
| does not include licenses, offices, etc. It's strictly salary
| and benefits.
|
| According to Signal's 990, it's paying multiple employees
| over $700k. That's above-market for corporate compensation,
| and it's _way_ above market for non-profit compensation, to
| the point where it could be considered private inurement.
| contact9879 wrote:
| They cover this pretty substantially in the post on
| Signal's website (I know they merged the Wired article into
| this one).
|
| Signal is trying to compete with the richest companies in
| the world; including for talent. And considering Signal's
| origins and motivations, they're not going to lower
| salaries or decrease benefits because some people believe
| that working for a non-profit automatically means lower
| compensation.
| V__ wrote:
| Signal had 40 million active users in 2021 [1]. With 14 million
| in infra cost, that comes to .35 per user/year. Total expenses
| are about 33 million, so about .825 per user/year. All in all
| that seems very reasonable.
|
| [1] https://www.businessofapps.com/data/signal-statistics/
| rogerkirkness wrote:
| Based on App Store downloads on both platforms, they are well
| over 200M at this point.
| nvy wrote:
| A lot of people, myself included, have it installed but never
| use it after they dropped SMS support.
|
| Only a tiny fraction of my contacts use Signal, and most of
| those are also on Whatsapp, Telegram, Discord, and others.
|
| Signal offers essentially nothing to me.
| rasso wrote:
| Except real privacy?
| sam_lowry_ wrote:
| Not even that, because it is linked to phone numbers.
| OoooooooO wrote:
| Afaik you can crrate an account without a number.
| wkat4242 wrote:
| No. You can just hide it from other users in group chats
| now (and perhaps 1:1, didn't yet check but you still need
| one to sign up)
| crtasm wrote:
| Where is the option for group chats please?
| matricaria wrote:
| Not yet, but they are working on that.
| leotravis10 wrote:
| Yep, a great example: https://dessalines.github.io/essays
| /why_not_signal.html#phon...
| marvinborner wrote:
| Username registration is currently being tested:
| https://community.signalusers.org/t/public-username-
| testing-...
| ixwt wrote:
| > and register for a new account with a phone number (you
| can use the same one you're using in Production).
|
| I hope that they make it so you can register WITHOUT a
| phone number. Perfectly fine if it's not the default.
| This is post is currently implying that is not currently
| the case.
| umanwizard wrote:
| Why is it more private than WhatsApp?
| Ar-Curunir wrote:
| I encourage you to read the article, but Signal minimizes
| the metadata it stores about you, doesn't hold on to you
| contact list, doesn't keep information about your IP
| address, etc.
|
| WhatsApp instead makes tons of money from this kind of
| metadata.
| crtasm wrote:
| Using WhatsApp means Facebook/Meta knows the timestamp,
| sender and recipient of every message sent.
| kroltan wrote:
| Pay attention to WhatsApp's wording (all privacy/security
| claims start with "your messages"), and their privacy
| policy, and you'll see that while message involving with
| individuals (non-Business users) are secured, your
| contact list is not, neither are chats with businesses or
| the metadata about you chatting (destinations, frequency,
| time)
| hiatus wrote:
| The sms decision made signal go from THE messaging app on
| my phone to an app I only use with a very small subset of
| my contacts. It is infuriating that they didn't allow users
| to retain that functionality when it costs them nothing,
| and they could have disabled it by default.
| urig wrote:
| You paid them nothing and are infuriated. Interesting.
| nani8ot wrote:
| Many people care about Signal, and it is okay to dislike
| their decision. OP didn't demand from Signal to support
| SMS, but they expressed their emotions about the change.
|
| Signal is an awesome project but some of their decisions
| annoy many users. E.g. Signal does not allow to
| automatically save all pictures in the gallery. It's a
| privacy feature, but it's inconvenient since it forces me
| remember to download each image seperately.
| psalminen wrote:
| I still use Signal a lot, since most people I frequently
| talk to use it. However, this was extremely frustrating.
| Having 1 messaging app for so long was incredibly nice.
| hezralig wrote:
| My lawyer stopped using signal due to the sms support being
| dropped. It became too much of a hassle and wasn't worth
| it.
|
| Many of my family also dropped Signal.
|
| It is now really only used by the hyper-privacy conscious.
| leptons wrote:
| I'd be happy to pay $1/year for signal, and I'd pay $2/year if
| it were decoupled from my phone number.
| lxgr wrote:
| If you pay Signal $1/year, they'll realistically see about
| 60-70 cents of that - and that's only considering payment
| processor fees.
|
| Now add the cost of providing support (it's a paid product
| now!), payment handling on their end (in a privacy-preserving
| way, which excludes most common payment methods), and top it
| off with the immense damage to the network effect by
| excluding all the users that can't or simply don't want to
| pay $1/year...
|
| Donations seem like the much better option here.
| eviks wrote:
| You can also charge for a 10 year minimum and get to a
| higher retained %
|
| You don't need to provide support, even much more expensive
| consumer services live without a proper one, so being
| explicit about the fact that you only pay for
| infrastructure could suffice
|
| Not sure why payment privacy has to be so strict for
| everyone
|
| The network effect damage is real, but maybe it could be
| limited with donations :)
| lxgr wrote:
| Selling a service automatically opts you in to all kinds
| of consumer protections, either legally or de facto
| through the dispute mechanism of the payment methods your
| customers use.
|
| Just ignoring customer complaints and selling the service
| "as-is" is usually not an option.
| eviks wrote:
| Why is it not an option when it already exists in many
| places (all these protections fail all the time)? Your
| first sentence doesn't imply high/expensive level of
| customer service
|
| Besides, even now they're not ignoring all the
| complaints, the do fix bugs?
|
| Maybe to be more specific, how much did it cost WhatsApp
| when they had $1 price and a tiny team? How does it
| compare to the cost of SMS?
| leptons wrote:
| Thanks for over-analyzing my comment. $1/year, $2/year,
| $5/year, is all insignificant in the wide array of things I
| pay for. Sure, I'd pay $10/year for Signal as it is today
| if they really needed me to. And I never said to make
| payment mandatory. You're just way over analyzing a simple
| comment.
| caeril wrote:
| I'd pay much more than $2 if they offered account identifiers
| other than phone numbers. Trying to get a burner SIM or DID
| while still staying anonymous is getting increasingly
| difficult.
|
| But I think it's pretty clear by now that this is a feature
| for FVEY IC, not a bug. FFS, they burned development
| resources on _stickers_ , but abjectly refuse to offer
| alternative account identifiers. The standard apologist
| response is, "but phone numbers make adoption easier". Sure,
| but nobody is asking to _replace_ the identifiers, or even to
| make them nondefault. We 're just asking for the _option_. It
| could be hidden behind a developer mode for all I care, but
| it should be there.
|
| The fact that they abjectly refuse to do it is enough to tell
| you about what their true motivations likely are.
| nurple wrote:
| Agreed, at this point I don't believe the "privacy" aspect
| of Signal's sales sheet means anything. Most that I know
| use it primarily because they can have clients on all
| platforms, including desktop.
| XorNot wrote:
| I'd pay substantially more for Signal if I could bot
| accounts.
|
| I'd like a signal daemon on all my servers for alerting which
| could message me via Signal. This is worth a monthly fee to
| me.
|
| I know people running small businesses who would really like
| to have a business Signal account: an ability to send Signal
| messages as a business identity without tying it to some
| specific phone number. This would be worth a subscription
| even if they had to get their customers to install Signal.
|
| Signal need to figure out what product they sell that's going
| to fund the privacy objective: because there's plenty and
| they're worth having.
| jenny91 wrote:
| If you want one for just personal use; this works well:
| https://github.com/AsamK/signal-cli
|
| Just sign up with a Twilio number (using voice call) and
| you can make your own bot.
| renewiltord wrote:
| I wonder how many people paid the $5 for WhatsApp back in the
| day. It gave you nothing but you were able to do it. I think I
| did.
| abdullahkhalids wrote:
| Whatsapp was asking for $1/year [1]
|
| [1] https://www.theguardian.com/technology/2016/jan/18/whatsa
| pp-...
| lxgr wrote:
| I've been using WhatsApp when the nominal $1/year fee was
| still around, but somehow never ended up being actually
| charged, and I don't know anyone that did.
|
| It's possible that they were only enforcing it in some
| regions, though.
| abdullahkhalids wrote:
| Indeed. I just ignored the dialog box the first time it
| popped up. But next year I paid. It was quite a big deal
| because back then it was equal to my entire monthly
| cellphone bill in Pakistan.
|
| But I remember other people started to en masse switch to
| other messengers like Viber(?). And Whatsapp had to stop
| enforcing the fee.
| renewiltord wrote:
| The price changed a few times but they definitely had a
| lifetime thing once.
|
| All pricing was entirely optional
|
| Here's one reference to a different price (can't find
| lifetime except for people complaining that Facebook didn't
| honor it on original ToS)
|
| https://www.wired.com/2011/11/whatsapp-messenger-app/
| bilal4hmed wrote:
| I have an old receipt in my Google Pay for whatsapp at a
| whopping 99 cents :)
| 2OEH8eoCRo0 wrote:
| Definitely reasonable but the ultra privacy-conscious/paranoid
| can't easily donate or pay privately.
| groby_b wrote:
| Sure, but privacy isn't black or white. A donation to signal
| does not compromise the content of your messaging.
|
| So what you've leaked is the information that you have an
| interest in private conversations. This might be a problem in
| some countries, but I think it's fair to ask folks in
| affluent countries with working (sorta) democracies to
| shoulder that burden. I.e. you don't donate if there's
| elevated threat to your safety, there are enough people who
| aren't under elevated threat.
|
| There's also the possibility of using a donation mixer like
| Silent Donor, though I'd evaluate that very carefully.
| (There's a record of the transfer in, and the mixer needs to
| keep temporary records for transferring out. There's also the
| question how you verify the mixer doesn't skim.)
|
| Some donation mixers accept crypto currency, so for maximum
| paranoia, I suppose crypto->crypto mixer->donation
| mixer->charity might be workable. Or hand cash to a friend
| who donates in your stead.
|
| As always, the best path is to set aside paranoia and build a
| threat model instead to see what the actual risks are.
| godelski wrote:
| There's never enough talk like this and I'm not sure why.
| It's always about the threat model. In this respect I
| always like to think of it in terms of probability.
| Probabilities and likelihoods aren't just about capturing
| randomness like quantum fluctuations or rolling dice, they
| are fundamentally about capturing uncertainty. Your threat
| model is your conditions and you can only calculate
| likelihoods as you don't know everything. There are no
| guarantees of privacy or security. This is why I always
| hated the conversations around when Signal was discussing
| deleting messages and people were saying that it's useless
| because someone could have saved the message before you
| deleted them. But this is also standard practice in
| industry because they understand the probabilistic
| framework and that there's a good chance that you delete
| before they save. Framing privacy and security as
| binary/deterministic options doesn't just do a poor but
| "good enough approximation" of these but actually leads you
| to make decisions that would decrease your privacy and
| security!
|
| It's like brute forcing, we just want something where we'd
| be surprised if someone could accomplish it within the
| lifetime of the universe though technically it is possible
| for them to get it on the very first try if they are very
| very lucky. Which is an extreme understatement. It's far
| more likely that you could walk up to a random door, put
| the wrong key in, have the door's lock fall out of place,
| and open it to find a bear, a methhead, and a Rabbi sitting
| around a table drinking tea, playing cards, and the Rabbi
| has a full house. I'll take my odds on 256 bit encryption.
| V__ wrote:
| There are clever ways around that. I use posteo as my
| mailprovider. They have a system where you can pay
| anonymously: https://posteo.de/en/site/payment
| godelski wrote:
| They take checks by mail. You definitely can do a cashier's
| check and I'm sure they'd take the "cash in an envelope"
| method that places like Mullvad do too. Looks like they also
| support crypto, and that includes Zcash. So I don't think
| this is a great excuse. The only "can't easily donate" aspect
| is going to also be tied with the "can't easily get a
| cashier's check or find an anonymous person to sell me
| bitcoin for cash" kinda issues, and when you're operating at
| that level I'm not sure anything is "easy." (but that's not
| that hard usually)
|
| https://support.signal.org/hc/en-
| us/articles/360031949872-Do...
| wkat4242 wrote:
| How is a check in any way private? Your name is on it.
| godelski wrote:
| A cashier's check doesn't.
| wkat4242 wrote:
| Ah ok I didn't know those still existed. In fact even the
| named checks are long gone here in Europe lol.
| godelski wrote:
| Oh yeah, I have an old checkbook that I've had since like
| 2010 because the only ones I've ever used are for random
| landlords. Otherwise it's literally easier to get a
| cashier's check, which you can (in America) do at any
| bank or grocery store. Note that some are free and some
| aren't, so check beforehand. I don't think these will
| ever really go away tbh
| wkat4242 wrote:
| I think they will, America is just very traditional.
| Things tend to stick around for longer. The magstripe
| also lingers there even though we've got rid of it for
| years (though unfortunately our cards still have them in
| case we need to visit the US - I don't like having them
| because they are skimmable).
|
| Nobody would accept a check here anyway as they're not
| guaranteed. These days I pay with my watch or phone
| everywhere (Samsung Pay). I don't even use the chip on my
| card anymore. And payments between people happen
| digitally too (a system called Bizum here in Spain).
| heavyset_go wrote:
| Signal requires a real phone number to open an account, you
| are not anonymous to Signal.
| sneak wrote:
| Phone numbers can be obtained anonymously in many
| countries. I have several anonymous Signal accounts, each
| with their own anonymous phone number.
| caeril wrote:
| It's possible in the US, but it's getting very difficult.
| I don't know anywhere you can buy or or borrow a DID with
| Monero anymore. Looks like they got to Telnum recently.
|
| You can still buy a SIM, a prepaid PIN, and a phone with
| cash, but you'd need to pay a non-correlated person to be
| seen on CCTV to do it, at a non-correlated time, and hope
| they don't just take your money and leave you nothing at
| the dead drop.
|
| Then there's the hassle of setting up the account in a
| way that's not correlated with your location, normal
| waking hours, etc.
|
| All of this could just be avoided if Signal did the right
| thing.
|
| But they won't. Ask yourself why.
| pizzafeelsright wrote:
| Why are you typing my comments?
|
| Exactly. They won't because .... reasons.
| sneak wrote:
| Why would you not need to be seen on CCTV? This has
| nothing to do with the privacy of Signal.
|
| I buy all of my anonymous prepaid SIMs with cash at
| retail myself, and they are still anonymous.
|
| The only time you'd need to stay off CCTV is if you were
| using them to commit crimes and expected a significant
| investigation to be undertaken.
|
| Your casual assertion of malice on the part of Signal is
| not supported by any facts.
| nerdbert wrote:
| I can pop into almost any phone shop around here and walk
| out with a free SIM card, which I can top up for cash.
| abdullahkhalids wrote:
| Mastodon org + Mastodon.social also have costs of 0.6 EUR/year,
| though they have two orders of magnitude less users [1]. This
| is really what most social media costs. These rates are even
| payable by many in poorer countries.
|
| [1] https://news.ycombinator.com/item?id=38117385
| fmajid wrote:
| IIRC WhatsApp used to charge $1 per year
|
| https://venturebeat.com/mobile/whatsapp-subscription/
| jeroenhd wrote:
| With how much Mastodon.social tends to fall over when Twitter
| does something stupid (again), their rates are probably a bit
| too low for a more robust service like Signal.
|
| Signal also intentionally doesn't store too much data, long
| term data costs will slowly grow over the years. I imagine
| for a bigger platform, costs can grow to multiples of the
| rates for Signal and smaller Mastodon servers.
|
| EUR10 per year should be more than enough for most users,
| though, and it should be quite affordable for most countries.
| teekert wrote:
| Whatsapp got pretty big at 1 eur/year (iOS) and 1 eur for
| lifetime (Android) here in the netherlands.
|
| I do fear they'll loose most tech un-savvy users because they
| don't know how to pay (safely).
| wkat4242 wrote:
| That doesn't mean they were actually profitable at those
| rates though. They could have been in growth hacking mode
| with venture backing.
| danielheath wrote:
| They were well-known for not doing that, though.
| wkat4242 wrote:
| Hmm but then how did they manage before asking for that 1
| euro? There were a whole lot of years where it was
| completely free (yes before the Facebook takeover). Here
| in Europe we've only needed to pay once or so until it
| got taken over.
|
| There must have been some kind of venture backing because
| there was no money coming in at all from users for a long
| time.
| lencastre wrote:
| It's beginning to sound like the 1 EUR/year that at some point
| WhatsApp wanted to charge and it seemed reasonable to me at the
| time. Signal is even better and even more so justified.
| rany_ wrote:
| They used to "require" a subscription of 1$/year but it was
| not enforced. If you missed the deadline, nothing happened.
| It was basically the WinRAR model but for an online service.
| politelemon wrote:
| That may have been an A/B testing of sorts then, because I
| was booted right away.
| rany_ wrote:
| > whether you've been required to pay WhatsApp's annual
| fee depends very much on when you joined the service, and
| even on what country you live in.
|
| Source: https://venturebeat.com/mobile/whatsapp-
| subscription/
| gwd wrote:
| This is kind of the number I was looking for -- "Cover your own
| costs: $1/year. Cover yourself and five other people: $5/year."
| I feel like something pointing out that the costs are around
| $1/year on signing up, maybe with a reminder once a year, would
| get most people self-funding pretty quickly.
| tobinfricke wrote:
| Reminds me of ... WhatsApp :D
|
| (Originally WhatsApp charged $1/year.)
| yetanotherloss wrote:
| Who is the active user base for signal these days? Everyone I
| knew who was using it dropped off after the SMS debacle, which
| was a shame.
|
| Edit: Wow some weird haters on HN today. I was honestly curious
| as an active signal user that was no longer able to use it to
| message people in North America and had never seen anyone using
| it in East Asia. Apparently this makes some other signal users
| very angry.
| freeqaz wrote:
| I've converted all of my friends and family to using it. It's
| the "social media" for my world now. I'm probably an outlier
| for that, but it makes me happy!
| OfSanguineFire wrote:
| I've been to a lot of meetups in the last year and exchanged
| contacts with people. As a nerdy idealist running a deGoogled
| Android with no proprietary software, I always have to tell
| them that I don't have WhatsApp, just Signal. Again and again I
| have heard the reply, "Oh, yeah, I've got Signal, I use it to
| buy drugs."
|
| So, that's some of the active user base in my city, but none of
| those users are very motivated to use Signal with their network
| of contacts in general. There WhatsApp reigns.
| Krasnol wrote:
| > "Oh, yeah, I've got Signal, I use it to buy drugs."
|
| Funny, people around here in Germany say that about Telegram.
| bongripper wrote:
| Buying drugs from shady people online like on Telegram
| channels is a good way to get you not high or killed.
| Apparently they're selling HHC now that looks like bud? No
| thanks. I'll stick to my local guy straight from behind the
| bushes next to the park.
| rchaud wrote:
| those users probably have a far lower impact on Signal's
| operating costs because they're only sending the occasional
| message instead of using it as a broadcast platform.
| yetanotherloss wrote:
| That's been similar to my experience in the last year.
| WhatsApp or even worse, Snapchat, seems to be the preferred
| "private" messaging platforms, which is depressing to say the
| least.
| j45 wrote:
| Lots people are replacing meta/insta/WhatsApp with signal chats
|
| Especially for long term chats with friends and fam.
|
| I happened to start using it with my spouse only to apple just
| one kind of messaging notification to come thru.
| zozskuh wrote:
| I still use it, and ask my friends & family to use it as well.
|
| What would you recommend to use instead of Signal?
| yetanotherloss wrote:
| I have yet to find a replacement that both I like and other
| people use. Matrix and Session I have yet to find anyone
| using, telegram seems to be almost entirely bots in my area,
| and WhatsApp etc are owned by Meta.
| Krasnol wrote:
| Same people who use WhatsApp for example.
|
| The SMS issue was mainly a problem in the US where people used
| it for SMS and therefore never mattered since that
| communication was never secure. Those people probably never
| even cared for security since they, as you said even went out
| there and actually uninstalled an app. Something people seem to
| rarely do.
|
| I use it for friends, family and colleagues. People now started
| asking me for it (or safe alternatives to Facebook Messenger)
| since Facebook started asking people to pay for non-targeted
| ads recently. They actually got people to think about the data
| they share with an outdated social network.
| rchaud wrote:
| Yep, the whole point of Signal for me was the SMS component. I
| put up with the old-fashioned UI for that reason. Now it just
| looks and acts like a Telegram clone.
| ActorNightly wrote:
| Has anyone tried setting up their own Signal server? Be cool to
| do this, and then give all your friends the ip for truly private
| messaging.
|
| https://github.com/signalapp
|
| Seems like all their stuff is open source.
| kyawzazaw wrote:
| unlikely the people i want to talk will bother setting this up
| Aachen wrote:
| And the people those friends want to talk to. And the friends
| of those friends.
|
| To have self-hosted chat services, you either need a niche
| enough service that you'll never have two parties that would
| want to talk to each other while being on different servers,
| or federation. Signal chose the former, so here I am with
| eight communication apps on my phone.
|
| Maybe the next best thing could be to support multiple
| servers, like how email clients let you fetch data from more
| than one email provider, if they're so worried about
| federation inhibiting their ability to control the ecosystem
| that they plainly won't go there and hold speeches about how
| harmful that situation would be. Then we could have self
| hosting and also Signal wouldn't have to care about
| federating with my self-hosted server.
| ActorNightly wrote:
| I mean the idea would be you download the app but use my
| server instead of of the default ones.
| newscracker wrote:
| Which app would they all use and from where would they get it?
| Signal does not (intentionally) support the official app using
| other servers or the platform itself supporting federation. [1]
|
| [1]: https://signal.org/blog/the-ecosystem-is-moving/
| YeBanKo wrote:
| This can be a premium feature. Run your own server and for a
| little bit of money you can configure your client to use an
| alternative server. Client code is what make it private and
| secure, so you want to use their verified client even with your
| own server.
| Sol- wrote:
| Offering self-hosted servers would probably just degrade the
| security guarantees of Signal if people misconfigure them.
| Doesn't seem to be worthwhile for the Signal foundation to run
| into this risk of undermining their own reputation for a niche
| user base who cares about self-hosting.
| autoexec wrote:
| > Doesn't seem to be worthwhile for the Signal foundation to
| run into this risk of undermining their own reputation
|
| It's a bit too late for that. They undermined their
| reputation when they started permanently keeping sensitive
| user data in the cloud (like a list of every person you
| contact), and then again when they refused to update their
| privacy policy which lies to users about their data
| collection practices, and then again when they killed off the
| ability to get both "secure" communications and unsecured
| SMS, and then again when they started adding weird cryptoshit
| nobody asked for. Signal seems to be telling people as loudly
| as they can not to use/trust them.
| exabrial wrote:
| Some of these things raise an eyebrow and I'd like them further
| broken down (but in the mean time, I'm still donating):
|
| * $19 million for 50 staff - That's $338k/head on
| average. At face value for a nonprofit, I'd like these costs
| broke down as this seems excessive. There is far cheaper IT labor
| available outside SV.
|
| * 20 petabytes per year of bandwidth, or 20 million gigabytes, to
| enable voice and video calling alone, which comes to $1.7 million
| a year - I'd drop these features if possible, or
| give them to donors.
|
| * Storage: $1.3m, Servers: $2.9m - I was actually
| expecting this to be far higher - Long term storage
| should probably be donor-only - Servers could likely
| be optimized by going hybrid cloud with colocation and owning own
| hardware, but again, was surprised how "little" they're spending
| on this.
|
| * Sms registration fees: $6m - Stop contributing
| and supporting the "Your phone number is your identity" problem.
| - Move towards helping educating society and establishing a set
| of encryption keys as their long term identity
|
| It's easy to criticize from the bleachers. Still thankful for the
| app and I'll continue to donate.
| simcop2387 wrote:
| One thing I question with that is that if you gave features to
| donors only, wouldn't that mean that signal now needs to track
| users in ways that aren't privacy preserving? I.e. you'd be
| able to know if any given user using signal now has given
| payments to signal. I'm not sure that'd work with what they
| want to do as an organization.
| asylteltine wrote:
| They need to dump sms entirely. Use on device private keys. If
| users mess it up, it's on them. People need to get educated
| about how to manage private keys.
| vore wrote:
| As someone technically savvy, I don't trust myself to manage
| my own private keys sufficiently for a service that's the
| point of contact for all my friends and family. I think it's
| a much taller order for someone without the technical knowhow
| - remember that Signal's audience includes very non-technical
| people who don't have time to learn the technical ins and
| outs but absolutely require its utility, like journalists and
| dissidents.
| a_vanderbilt wrote:
| Then few will use it and Signal will die. There is this gap
| between the ideals of the technically-minded and the reality
| that users live in. They tried to dump SMS - and people
| responded by not using alternatives. The entire sales pitch
| of Signal is that it is easy and unobtrusive.
| mushufasa wrote:
| It's easy to say that "you should do x" from the bleachers but
| when you're in the arena you run up against reality. For
| example, Signal had a blog a while ago about how they tried to
| avoid the sms features, actually for privacy reasons, but they
| found people just didn't use other alternatives. Here's a
| reddit thread of users advocating for SMS support
| https://www.reddit.com/r/signal/comments/y3ymfl/keep_sms_sup...
| .
|
| So it was the best of all the available options practically, if
| they wanted to grow and retain the users.
| bpfrh wrote:
| That was for sending SMS via Signal, not for verifiyng users
| via sms and they did remove that.
|
| https://signal.org/blog/sms-removal-android/
|
| edit: wording, forgot the word remove
| vore wrote:
| - That's $338k/head on average. At face value for a nonprofit,
| I'd like these costs broke down as this seems excessive. There
| is far cheaper IT labor available outside SV.
|
| You get what you pay for, though. $338k/year seems like a
| reasonable salary for people working on something as privacy
| critical as Signal - just because you're working for a
| nonprofit doesn't mean you have to work for less competitive
| wages.
| jallen_dot_dev wrote:
| Also, employees cost more than just their salary.
| foobarian wrote:
| I wouldn't be surprised if overhead turned out 1/3 of that
| figure.
| zimpenfish wrote:
| > $338k/year seems like a reasonable salary for people
|
| That $19M/year was total employee costs which, as best I
| understand these things, can often work out to be double the
| raw salaries which would bring the average down to a slightly
| less excessive $170k/year.
| superfrank wrote:
| IIRC, employees cost the business ~150% of their salary. That
| means we're looking at more like a $220k/yr salary on
| average. For a bay area company, that seems completely
| reasonable.
| eschulz wrote:
| Nonprofits, as with for-profits, must pay competitive wages
| or they will have trouble getting the expertise that they
| need. $338k/head seems reasonable when you also consider
| taxes the company must pay for each employee.
| raesene9 wrote:
| Whilst competitive salaries are important, it's fair to say
| that, outside of the US, you can get good people for a _lot_
| less than $338k /year.
|
| To give one example of a (not that cheap) market, outside of
| London average developer salaries are probably under $50k in
| the UK. Even accounting for additional costs like taxation
| and equipment, that's likely to be under $100k fully loaded.
| JumpCrisscross wrote:
| > _outside of London average developer salaries are
| probably under $50k in the UK_
|
| For top-notch security developers, I call bullshit. Signal
| would be worthless if it started offshoring development to
| nickel and dime.
| raesene9 wrote:
| I said Average for a reason :D I didn't say you can get
| "top-notch" security developers for that.
|
| I don't think there's industry numbers for that set of
| people in the UK, as it's not a big enough set. However
| I'd be surprised if they were 150K plus though, that's a
| very rare salary in the UK.
|
| Also there are cheaper countries than the UK who have
| great devs.
| jtakkala wrote:
| There's definitely top-notch software and security
| engineers making well north of PS150k in the UK. As you
| go up in levels, it's indeed a small set of people, but
| FB / Google comp for a top L7 engineer working in the
| same space as Signal engineers can be $700k+ in the UK.
| Just have a look at levels.fyi, and you'll see that even
| finance will pay over $500k in London. Furthermore, given
| how small the group of people are at the top of these
| companies, very few will self-report their incomes
| publicly, which is why you'll rarely hear about the
| engineers making $1M+ - but those cases do exist.
|
| The people behind Signal pioneered end-to-end encryption,
| and as is pointed out in the blog post, there's still a
| lot of novel cryptography development involved in
| building a privacy-first messenger. You can't do that
| without top-notch talent.
| hutzlibu wrote:
| "just because you're working for a nonprofit doesn't mean you
| have to work for less competitive wages"
|
| Actually it does usually. Because when people see real
| meaning in their work, as opposed to find yet another way to
| manipulate people on other peoples behalf, then you don't
| have to buy their consciousness as well.
|
| So sure, it is awesome, that signals employers get to have
| meaning _and_ money. But I would bet, you would find
| competent people working for less. (And maybe somewhere else)
|
| But .. they do have a working app and organisation right now
| and drastic changes could destroy that.
| vore wrote:
| Why shouldn't we want to pay people working at non-profits
| the same for their labor than they would get at for-
| profits? If they are doing just as or even more important
| work, why do we want to bend over backwards to justify them
| getting paid _less_ for it?
| hutzlibu wrote:
| Because funding is limited. And the goal is to maximize
| the impact, not make some people happy.
| yieldcrv wrote:
| costs for a nonprofit are the same as costs for a forprofit
|
| there's just a bunch of nonprofit employees or personnel that
| play on the pauper perception because its convenient, but
| "nonprofit" and no money is not correlated to anything
|
| so if those employee costs were excessive for _any_
| organization, saying non profit doesn't make them more or less
| excessive
|
| I think tech talent is undervalued and should at least compete
| directly with FAANG, for many organizations this is not
| possible, for organizations with other liquid assets they
| create (like Signal) it is possible. All employment hasnt risen
| with cost of living, I'm not familiar with other sectors.
| Canada wrote:
| > That's $338k/head on average.
|
| Oh come on. Just because the organization is non-profit,
| meaning that it's not out to make a profit for shareholders, is
| no justification for the staff to be paid below their market
| worth. In fact, they could definitely earn more by quitting and
| working at for profit companies. And that is especially true
| for those who are getting the higher end of the compensation.
|
| And say that staff number was like, $5m/year less? It doesn't
| change the fact that costs of running are substantial and more
| donation is needed from those who want it to remain viable.
| davidhyde wrote:
| < "* 20 petabytes per year of bandwidth, or 20 million
| gigabytes, to enable voice and video calling alone, which comes
| to $1.7 million a year - I'd drop these features if possible,
| or give them to donors."
|
| How about they pull their socks up and use peer to peer
| technology instead? Messages are asynchronous so they need to
| be temporarily stored but routing real-time audio and video is
| a technology problem that they have chosen the expensive way to
| solve.
| NOWHERE_ wrote:
| If signal adds username only accounts it makes sense to relay
| calls if users don't want their IP leaked to the other
| person.
| contact9879 wrote:
| They are peer-to-peer by default between people in their
| contacts list. That is for when calling someone that isn't in
| your contacts list or for people that have enabled the relay
| all calls option.
| darth_avocado wrote:
| > far cheaper IT labor outside
|
| This is a product that solves some of the harder problems of
| engineering, and has a staff of 50. Cheaper isn't going to get
| you the best. If you had a staff of 1000, you could make that
| argument. Besides that's not a lot of money to begin with. 340k
| is a senior engineer salary and I am sure the people running
| the company are far more capable than senior engineers.
|
| > drop those features
|
| That's a valid argument, but 1.7M for that 20PB of bandwidth is
| not a lot of money. Dropping or making the features paid,
| defeats the purpose. If you're trying to be the privacy first
| app that competes with WhatsApp and others, this would make it
| harder to be a viable alternative.
|
| > sms registration fees
|
| Education is a harder problem to solve, but offloading some of
| the costs to users may make sense here.
| yt-sdb wrote:
| > $19 million for 50 staff. That's $338k/head on average.
|
| How did you compute this? 19/5 is 3.8
| AnthonyMouse wrote:
| > I'd drop these features if possible, or give them to donors.
|
| They can't really do that, it deters adoption of something with
| a network effect.
|
| The real issue here is that direct connections have privacy
| implications (maybe you don't want the other party to know your
| IP address), so they relay everything. If they could solve that
| they could save a lot of money.
|
| For example, detect if the user is connected via a known VPN
| service (which is likely given Signal's user base) and then let
| the VPN hide the user's IP address instead of Signal having to
| pay for it. Or make a deal with popular VPNs to put the relay
| servers in their data centers, which gives a similar advantage
| and they might be able to get better pricing from them in
| general because the VPNs already have a lot of bandwidth, are
| sympathetic to what Signal does and could use it as PR.
| olejorgenb wrote:
| Making it so that only one party need to have a pro account
| might help a bit
| AnthonyMouse wrote:
| Still doesn't work. Any two people don't have a pro account
| and they stop using it in favor of a competitor, and then
| their _other_ contacts use the competitor too. You can 't
| charge for something WhatsApp has for free.
| kuon wrote:
| I wish I could use signal without a phone and phone number.
| Otherwise it is useless to me.
| codemac wrote:
| > As a small nonprofit organization, we cannot afford to purchase
| all of the physical computers that are necessary to support
| everyone who relies on Signal while also placing them in
| independent data centers around the world.
|
| This is really the crux of the problem. ~$3M of servers per year
| is more than enough to start purchasing hardware, I wish there
| were easier ways for people like me to participate and help
| Signal on the cheap.
|
| As someone who participated in the builds they complain about
| being expensive (and ignoring their , I don't think it's a
| function of centralization or "troubling" as much as it is
| practical. Meta, Google, etc all have many billions they could be
| saving if they could figure out how to make it cheaper too.
| RosanaAnaDana wrote:
| Is it possible to self host signal? Can signal move towards a
| model like the fediverse where the software development is
| decoupled from the hosting costs?
| dindresto wrote:
| They are actively working against self hosting, which is why I
| want matrix to succeed and signal to die
| rufi wrote:
| Registration Fees: $6 million dollars per year... how come
| sending sms cost so much?
| nvrmnd wrote:
| I donate to signal, and use it frequently. But I would much
| prefer for the app to simply charge users rather than beg for
| donations. Even better would be to charge users in a way that
| reflects the costs.
|
| For instance, maybe verifying a new number over SMS should cost
| $0.10 if that's going to make up 14% of the operating costs.
|
| Begging for donations to subsidize excessive use by other users
| just doesn't seem sustainable.
| arsome wrote:
| I would certainly prefer the donation begging - chance of
| getting family and friends to use it with an upfront cost: 0.
| lxgr wrote:
| How are you going to charge users $0.10? Micropayments is a
| huge unsolved problem.
| renonce wrote:
| Buy 50 invite codes for $5
| NotYourLawyer wrote:
| Yes, let's tie every user of this privacy-focused messaging
| platform to a credit card number.
| mmanfrin wrote:
| > I donate to signal, and use it frequently. But I would much
| prefer for the app to simply charge users rather than beg for
| donations.
|
| Hard disagree. If you charge, the number of people who will use
| it shrinks by several magnitudes, and then you lose your
| network effect, you lose the ability to get your less
| technically inclined friends to install it.
| ruffrey wrote:
| I would pay for a few signal features: 1. encrypted backups or
| backup integration of my chats, photos and videos. 2. business
| features (backup, directory integration, search)
|
| I have not used: 1. voice and video
|
| Incredible that SMS costs so much. I wonder if it's worth it
| because it _saves_ so much in spam and other sorts of fraud or
| bad behavior?
| Aachen wrote:
| I have some good news: go into the settings and turn on
| encrypted backups. The clients also all come with a search
| function, even if it only matches against start-of-word (which
| includes URLs, so you can't search for domain names which
| regularly bothers me).
|
| Directory integration, as in, importing a vcard with everyone's
| phone number into your device such that you can tap on anyone's
| name and message them on Signal if they've got Signal
| installed?
| crtasm wrote:
| The backup option is Android-only.
| Aachen wrote:
| O.o TIL. That's weird, apple users already have plenty of
| lock-in and own-data-inaccessibility, but so maybe they
| figured they clearly don't care? Weird as heck either way
|
| Then what I can recommend is installing the desktop client
| on a server somewhere and reading its sqlite-like (but with
| some flaky encryption extension) messages database
| rodlette wrote:
| I'd prefer a federated solution, but XMPP doesn't yet have decent
| support for group chat that doesn't depend on being connected.
| https://xmpp.org/extensions/attic/xep-0369-0.1.html is still
| experimental.
|
| Bravo to Signal for being easy enough for my family to use!
| fsflover wrote:
| What about Matrix?
| godelski wrote:
| Fwiw, I've seen users suggest hybrid approaches. Interestingly
| it could reduce some of the costs they list here and looks like
| a route one could take to slowly build towards a fully or
| hybrid federated system instead of jumping straight there. But
| I am unsure how much the community likes the idea and judging
| by that last post it doesn't seem like the mods do. But this
| one takes note as two users were willing to place a bounty on
| the feature request
|
| https://community.signalusers.org/t/signal-airdrop/37402
| NoGravitas wrote:
| Matrix fixes that issue (and also the issue of the server your
| group chat is hosted on disappearing). It has plenty of other
| issues, of course.
| ZeroCool2u wrote:
| Signal is one of the non-profits I happily donate to. Myself, my
| family, and my friends use it almost exclusively.
| Canada wrote:
| Seriously consider setting up a recurring donation if you prefer
| Signal. They have delivered consistently over the years. I set
| the $20/month back when they introduced the option.
|
| I'm curious what the breakdown of donations is. I only have 1
| contact with a $10/month and 1 with a $5/month badge. Of course
| there could be others not displaying the badge. Signal really
| needs 500,000 people giving $20/month and plus the rich guys
| giving some millions on top of that to be in a safe financial
| position.
|
| Maybe something that could be done to encourage donations is have
| the client estimate how much raw infra costs your usage created
| and display in the donation screen.
| rglullis wrote:
| I fail to understand the point of supporting an organization
| that is completely against self-sovereignty like Signal is. Why
| would I want to pay someone to develop something that traps me
| into their platform and does not offer a way out?
| BlueTemplar wrote:
| Not _completely_ ? Their server seems to be open source too
| now (with the exception of the spam filter) ?
| rglullis wrote:
| Can I operate my own Signal server and talk with people on
| the "main" one?
| Caligatio wrote:
| You're moving the goal post from "self-sovereignty" to
| supports federation with an infinite number of servers.
| Nothing is stopping you from compiling your own Signal
| server and modifying a Signal client to use your server.
|
| Given that Signal is free as a service, supporting
| federation only increases their expenses.
| rglullis wrote:
| Without federation, Signal is still working with the
| advantage of network effects. So an open source server is
| not enough of a way out.
|
| Element can do it for their Matrix servers. Process.one
| can do it for ejabberd. Prosody as well. Why can't
| Signal?
| sowbug wrote:
| Back to your original point: please don't support an
| organization that doesn't share important values of
| yours! That is absolutely your choice!
|
| You've named several products that share your values.
| Perhaps those would be a better fit if you were to
| donate.
| Clamchop wrote:
| Federation can only make security worse and I do not want
| it. You can have something else.
| SpaghettiCthulu wrote:
| Genuine question: Does Tor fall under the definition of
| federation? Either way, a Tor-like model would have
| security benefits over a centralized system like Signal,
| right?
| danielheath wrote:
| Given how many activists have used it in overthrowing
| dictatorial governments, self-sovereignty seems an odd choice
| of words to claim it doesn't support.
| rglullis wrote:
| Perhaps it was a bad choice of words. What I mean is that
| they say "you don't need to trust us", yet they _require_
| you to run through them. They refuse to build their system
| in a decentralized way, and the more that time goes by the
| more the decentralized alternatives are showing they are as
| secure as Signal _without_ forcing us to accept their
| restrictions like mandatory use of phone numbers for
| authentication.
| Barrin92 wrote:
| > "you don't need to trust us"
|
| you literally don't. It's a fully encrypted service. _The
| literal purpose of encryption is to move data securely
| through insecure or even adversarial channels_. Which you
| can verify, it 's audited and open source.
|
| They refuse to build the app in a decentralized way
| because decentralization is an ideological obsession that
| is useless in this context, and because centralized
| organizations can actually ship polished software that
| works for normal people and move quickly.
| lrvick wrote:
| Centralized supply chain, and metadata protection is
| anchored on SGX.
|
| They can use their pick of SGX exploits to undermine the
| weak metadata protections and they (or apple/google)
| could, if pressured, ship tweaked versions of their
| centrally compiled apps to select targets that use "42"
| as the random number generator. No one would be the
| wiser.
|
| Signal is a money pit with a pile of single points of
| failure for no reason.
|
| Matrix is already proving federated end to end encryption
| can scale, particularly when users are free to pay for
| hosting their own servers as they like, which can also
| generate income.
| chimeracoder wrote:
| > They can use their pick of SGX exploits to undermine
| the weak metadata protections and they (or apple/google)
| could, if pressured, ship tweaked versions of their
| centrally compiled apps to select targets that use "42"
| as the random number generator. No one would be the
| wiser.
|
| Signal builds on Android have been reproducible for over
| seven years now. That's not to mention the myriad of
| other ways that people could detect this particular
| attack even without build reproducibility.
| illiac786 wrote:
| Just don't use it, don't generate cost for them, don't be
| trapped by them. Everyone wins.
| rglullis wrote:
| The 50 million using them all lose because they are locked
| into a monopolistic platform.
| illiac786 wrote:
| they can communicate to anyone with WhatsApp, SMS,
| iMessage.... This is a closed system, not a monopoly.
| Aachen wrote:
| 20/month for every chat service I use is very steep. I'd be
| spending more on chat services than on mobile data + unlimited
| calling + landline + DSL + streaming services combined!
|
| They actual costs are apparently about 1 USD per _year_ per
| user. I usually at least double (usually more) my incurred cost
| when the donation is optional, to cover for those who can 't or
| won't pay, but paying 240x the cost price seems wasteful as
| well when there are other nonprofits that can do more good with
| every dollar you give them (be it solving poverty, climate
| change, whatever you find valuable) rather than one which has
| mostly fixed fees
| climb_stealth wrote:
| Same. I have been doing the recurring payment since they
| offered it. Even though I'm effectively only using it with my
| partner. But that is every day
|
| It feels good supporting something worthwhile.
| bayesianbot wrote:
| https://archive.is/k90dC
| flower-giraffe wrote:
| Did I read that right $19m people cost for 50 people.
| notachatbot123 wrote:
| It's crazy, 400,000k per person. It would feel like nothing but
| an unfair waste of my "cheap-country" money to fuel
| "overpriced-county" with a donation.
| atlasunshrugged wrote:
| But that's not salary, that's the total cost per employee. So
| if you factor in ~40% cost for healthcare, pension, perks,
| and various taxes, then the average salary is closer to
| $240,000 which will still a bit high, is probably less than
| market for the average engineer working at the company.
| gamblor956 wrote:
| Per the 990, which is just salary, multiple employees at
| Signal are getting paid over $650k. That's way above market
| for the nonprofit sector for comparable positions.
| macNchz wrote:
| From page 2 of Schedule J (at the bottom) they break out
| the components of the compensation, showing that most of
| those numbers incorporate a base salary that looks fairly
| normal with 2-600k of bonus & incentive comp on top.
|
| In curious Googling to see if there was an explanation
| for how their structure works, I stumbled on this
| interesting Glassdoor review:
|
| > The bonus structure promised up to a 100% match with
| salary, but in practice the system was set up so that
| nobody got more than 50%, if that. Had I understood this
| I probably would have taken a competing offer that
| ultimately would have had much higher comp.
|
| > The quarterly cliff on the bonus system, where a
| feature failing to ship within the quarter specified
| (even if just by a single day) was counted as if you
| hadn't done it at all. This led to death marches each
| quarter as everyone scrambled to try to finish
| unrealistic goals. It wasn't possible to get help from
| anyone else at these times since of course they too had
| the same problem.
|
| > Nominally, the quarterly goals were set in a
| collaborative process. In practice it was a 2 day full
| day meeting where we were told what Moxie had decided we
| were going to do - our input wasn't really considered at
| all, including if it was even viable to complete in a
| quarter. I'm fine with top down control, that's how most
| corps work, but I disliked the false patina that this was
| some democratic process.
|
| > Internal communications are a disaster, because Signal
| uses Signal for everything, including things Signal isn't
| at all designed for or good at. Bug tracking is literally
| done in a giant group chat. I have a newfound
| appreciation for JIRA.
|
| https://www.glassdoor.com/Reviews/Signal-Messenger-
| Reviews-E...
| notachatbot123 wrote:
| Even in central Europe $240000 would be way more than what
| an average engineer would cost. I'd estimate ~$150000 for
| well paid jobs there.
| thomasjudge wrote:
| Would be interesting to know exec salaries, the latest
| nonprofit disclosure I could find was from 2019
| jenny91 wrote:
| Form 990 from Dec 2021: https://projects.propublica.org/nonpr
| ofits/organizations/824...
| oconnore wrote:
| Would you actually want Signal to be cheaping out on the
| developers that are maintaining the cryptography software that
| protects millions of people?
|
| Someone with that level of expertise is going to be expensive.
| Aissen wrote:
| The cloud tax is crazy (especially bandwidth). Pretty sure Signal
| has reached the scale where they would be cheaper by building
| their infra, maybe starting with the most expensive (storage +
| bandwidth), and then doing others.
|
| SMS is (unfortunately) core to the product, so I'm not certain
| how they could make it cheaper, while retaining the same
| properties (user+pass registration would be a nightmare for spam
| and change the UX).
| Rastonbury wrote:
| Anyone know much does it become worth it to build your own?
| They spend around $3-4m on storage and bandwidth
| maxfurman wrote:
| Data centers cost billions. Signal, and pretty much everyone
| else who isn't already in the data center business, is far
| away from breakeven on that.
| Symbiote wrote:
| There are several steps between using AWS and building a
| datacentre.
|
| - Using similar services from cheaper cloud providers
|
| - Renting VMs
|
| - Renting whole servers
|
| - Renting rack space + power
|
| - Renting larger spaces (many racks, or part or all of a
| whole floor)
| hotnfresh wrote:
| The small ISP/phone/cable company I worked for in high
| school had a data center. Maybe 20 racks. It was pretty
| damn reliable (old-school phone infra techs knew how to
| make shit stay "online"). I guarantee it wasn't above the
| single-digit millions to build, inflation adjusted.
| frakkingcylons wrote:
| That example of your small telecom company isn't really
| relevant here, is it? Signal needs to work well for
| people around the world.
| hotnfresh wrote:
| You can serve tens to hundreds of millions of messaging
| clients with data centers (plural) that don't cost
| _billions_ , even collectively, to build.
| Aachen wrote:
| > millions upon millions of new people suddenly switched to
| Signal in January 2021 after WhatsApp updated their Terms of
| Service
|
| From a footnote of the article. Maybe this is why they've
| stayed with "infinite scale, infinite costs" (commonly known
| as "cloud") so long? Surely at some point this is worth
| considering though, I would also be curious where that point
| lies
|
| Virtually anyone, also when spending only 100 euros/month on
| server providers, can save a large percentage of costs by
| taking it in-house. There might be a gap where you need
| dedicated personnel and it's briefly cheaper to outsource
| before you grow and it inverts again, but generally if you've
| got a stable service then this is nearly always worth it
|
| Maybe a hybrid, where new users onboard onto cloud and they
| buy hardware for expected loads (i.e. current users), would
| be the most cost effective. I wonder how hard that is to
| combine the two worlds, but anything that requires more than
| one server already has that sort of communication going on so
| there shouldn't be any real blockers. Maybe the two types of
| infra add costs/risks again and that's why one rarely sees
| this setup?
| melbourne_mat wrote:
| I know AWS - and I would guess the others too - discourage
| hybrid by setting the egress traffic costs to extreme
| levels
| poutinepapi wrote:
| Understood, $7 CAD per month are heading your way since I use
| Signal quite a bit.
| jdoss wrote:
| I started paying for Signal when they rolled out the
| subscription feature at the $5/mo plan and after reading this
| post, I just moved to the $10/mo plan because of how much I
| value this service since I use it every day. I hope other users
| subscribe if they are able to do so.
| narinxas wrote:
| but what does this mean in terms of VISA vs MasterCard?
| kirbypineapple wrote:
| I would pay a subscription fee if only to get back SMS
| capabilities.
| ChrisArchitect wrote:
| [dupe]
|
| More discussion over here:
| https://news.ycombinator.com/item?id=38291427
| popol12 wrote:
| 2 ideas to limit costs: Make it a 2 tier plan: free tier is text
| and images only, paid tier adds audio/video calls Remove the need
| for phone number verification
|
| I'd be happy to pay 10 bucks a year for Signal.
| alternatex wrote:
| They do that and everyone moves to WhatsApp or Telegram. Your
| comment ignores the whole private chat app landscape.
| ThinkBeat wrote:
| I am too cynical by far, but Signal being run by an ex-Googler is
| not at all reassuring me of its long-term commitments to security
| and privacy.
| nottorp wrote:
| To be cynical in another direction, if it wasn't run by an ex-
| Googler it would probably cost 1/3 of what it does now to run
| it :)
| mushufasa wrote:
| Every time I hear about Signal's donation notices I start
| thinking about ways they might generate revenue. I'm sure Signal
| staff have considered a ton of options already. Anyway,
|
| - can't do personalized ads or geo-specific ads, so doing generic
| ads wouldn't drive a ton of revenue anyways
|
| - can't require users payment because when payment (most forms,
| including bitcoin!) can be used to identify people
|
| - No real benefit to themed group chats (like discord nitro)
| since it doesn't focus on community groups
|
| I'd love for someone to figure this out, though, because a
| nonprofit structure for an app is not sustainable.
| olah_1 wrote:
| So charge everyone $2 per month to use it? _shrug_
|
| If you're not going to show how much money you get via donations,
| I'm not donating. I'm not going to donate more than you actually
| need, for example.
| bongripper wrote:
| Signal already has a very hard time competing against the
| network effects of WhatsApp and Telegram and getting people on
| the app, a fee would only increase that. But making it n$/year
| but with the option for an account withiot a phone number like
| other people are suggesting sounds nice, peace
| AnonHP wrote:
| > Signal already has a very hard time competing against the
| network effects of WhatsApp and Telegram
|
| May not be the best thread to say this in, but Signal isn't
| as good as Telegram and WhatsApp on features. People can be
| persuaded to switch, but may have different expectations than
| what Signal can satisfy.
| frivoal wrote:
| https://projects.propublica.org/nonprofits/organizations/824...
| lxgr wrote:
| Their competitors are free. Charging $2 would make Signal a
| non-alternative for many of their users, and due to how the
| network effect works, it would greatly reduce the utility for
| everybody willing to pay as well.
|
| And that's all without even considering the significant
| overhead of collecting low-value payments internationally.
| olah_1 wrote:
| If you have a sustainable business model, you don't _need_
| the network effects. Threema is fine with a smaller userbase
| because they have a business model that works.
| lxgr wrote:
| Yes, but Signal and Threema seem to have a pretty different
| mission.
| NoMoreNicksLeft wrote:
| I always wonder why no one ever mentions Session. Is there some
| defect in its tech, or is it just not a comparable product?
| RunSet wrote:
| It's an uphill battle. I asked to recommend Session on the
| privacy subreddit- which the moderators denied because Session
| lacks a well-documented endorsement from a public figure
| regarded as an authority with regard to privacy.
|
| That is a non-starter specifically in the context of vetting
| privacy-enabling software. Anyone got a list of privacy
| celebrities with enough spare time to vet reddit content?
| NoMoreNicksLeft wrote:
| It really comes down to that? Wow.
|
| Thanks for answering though, it really bugged me, and I
| couldn't find anything on it.
| RunSet wrote:
| If you ever have nothing better to do, view the revision
| history on the wikipedia entry for Session Private
| messenger and witness the petty roadblocks thrown up as
| objections to allowing it to have an entry.
|
| I'll just say Session had to meet a lot of criteria merely
| to _have_ a wikipedia entry that Signal 's entry did not
| meet at the time.
|
| To this day Session's hard-won wikipedia entry is saddled
| with a "limitations" entry best summarized as "Session is
| not Signal".
|
| https://en.wikipedia.org/wiki/Session_(software)
| collaborative wrote:
| FB only wanted whatsapp to preempt a potential competitor. They
| are happy to give the service for free (at a loss)
|
| There is no room for monetization because of FB. In other words,
| you can't compete with a monopoly, even if you are in a different
| business. They simply take all
| newscracker wrote:
| FB is getting and using some metadata from WhatsApp. FB also
| said it would be introducing ads in WhatsApp. While WhatsApp
| may not be raking in a lot of money, it's not a complete loss
| for Meta either.
| swaraj wrote:
| Love Signal over Telegram, Wickr, etc.
| Brian_K_White wrote:
| I am imagining a donate page in the app that incorporates this
| willingness to be public about the costs.
|
| It offers a way to configure a recurring donation for whatever
| amount and whatever schedule you want. $100/year for instance,
| but as you slide the slider or enter a number, it shows you if
| that number leaves Signal in deficit, covered, or surplus, if all
| other users who are currently paying anything paid this much.
|
| Instead of just trying to suggest an amount with no explaination
| of what it means, is $5 still leaving them starving? is $5 5x
| more generous than needed? You still get to use it for free. But
| if you are of a mind to be one of the ones chipping in to keep it
| alive, you see exactly what is the right amount.
|
| When 10k people are paying for 10m other people, that "covered"
| amount may be pretty high, apparently 5x what the average donater
| is currently paying. (article says it's 20% of total)
|
| But with that little bit of non-repulsive non-abusive game
| theory, just honest information but presented in an immediate
| way, a lot of those other 10m users would start to chip in, and
| the covered amount would come down. Some users will say, well, I
| can swallow 5x what I was paying, and others can just leave their
| donation level in the red. But I think a lot more people would go
| from 0 to a few bucks if they could see exactly what it means and
| know that it wasn't a waste.
|
| Maybe the donate function could even have a setting track the
| current covered value automatically so that your bill
| automatically comes down as other people start adding to the
| pool.
|
| Also have it display the 3% or more transaction fee overhead
| going to the debit card and other payment processors, to show
| right there graphically how much you're wasting by paying a small
| amount monthly vs a large amount yearly. Everyone always hides
| that but I say show it prominently.
| superseeplus wrote:
| While I would be willing to pay a fee to use Signal, most people
| won't and then Signal would turn into a deserted landscape full
| of privacy nerds who only talk with each other. On the other
| hand, being better at soliciting donations more often would be
| more helpful. I'm a regular Signal user and didn't even know I
| could donate.
| NotYourLawyer wrote:
| Just donated $100. I've gotten way more than $100 of value from
| them.
| bilal4hmed wrote:
| If your employer matches don't forget that ... Easy way to
| double your donation
| amluto wrote:
| I find this surprising:
|
| > As a small nonprofit organization, we cannot afford to purchase
| all of the physical computers that are necessary to support
| everyone who relies on Signal while also placing them in
| independent data centers around the world. Only a select few of
| the very largest companies globally are still capable of doing
| this.
|
| Signal may be "small," but they're spending plenty on this.
| Registration is expensive and hard to do without using one of the
| large expensive providers. But there's $7M for servers, storage
| and bandwidth. These are comparatively easy: servers and storage
| ( _especially_ for a service like this where availability for the
| substantial majority of the data is not terribly important) come
| in nice pre-manufactured boxes that can easily saturate 10Gbps
| and can store quite a few TB at very very high IOPS. [0]. And the
| forwarding model isn't very latency sensitive - several hundred
| ms for most users is _fine_ , and sending media via Signal is
| quite slow regardless. So having many points of presence doesn't
| seem terribly important. I bet that two small colocated
| facilities could cover all of North America quite nicely.
|
| Bandwidth costs outside the cloud world, at least in North
| America, are comically cheap compared to the major clouds.
|
| [0] A service like Signal ought to need relatively little
| processing compared to bandwidth and storage for the data plane.
| AWS and the like may not have a particular good match in their
| catalog for this use case.
| Maskawanian wrote:
| I would use Signal, but it ties to a mobile number, that is why I
| don't use it. Been using Element/Matrix instead. I'd consider
| switching if I could primarily use it on a Desktop decoupled from
| a mobile device.
| rob74 wrote:
| > _she wanted to call attention to how competitors pay these same
| expenses: either by profiting directly from monetizing users'
| data or, she argues, by locking users into networks that very
| often operate with that same corporate surveillance business
| model._
|
| There is also a third alternative: Threema
| (https://play.google.com/store/apps/details?id=ch.threema.app...)
| is a privacy-focused messenger app that tries to cover its costs
| by *gasp* asking for _money_ for the app! But of course those
| notoriously financially-conservative Swiss can 't hold a candle
| to Signal, who first decided to give away their app, same as
| those other messenger-making companies flush with cash, and then
| found out that supporting all those users who download your free
| app actually costs money...
| newscracker wrote:
| This was a nice, detailed read. At some point, Signal would have
| to move out of cloud providers at least for a few things to
| manage costs better.
|
| I was happy to note this about employee compensation since paying
| them well is a good thing apart from their personal motivation to
| work on this (even at a comparatively lower pay than in other
| companies/projects):
|
| > When benefits, HR services, taxes, recruiting, and salaries are
| included, this translates to around $19 million dollars per year.
|
| > We are proud to pay people well. Our goal is to compensate our
| staff at as close to industry wages as possible within the
| boundaries of a nonprofit organization.
|
| That said, I really dislike Signal for a few reasons. The first
| is what many people have already talked about very often --
| forcing to use a phone number to register. Since the SMS or call
| costs are quite high, Signal could adopt the iMessage approach to
| verification, which is having the user send an SMS to the service
| (this will cost the user some money depending on which country
| the SMS is sent to). This could be decided based on the country
| code so that the current SMS OTP model can coexist.
|
| Signal is obstinately user unfriendly on a few aspects on user
| experience, more so on iOS/iPadOS. Firstly, it refuses to provide
| a data backup mechanism for iOS/iPadOS. If someone loses their
| devices, there is no way to restore older messages. Even setting
| up a new device requires the old device to be in physical
| proximity to transfer the data. Signal does integrate with
| CallKit (to act like a phone app) and with Apple's notification
| services, but refuses to allow the user to backup the data with a
| password to encrypt it.
|
| Secondly, I found this paragraph in this post to be disingenuous:
|
| _> Such practices are often accompanied by "growth hacking" and
| engagement maximization techniques that leverage dark patterns to
| keep people glued to feeds and notifications. While Signal is
| also free to use, we reject this kind of manipulation, focusing
| instead on creating a straightforward interpersonal
| communications app. We also reject business models that
| incentivize such practices._
|
| Signal on iOS/iPadOS wants the user to enable notifications and
| to share contacts. If notifications are disallowed and if
| contacts upload is disallowed, it will pester every few days
| about it. One might think this is a silly mistake that Signal
| isn't aware of. But it was reported some years ago and Signal
| responded that it will not fix it because it believes this is the
| only way. [1] Not even an option where this is a toggle for those
| who want no notifications or don't want to share contacts (Signal
| does have a toggle for contact joining notifications).
|
| Signal is also not that reliable in delivering messages in a
| timely manner compared to other apps (the GitHub repo has many
| repetitive issues on this topic over all these years).
|
| Finally, since Signal has poorer UX in general, which isn't an
| easy or cheap thing to handle, I use it only with less than a
| handful of people who I know and who use it.
|
| I'd donate occasionally so that Signal can continue to exist, but
| I don't feel like supporting it every month with all these
| issues, some of which look like Signal ignoring the user and UX
| issues completely.
|
| Edit: Removed some hard words.
|
| [1]: https://github.com/signalapp/Signal-
| iOS/issues/4590#issue-72...
| Y-bar wrote:
| > Firstly, it refuses to provide a data backup mechanism for
| iOS/iPadOS. If someone loses their devices, there is no way to
| restore older messages.
|
| This is not the only case where Signal has decided that users
| should not be in control of their own data. For example an
| Apple Store or authorised repair shop may need to reset the
| phone, or an OS upgrade goes badly and needs a restore will
| also lead to data loss even if there is a full local encrypted
| backup made.
|
| It is really orthogonal to the much of what Signal claims to
| stand for them to so boneheadedly insist that users should not
| be allowed to own and control their own data.
| m3kw9 wrote:
| They could use a free plus subscription model for really pro
| features, like "extra privacy", "faster sending speed", "create
| bigger group rooms", these are bad features but you get it
| YeBanKo wrote:
| As soon as there is "extra privacy" for a premium, I would
| ditch Signal immediately. It's either provate and secure or
| it's not. Certain things cannot be half measured.
| eviks wrote:
| Or the extra privacy could be the current misfeature where
| you can't properly sync messages across devices. No reason to
| ditch over that?
| BlueTemplar wrote:
| Not having to rely on a phone number would be extra privacy.
|
| They are stuck with SMS though _because_ it 's a costly...
| signal that prevents spam.
|
| (Sounds like an opportunity ??)
|
| But then this might solve the funding issue for them, but
| being tied to most payment systems would only somewhat
| improve the situation for the users.
|
| I understand now why they dabbled with cryptocurrencies
| (Monero having proved that these can be anonymous short of
| having NSA levels of computing power ?). I haven't been
| keeping up, how did that work out ?
| nottorp wrote:
| Ok, have they decoupled my identity from my phone number yet?
|
| I mean, to donate to them I'd have to use it. I don't need
| another WhatsApp.
| contact9879 wrote:
| almost, usernames and phone number privacy are in testing now
| AnonHP wrote:
| That's only phone number privacy from other users.
| Registration would still require a phone number, which is
| what GP seems to be unhappy about.
| nottorp wrote:
| I don't see the point of all that encryption when the ends
| of a conversation are tied to publicly available info like
| a phone number.
|
| Do you think $SECRET_POLICE will care that they can't
| decrypt my messages when they know I have exchanged said
| messages with a known dissident's phone number?
|
| $SECRET_POLICE doesn't do innocent until proven guilty.
| contact9879 wrote:
| Signal's design for usernames and phone number privacy
| means they won't know
|
| Also, dissidents aren't the only (and definitely not the
| primary) intended users for Signal
| akprasad wrote:
| I just donated $10 to Signal. Here's how to do so on iPhone in
| less than a minute:
|
| 1. Open Signal and click on your user icon in the upper left.
|
| 2. Go to "Settings" --> "Donate to Signal".
|
| 3. Click "Donate", select your donation options, and pay with
| Apple Pay.
| olejorgenb wrote:
| Does this entail a 30% cut to Apple/Google?
| bilal4hmed wrote:
| https://support.signal.org/hc/en-
| us/articles/360031949872-Do...
|
| Easy google , but no it doesn't
| aendruk wrote:
| #cut
| smolyeet wrote:
| Does it matter. 70% of something is better than 100% of
| nothing.
| mplanchard wrote:
| I've got a recurring donation of $5/mo I set up ages ago
| Melting_Harps wrote:
| > I've got a recurring donation of $5/mo I set up ages ago
|
| Thanks for that, I did a one off 300 euro donation back in
| '21 during the bubble market; Meredith has been doing the
| rounds [0] and she hits on lots of good points, and even went
| to the UK over their now failed bill during the Summer.
|
| 0: https://www.youtube.com/watch?v=ykfABSBeAVo
| niuzeta wrote:
| Me too! Set it up once and forget. I love their work and
| Unlike any other charity/nonprofit that I've donated to, they
| never bother me any further.
| godelski wrote:
| Also a reminder, your work might have a donation matching
| system. All the major tech companies do, so you can really
| boost your effect.
| nurple wrote:
| I guess maybe I'm missing the purported point of signal,
| attaching your phone number to use it notwithstanding, but
| attaching payment identity to it as well? Like, what's the
| point of going through the pain required to use it?
| Krasnol wrote:
| Signal is not for anonymity.
|
| It's for security.
| hutzlibu wrote:
| It is not meant as a anonymous messager, but an encrypted
| one, you can trust to not sell you out.
| chimeracoder wrote:
| > I guess maybe I'm missing the purported point of signal,
| attaching your phone number to use it notwithstanding, but
| attaching payment identity to it as well? Like, what's the
| point of going through the pain required to use it?
|
| Your payment info is not connected to your account.
|
| https://support.signal.org/hc/en-
| us/articles/360031949872-Do...
| nerdbert wrote:
| Most people using Signal - and particularly most people
| likely to donate - are not using it to hide their identities,
| but to decrease the chance of unknown parties reading their
| conversations. My Signal account has my full name on it, and
| checking my top contacts, most of them do too (some only have
| their first name).
| hgomersall wrote:
| There doesn't seem to be a way to pay annually, which I'd
| prefer to a monthly payment. PS5/month is just a little high,
| but I'd merrily pay half that or PS30/year.
| qwerpy wrote:
| I had an old Apple Store & iTunes gift card laying around so I
| redeemed it and attempted to use it to donate via Apple Pay,
| but get "Apple Account - Not enabled for in app payments".
| Google isn't very helpful about exactly why. Am I missing some
| KYC somewhere or are payments of this type prohibited from
| "Apple Account" balances?
| denysvitali wrote:
| So you donated to Apple too in the process?
| Vicinity9635 wrote:
| Thanks, I just setup a $5 a month donation.
|
| Love what signal's doing for the world.
| marssaxman wrote:
| Thanks for the suggestion; I just signed up for the $5/month
| plan. I have been using Signal for years, but never considered
| donating anything before.
| YeBanKo wrote:
| Nothing seems out of the ordinary in terms of costs. But there
| some features that would be pertinent to their core mission of
| providing a secure messenger, and stories and payments aren't
| some of those. Stories button takes up half of the bottom
| navigation bar, I have not seen anyone using that feature. Their
| non-product approach is what prevents men from becoming a
| recurring donors. They are finally testing a build with
| usernames, but it has been long over due.
| dang wrote:
| Related: https://www.wired.com/story/signal-operating-costs/
|
| (via https://news.ycombinator.com/item?id=38291490, but we merged
| the comments hither)
| ilaksh wrote:
| I donated $5.
| mortallywounded wrote:
| I don't understand how storage can cost a million dollars when
| they don't store anything. Even if messages are queued, how do
| you get millions of dollars in queued storage? It's hard for me
| to imagine... even if you receive and send trillions of messages
| I don't think you would end up storing much at all.
|
| As for registration fees, it sounds like they should use
| authenticator instead of SMS... and stop requiring a phone number
| to sign up. That is why I left Signal (went with Matrix). I don't
| see why _anyone_ would want to tie their Signal to a phone. If
| you value privacy, why would you do that?
|
| Servers cost seems excessive as well. I don't believe you need
| that many servers, even if you served a boat load of requests.
|
| As for bandwidth.. okay, that may be the case. I am not sure how
| you can get that cost down.
| AnonHP wrote:
| > Even if messages are queued, how do you get millions of
| dollars in queued storage? It's hard for me to imagine...
|
| The details are there in this post, but I can offer a few
| guesses. Users may be using multiple devices. And the service
| has to deliver to all the linked devices before ejecting the
| message from its storage. The time limit for storing and
| waiting for linked devices to come online is about a month.
| With tens of millions of users, this could add up.
| mortallywounded wrote:
| Even if every user had dozens of queued up messages, I don't
| think it equals millions in storage costs. Maybe I'm naive,
| but I have a storage/database/queue with billions of records
| and it costs <$700/month.
|
| _shrugs_
| charles_f wrote:
| You have to appreciate the complete transparency, gently nudging
| towards giving without ever begging for it.
|
| Refreshing compared to the alternative that Wikipedia is showing,
| with the tantrum-like emails we receive from their CEO like "LAST
| REMINDER" or "We've had enough" ; which they ironically send to
| people who gave.
| GabeIsko wrote:
| Those are just non-profit fundraiser consulting tactics. Don't
| take them personally, just ignore them. The reason they exist
| is that Wikipedia has too much money, so they spend some on
| consultants who say they can raise more. It's weird, but that's
| how the world works.
|
| I would much prefer the Wikipedia endowment model of non-profit
| orgs. They have a standard operating procedure with a
| predictable budget, and endowment that let's them run
| indefinitely, and we just have to suffer through pledge drives.
| I just block them with ublock filters. I gave them 6 dollars
| back in 2012, and according to their marketing that is enough
| for life.
| wpietri wrote:
| > Don't take them personally
|
| No. They are meant to manipulate me personally, as well as
| other persons I care about. I will take them personally.
|
| More broadly, I don't have to excuse bad behavior just
| because somebody's making money off it or because it makes
| some too-narrow metric go up. Yes, it's a complex and
| imperfect world. But to me that's a reason to work harder to
| make things better, not a reason for people to say, "fuck it"
| and make the world worse.
| charles_f wrote:
| > They are meant to manipulate me personally, as well as
| other persons I care about. I will take them personally.
|
| This, absolutely! they play on people's psyche and mental
| cabling by trying to guilt you in the same way your parent
| would ; it's manipulative, and I have an absolute hatred
| for these tactics.
| dheera wrote:
| I'm good at detecting manipulation now, and the more
| someone _tries_ to manipulate me the less I will give in.
|
| I just put my money toward people who don't do that crap,
| and I want the manipulators to see that I'm giving money
| to their non-manipulating competitors.
| GabeIsko wrote:
| I'm not saying they are not wrong - it's unfortunate that
| there is a second hand market for fundraising consulting.
| It doesn't accomplish anything productive, yet here we are.
| The key point is to understand that this is caused by
| Wikipedia having too much funding, not too little. As
| internet denizens, we can be proud that an open source
| store of knowledge has money to blow on wasteful
| consulting, and then proceed to create our ublock filters
| worry free.
|
| This is different than what is currently going on with
| venture backed services like reddit and youtube. I would
| argue that we should block ads there too, but there it is
| an arms race where we have to consider ways to protect
| ourselves from encroaching privacy violations. It's much
| ruder, and that is something we should actually be mad at.
| JohnFen wrote:
| > Those are just non-profit fundraiser consulting tactics.
| Don't take them personally, just ignore them.
|
| I don't take them personally, of course, but they do
| encourage me to avoid forking over any money.
| tivert wrote:
| > Those are just non-profit fundraiser consulting tactics.
| Don't take them personally, just ignore them. The reason they
| exist is that Wikipedia has too much money, so they spend
| some on consultants who say they can raise more. It's weird,
| but that's how the world works.
|
| It's still shitty, even if it's a shitty "standard practice"
| and not a shitty thing being done to me particularly.
|
| Honestly, it seems like Wikipedia's goodwill is seen as an
| exploitable resource, that people in Wikimedia are using to
| do other, unnecessary things (probably building little
| personal fiefdoms).
|
| Sort of like Mozilla, actually. IIRC, they literally won't
| let you give them money to fund Firefox development, and any
| donations you give them go fiefdoms almost certainty entirely
| unrelated to why you gave them money.
| halyconWays wrote:
| Wikipedia is particularly insulting because they make enough
| money to cover the actual costs of running Wikipedia (the site)
| in days if not hours, and could operate for years without any
| additional donations:
| https://news.ycombinator.com/item?id=32840097
| mhh__ wrote:
| Is that including staff + trying to do new stuff or just the
| servers.
| _Algernon_ wrote:
| Why should Wikipedia do new stuff? Or rather, why is it
| okay for Wikipedia to _lie_ to people to get funding for
| their new pet projects?
| qingcharles wrote:
| Some of those new projects are directly applicable to
| potentially improving Wikipedia. Some.
| wpietri wrote:
| > Why should Wikipedia do new stuff?
|
| Because it's not perfect yet?
|
| The point of Wikipedia is not to have some servers
| ticking over. The project has a vision: "Imagine a world
| in which every single human being can freely share in the
| sum of all knowledge."
|
| I agree it's not ok for them to lie, and am bothered
| enough by their dubious fundraising tactics that I
| stopped donating. But that's a totally separate concern
| than whether Wikipedia's mission is complete.
| starttoaster wrote:
| What is the mission for Wikipedia beyond doing what they
| already do, which is just hosting the largest internet
| encyclopedia? Purely curious because I thought Wikipedia
| was pretty much at its end game for what it wants to
| accomplish that is the job of the organization rather
| than the job of all of its volunteers.
| karaterobot wrote:
| It includes staff, but not new stuff. The new stuff seems
| to be mostly things not directly related to Wikipedia, like
| funding third-party projects or causes. I'm trying to be
| politic here: many people don't like the projects they are
| funding with donation money, and others just don't like
| that they give money to any projects, and other people
| don't like that they keep the banner up after they've paid
| for salaries and keeping the lights on.
| JohnFen wrote:
| And others, like me, resent any hard-sell tactic and
| won't give money to anybody using them.
| MrDresden wrote:
| Is it personally insulting to you that a completely free high
| quality services sometimes ask if you want to donate what
| ever small amount you'd like?
|
| You'll be proper mad when you realize how much money that
| other company, whom you regularly pay for access to their
| services, has in the bank.
| vander_elst wrote:
| 19M for ~50 people is quite a good compensation
| nwellinghoff wrote:
| Wish they provided some numbers of actual messages, type etc. per
| day. Seems like a good game plan would be.
|
| 1) Get off the major cloud providers that charge insane egress
| fees. 2) Remove SMS verification. A simple solution might be the
| app gives you a code and then you dial in to them and punch in
| the code to them. Like a reverse voice based authentication. 3)
| Remove voice and video calling for non donating users. 3) Remove
| media texting until both users allow a p2p connection. 4) Remove
| no contact list message hosting for non donating users.
|
| Lot of unpleasant trade offs there. But I would rank having a
| text based private messaging app as the top feature. Everything
| else is a "very" nice to have. I applaud what they are doing and
| the sacrifices that have been made so far.
| rando_person_1 wrote:
| does the dial-in suggestion work? Seems like spoofing phone
| numbers is trivial, while spoofing numbers for inbound SMS is
| harder.
| jpollock wrote:
| About the SMS verification, it depends on the goal. If the goal
| is to verify a phone number, you can't trust the _sender's_
| address in the phone network.
|
| So, you can't trust the address in the "From" on an SMS or the
| "From" of a phone call.
|
| That means a voice call to Signal would not work to validate
| phone numbers.
| nwellinghoff wrote:
| Good point, I guess we are proving why the resorted to using
| numbers in the first place. Unless you have a verification
| point that includes a "charge". Indirect or direct, your
| platform gets flooded with spam/bots. Does anyone have ideas
| of how this problem can be solved while also preserving
| privacy?
|
| Problem: A system that enforces a monetary penalty to prevent
| sign up abuse while also not tying a users identity to said
| system.
|
| Without doing some pain in the a crypto stuff it seems like
| there are no easy solutions other than the #
| forgotusername6 wrote:
| You can charge for SMS. You send a message to signal, charged
| at an amount to cover the return message which contains a code.
| hnlmorg wrote:
| > Get off the major cloud providers that charge insane egress
| fees
|
| At on demand prices, yeah. But companies of sufficient demand
| can enter into volume discount programmes.
| jahabrewer wrote:
| > Get off the major cloud providers that charge insane egress
| fees.
|
| And run their own DCs? Cool, they'll just need a lot of upfront
| capital aaaaaand they're back in the "need money" boat. Except
| more so.
| heavyset_go wrote:
| There's a ton of options between paying premium cloud prices
| on egress and running your own data centers.
| GuB-42 wrote:
| Removing essential features like voice/video calling for non-
| paying users would be a terrible choice IMHO. This is a
| communication app, which means it is only useful if others use
| it too.
|
| And how are you going to convince others to pay for Signal when
| there are many free alternatives, including WhatsApp, which
| most people already have and while not as privacy focused as
| Signal, does have end-to-end encryption. If Signal makes people
| pay for voice calls, they will simply use WhatsApp, regular
| phone calls, or whatever is free and popular at the moment.
|
| The success of Signal came from being very low friction,
| privacy is the "nice to have" feature, at least for most users.
| But add friction and they will look elsewhere, Signal is not
| WhatsApp, it doesn't have enough of a critical mass to keep
| users on its network.
|
| All that will remain will be a small core of cypherpunks and
| people who _really_ have something to hide. This is bad because
| one strength of Signal is that it is a mainstream app, making
| it hard to single out "interesting" people compared to those
| who just use it because their geek friend told them to and they
| like the shade of blue.
| nwellinghoff wrote:
| Valid but if there is no model that is sustainable then who
| cares if its successful? Some trade offs will have to be
| made. How can they keep going if the vast majority of people
| don't pay? They don't have the model of "ok we are going to
| flip and monetize after we get to X mass". Its like a growth
| startup but with no end game plan.
| GuB-42 wrote:
| Call to donations, ads, pre-mined cryptocurrencies, selling
| cosmetics, premium features no free service offers,
| partnering with other organizations, etc...
|
| They already do some of these, and some are less popular
| than others, but the key is to keep the essential features
| free and easy.
|
| On Discord for instance, a free account is enough to cover
| all of most people needs, but you get a little extra by
| paying a subscription, and it is enough for Discord to be
| worth billions. Maybe not the perfect example since Discord
| has a critical mass, but no one wants to leave just because
| they don't have premium features (larger uploads, higher
| resolution streaming, flashy emoji) for free.
|
| For Signal, it seems like just calling for donations is
| enough. They have a good image, so they can do that. It can
| actually be a solid business plan, look at Wikipedia, they
| get more than $100M a year doing that despite the
| controversy.
| dpc_01234 wrote:
| Signal should be able to bring in some revenue other than
| donations. Premium features that don't compromise the privacy?
| Premium stickers? Extended emojis only if one paid $1 etc.?
| vlovich123 wrote:
| I feel like investing in p2p approaches and having people donate
| spare server capacity might be better. For example, relay calling
| was p2p in the original Skype and worked well. Apple private
| relay is a similar concept whereby there are two intermediaries
| to make things private. It gets trickier since in mobile land you
| can't run servers really, but I feel like the Signal population
| has enough spare capacity to offload bandwidth and stuff and
| could be an easier sell than "please give us money".
|
| For the sms verification, I feel like forcing the requester to do
| some bitcoin mining for you could potentially pay for itself.
| siliconc0w wrote:
| Can they require users to send them a SMS instead for
| verification or that more easily spoofed?
| greyface- wrote:
| An entirely peer-to-peer instant messaging network, which doesn't
| rely on a central authority, is technically possible. A $50M/yr
| burn rate to implement that authority as an act of charity is
| simply unsustainable. Why do we insist on continuing down this
| path?
|
| Attempts to decentralize or federate Signal are met with
| hostility. The Signal Foundation tells us that this is the only
| possible way; "the ecosystem is moving", and we must exist in
| competition with commercial offerings, rather than build
| something small, sustainable, and decentralized. This is great,
| until the AWS bill is due.
| contact9879 wrote:
| Because peer-to-peer messaging is not a solved issue. People
| want asynchronous conversations and not have to expose their
| location to everyone they talk to.
|
| There are other platforms that are working on federated e2ee
| services (it's not easy. matrix was completely broken a year
| ago).
| greyface- wrote:
| I'm not suggesting that it's a solved problem, but it's a
| solvable problem, and the Signal Foundation should be using
| its (significant) resources to solve it, rather than slowly
| bleeding them out to AWS, GCP, Azure, and Twilio.
| Unfortunately, solving that problem also significantly
| reduces the scope of the Foundation, so there's little
| incentive.
| melbourne_mat wrote:
| Total salary bill: $20m. 50 staff so average salary: $400k. I'd
| be happy with $200k USD - that's more than I get paid in my
| country at current exchange rates.
| cfn wrote:
| Probably includes taxes, social security, health insurance, etc
| nonameiguess wrote:
| I've actually posted Signal's tax return before, but a great
| thing about US nonprofits is the tax return is publicly
| available from the IRS website:
| https://apps.irs.gov/pub/epostcard/cor/824506840_202012_990_...
|
| The last one available is from 2020, though. They tend to lag a
| few years behind. They're required to report key employees plus
| top-five compensated who aren't "key." Brian Acton and Meredith
| Whittaker both earn no salary at all. Their COO got $290 in
| 2020. Moxie Marlinspike and their top five developers/managers
| were all in the 400-600 range.
|
| I'm sure they pay well (don't have much choice if you're going
| to be based in San Francisco), but I highly doubt 400 is an
| average salary. The expense being reported is total cost of
| employment, which includes FICA taxes paid by the employer,
| 401k matches, and probably most notably healthcare, but all
| benefits and in-kind compensation.
| hiatus wrote:
| > The expense being reported is total cost of employment,
| which includes FICA taxes paid by the employer, 401k matches,
| and probably most notably healthcare, but all benefits and
| in-kind compensation.
|
| This is incorrect, reportable compensation on a 990 is the
| amount in box 5 of the employee's W-2, which does not include
| health insurance, taxes, etc.
|
| https://www.irs.gov/charities-non-profits/exempt-
| organizatio...
| wolverine876 wrote:
| It's amazing what they produce with their headcount:
|
| _First, we have three distinct client teams, one for each
| platform (Android, Desktop, and iOS). These teams are constantly
| working: adjusting to operating system updates, building new
| features, and making sure the app works on a wide variety of
| devices and hardware configurations. We also have dedicated
| engineering teams that handle the development and maintenance of
| the Signal Server and all of its infrastructure, our calling
| libraries like RingRTC, and core libraries like libsignal. These
| also need constant development and monitoring._
|
| _Product and design teams help shape the future of the app and
| determine how it will look and function, while our localization
| team coordinates translation efforts across more than sixty
| languages. We even have a full-time, in-house support group that
| interfaces with people who use Signal and provides detailed
| technical feedback and real-time troubleshooting information to
| every other team. This is an essential function, particularly at
| Signal, because we don't collect analytics or telemetry data
| about how people are using Signal._
|
| --------
|
| How many people does it take to perform all that?
|
| _In total, around 50 full-time employees currently work on
| Signal ..._
|
| !
| rglullis wrote:
| Does anyone else think that this strategy of growing the userbase
| with a "free" product and then start panhandling for donations is
| outright dishonest?
|
| There are tons of smaller XMPP or Matrix providers that didn't
| get access to millions in funding from these big corporations
| like Signal did. Who have to run a business in a way that
| requires paying customers from the start. But now that cash is
| tight (and _after_ they built a sizable user base) and they can
| no longer just outspend the competition, suddenly they remind you
| of TANSTAAFL and are asking you to cough up the cash.
|
| It is the same shitty playbook used by VC-funded companies,
| except that is now dressed as some virtuous thing of "looked at
| how much it cost to build all this..." It makes some emotional
| appeal but it tries to hide from the audience that these costs
| are solely due to them insisting on controlling everything.
|
| If it is so expensive to run Signal, then _open it up_ to let
| other people run their own servers instead of trying to control
| everything. Don 't give me this bullshit of "we are a non-profit
| but we are in the same lane of big tech corporations". You are
| there because it served you. You can not have it both ways.
| discard124 wrote:
| > open it up to let other people run their own servers instead
| of trying to control everything.
|
| If you know of a good open architecture that solves the
| problems of spam and impersonation while maintaining the
| convenience and ease of use necessary for mass adoption, please
| share it.
| rglullis wrote:
| I could get my parents who are nearing their 70s to use
| Element (Matrix) and it took them less than 10 minutes, even
| with me asking them to register to a non-default homeserver.
|
| Screw "convenience". It's a poison pill. "Convenience" should
| never be put above "resilience" (not to mention "freedom") in
| a value scale. The American obsession with "convenience" is
| turning us all into cattle and it's getting harder and harder
| to get the rest of society to function without being
| controlled by some corporate overlord.
| discard124 wrote:
| With all due respect, it seems that you have conceded that
| a convenient, spam free, open option not only doesn't exist
| in practice, but can't in principle.
|
| That's more than even I believe. I just think nobody in the
| OSS space has put the work in to figure it out yet.
|
| > I could get my parents who are nearing their 70s to use
| Element (Matrix) and it took them less than 10 minutes,
| even with me asking them to register to a non-default
| homeserver.
|
| Well in that case Element would be the solution we're
| looking for, except that not everyone's parents have
| someone like you to help them.
|
| And as for the desire for convenience, it's hard to imagine
| you seriously believe that only Americans value convenience
| over resilience. If that were true, the rest of the world
| would be using Element rather than WhatsApp.
|
| Simply railing against people's needs doesn't change them.
| wolverine876 wrote:
| Support for Signal development supports all privacy-oriented
| software and systems, because Signal is open source.
|
| The Signal Protocol already is an industry standard. What other
| Signal development - either the components, the code, or the
| concepts - are used by others?
| contact9879 wrote:
| The only issue I'm aware of is that _The Signal Protocol_ is
| only really defined in Signal 's GPL'd code. So it's almost
| impossible to write a clean room implementation (e.g. Wire
| tried and ultimately failed. they ended up also GPL-ing their
| library).
| wolverine876 wrote:
| It's used by many major services, such as WhatsApp. How could
| it be that hard to define and implement?
| xor25519 wrote:
| Given the few fees, what about charging/giving the option to pay
| $1/year? Whatsapp had this in practice before they got acquired.
| tamimio wrote:
| >Privacy
|
| That's a very bold statement from an app that still requires a
| phone number using a broken protocol (gsm) to "verify" your
| identity and authenticate it, sim swap attacks can be carried out
| by kids these days. Also, don't expect privacy when you are using
| a proprietary OS like iOS or one full of Google services that
| also have proprietary firmware drivers, they (the adversaries)
| don't need to even decrypt these "privacy apps" when it's easier
| to access the backdoor-ed OS or hardware, but enjoy the illusion
| in the meantime.
| contact9879 wrote:
| I'm always intrigued by people that have this POV. Security and
| privacy are not binary for fucks sake. Improvement on the
| status quo is great and Signal improves a hell of a lot.
|
| Not to mention that half of your comment is non-issues.
| dingnuts wrote:
| there's a big social cost to trying to get others to use
| Signal, and it's not worth it if the advertised features
| don't work as advertised..
|
| that said I stopped using Signal years ago because of basic
| deliverability being less reliable than SMS.. I switched back
| to SMS so I could communicate reliably with a loved one
| during an emergency when Signal randomly stopped letting me
| respond to messages, and I won't pay the social cost twice of
| trying to convince contacts to use it after having to abandon
| the service when I really needed it.
|
| Actually between Element and Signal and the differences
| between their usability as advertised versus the reality of
| using them with non-technical users, I've used up all of my
| social capital for convincing people to use "better" networks
| and mostly just use SMS/RCS now.
| contact9879 wrote:
| I understand that. Signal has put in a lot of work since I
| started using it fulltime and is much more reliable now
| than it was just 2-4 years ago. The only time I've had
| issues now is when I'm backpacking in areas with spotty
| connection. SMS delivers quicker and is more reliable.
| tamimio wrote:
| Right, so instead of 20 entities tracking you for example now
| you 18.. the false sense of privacy is far more dangerous
| than knowing your messages are not private (Like when Tucker
| Carlson used Signal thinking it was private to find later all
| his messages were not, regardless if it was a bugged app or
| an OS, the false sense of privacy is worse, he probably won't
| texted those on iMessage for example). Same argument you can
| see with "vpn is private and we keep no logs because you can
| trust us!" plus it can be defeated with browser
| fingerprinting, or paying a hefty price for this "top private
| email" provider when the recipient doesn't even use any
| privacy settings or anything let alone email as a protocol is
| not meant to be private, it's all a business model, and the
| gullible buys it, you "have" to trust that Signal server is
| not backdoor-ed in real time, and as the old rule in
| security, if you can access the physical hardware you can in
| theory access anything in there, you don't know the hardware
| is used there, is there any memory injection exploit that get
| activated after the so called audits? You can't know, you
| have to trust that.
| contact9879 wrote:
| I'm honestly interested in what your solution for private
| communication is that will also get mass adoption among
| hundreds of millions of users. (And it's definitely not
| running your own XMPP server and getting everyone to switch
| to Linux phones).
| jzb wrote:
| I'll probably donate, but I find it annoying that Signal only
| offers Linux packages for Debian-based distros. I've had
| headaches with the Flatpak. I would think that the Linux desktop
| audience - while not huge - would be the most interested in
| Signal. That is, might not be a lot of Linux users but
| percentage-wise I'd bet more Linux users are interested in Signal
| than macOS or Windows users.
|
| Even an AppImage would be lovely.
| NoGravitas wrote:
| The Flatpak works fine for me on Fedora, though of course it's
| an Electron app, and it periodically has to be re-connected if
| I don't use it much.
| fourstepper wrote:
| Seconded, the Flatpak is the way to go.
| zucker42 wrote:
| Signal Desktop is available in the Arch repositories.
| https://archlinux.org/packages/extra/x86_64/signal-desktop/
| jzb wrote:
| That would be very helpful... if I ran Arch.
| NorwegianDude wrote:
| Paying over 100 USD per 1 TB of data transfer is just stupidly
| expensive. That's insane pricing...
| godelski wrote:
| Just a reminder, many of the places you work will match your
| donations.
|
| Edit: Not sure why people downvoted this. Boss, is that you? I'm
| increasing my donation.
| Funes- wrote:
| P2P alternatives are less convenient (always on to deal with
| notifications, adding contacts typically requires extra steps,
| etcetera), but the difference in costs is abysmal. In any case,
| it's been years since I've tried to make my social circles move
| to any of those platforms (Briar, for example). It's a losing
| battle.
| sneak wrote:
| It's somewhat puzzling that Signal doesn't let me donate with
| Mobilecoin.
| daedalus_j wrote:
| Tells you how much faith they have in that "feature".... I'd
| love to see some usage numbers on it, and perhaps removal of it
| when it turns out the usage is near zero... (Or maybe I'm
| totally wrong, which would be interesting too!)
| sneak wrote:
| If they remove it, it would render several hundred dollars I
| have in that wallet inaccessible without extra work on my
| part.
|
| Usage numbers are not possible because Signal doesn't include
| spyware in the app. There is no indication which transactions
| on chain came from the Signal app or any other app.
| rvba wrote:
| I always wonder what is the level of safety of Signal fron state
| level actors. Signal uses telephone numbers as user IDs + sends
| those verification SMS. Also 50 employees? So how many are
| monitoring the infaratructure 24/7 (on a side note, a project
| with 50 employees is probably still better than those with
| thousands - what do those people even do).
|
| If the data leaks somehow, telephone number as ID sounds very
| bad.
| coyotespike wrote:
| This was the nudge I needed - super easy to donate $5 a month via
| the app using Apple Pay.
| james_pm wrote:
| Same. I'd donated here and there in the past, but I easily get
| $7CAD/month of usage and would be sad if it didn't exist.
| mikece wrote:
| If Signal drops the requirement to have a phone number I'll
| support them with money. If they allow me to change the name of a
| contact to what makes sense to me, I'll donate again. Follow the
| example of Session on this!
| conductr wrote:
| I'm seeing all the comments about the $6m Twilio expense, but
| nothing commenting on how their cost per employee is $380,000
| totaling $19m. I think they could optimize this easier if the
| will was there. I know HN is very SV/tech centric, and that
| number makes sense there given the run up of VC money, etc. but
| I'm willing to bet they could source talent from cheaper places
| and slash this in half; if they wanted to. Just an observation,
| not my place to tell anyone how to run their business, but for a
| nonprofit that is trying to drum up donations to fund their
| operations, I'd think they would want to be leaner.
| websap wrote:
| If you want to hire the best talent - engineering and ethics,
| you need to pay top dollar. 380k is senior engineer comp at
| most FAANG adjacent companies. It's not a lot.
| conductr wrote:
| This is SV tech logic that I mentioned. I'm just not usually
| of the opinion it's necessary. There's a lot of talent around
| the world. And I'd guess only a few really "top talent" folks
| are needed to build the unusual problems/cryptographic parts
| of their app. A lot of it could likely be build by an average
| dev with some oversight.
|
| I say this as a person that regularly and successfully hires
| devs from low COL areas. I know the common pitfalls of it and
| know it's completely possible to manage and get high quality
| outcomes. It requires a management approach that's slightly
| different than having 100% top tier talent from high COL
| areas but it's possible all the same.
| wg0 wrote:
| Craftsmen's compensation is a non negotiable matter IMHO.
|
| It's not someone's fault if they happen to live in a particular
| economic climate.
|
| The real root cause isn't the engineering or infrastructure
| cost.
|
| It is about people paying their fair share myself included.
| 0xjmp wrote:
| This idea that an equivalent level of talent to SV is readily
| available in Indiana or Costa Rica for cheaper pay is deeply
| flawed.
| pzo wrote:
| OP didn't mentioned to slash salaries just by half not by
| 75%. Most IT people in western countries in Europe are not
| making even 200k per year. Even in London is hard to get 120k
| unless you maybe working as a contractor.
|
| A lot of those SV talents are not american but migrated from
| europe or elsewhere - there are still talented people in EU
| who just simply don't want to move to USA these days even if
| salaries are at least 2x. You wouldn't have a problem finding
| real talent in eastern europe for 150k.
| bzbz wrote:
| This number includes taxes, benefits, etc, not just raw salary.
|
| Notably Signal employees do not get equity, so the salary must
| be higher to remain competitive.
|
| Signal is probably the hardest class of product to build. Name
| an optimization/distributed systems problem, they probably have
| it. And quite literally, a Signal bug could jeopardize an
| activist/journalist's life.
|
| So for a <$200k salary and no equity, how many world-class
| engineers do you think you could hire?
|
| I simply wouldn't trust the product, if it had mediocre
| engineers.
| benreesman wrote:
| It grinds my gears when people on a hacker forum lobby for
| hackers to make less.
|
| When it's people who are running a worldwide communications
| network on the cheap without getting hacked all the time?
| Absolute pros.
|
| I don't downvote, let alone flag, but I hate this comment.
| mlboss wrote:
| Think from the perspective of the non profit. $19m/year is a
| lot of money to raise year after year from donations.
|
| What's the game plan if the donations stops coming in ?
| melbourne_mat wrote:
| Silicon Valley is not the only place to find engineers who
| know what they're doing. Some of us want to stay in our home
| country and/or don't want to jump through the hoops that
| American tech companies demand.
| conductr wrote:
| Well I don't get paid to hack, it's a hobby and sometimes I'm
| and entrepreneur so I don't have the same bias as thinking
| all devs should be making $500k+. I actually think of cost
| controls and how to build more with less, so kind of polar
| opposite motives.
|
| Cheap is also a relative concept. I have a guy on full time
| that I pay $1500 a month. It's more than twice than he's ever
| made in his life and he's an excellent dev. If I needed to, I
| could find 50 more like him. Sure if I was FAANG scale trying
| to hire 30,000 of these people it might get tough. But, I
| could probably create an entire training program and just
| apprentice people for less than they paid new grads out of
| 2-4 schools they normally hire from.
| drapado wrote:
| Are you the same kind of people that think that NGO workers
| should work for free or for a small wage that is not
| representative of the market wage for their positions?
| conductr wrote:
| No, I'm the type of person who thinks tech salaries are
| bloated in certain areas and certain companies and that does
| not follow the distribution of talent. It's followed the
| distribution of VC money and profits of large companies. The
| evidence of such is that the median software engineer in the
| US is in the low-mid $100s (depending on what source I want
| to believe it's $110k-$140k). But I also believe that same
| talent can be sourced outside the US is many cases and for
| far less expense.
|
| I also view most apps/tech as not very novel. It's largely
| the same engineering "problems" that are known and well
| documented. A lot of it can be done by average developers and
| "top tier" talent isn't usually needed other than probably
| the cryptographic components in Signal's case. Scale is
| certainly a concern, but that is a familiar problem that's
| has a lot of documentation solutions and approaches.
|
| I could be wrong. Maybe they're already doing this and it
| just happens most of their expense is going to a couple high
| paid execs. Could be that I'm underestimating the complexity
| as well. But I find my statements to be true in many cases. I
| can even point to the number of times I've talked to
| consultants and top tier devs about building things for me.
| What they would charge $1m for I can often piece together for
| less than $50k by hiring a few folks in low COL areas and
| then just spending a little effort refactoring their code to
| be as pretty as I like it to be; sometimes I outsource that
| too but the point is having a whole company of top tier
| talent isn't usually necessary, it's a choice. Just like
| believing that top tier talent only exists in the high cost
| tech hub cities is a choice more so than the truth.
| legohead wrote:
| I interviewed at Signal for a senior developer. They do not pay
| well. I didn't even get past the phone interview because they
| were nowhere near my range. No idea where the $380k comes from,
| executives maybe?
| vizzah wrote:
| $6 million per year on outgoing SMS? Do not send SMS to users,
| make users send SMS to you instead to confirm their numbers! I
| have this solution for years and it works >90% of the time. The
| rest 10% is calling a verification number which drops calls with
| busy signal (no fees for the caller) but sees who is calling and
| is able to verify their number.
| illiac786 wrote:
| Significantly less secure. Faking the sending number is much
| easier than hacking SS7 and getting SMS routed to you which are
| not destined to you (which is also doable but require an order
| of magnitude more skills and ressources in my view).
| nickff wrote:
| This is correct; anyone with relatively basic knowledge of
| VOIP can spoof any number (and CID name) they want.
| costco wrote:
| I don't think ANI is spoofable in practice. But that
| requires a toll-free number which costs money per minute.
| johndoe18637 wrote:
| It would be great if Signal wouldn't require a phone number for
| account setup at all
| illiac786 wrote:
| this is in testing and coming to you early next year.
| traviswt wrote:
| Would invites be a solution? Anyone can sign up if they
| provide a number, otherwise you need an invite from someone
| with a number linked. It would clump the
| identity/legitimacy for all invitees into origin number,
| but still allow disparate accounts.
| novok wrote:
| It's not about legitimacy but having a bootstrapped
| contact list to talk to along with other user friction
| reasons
| serial_dev wrote:
| In that case it doesn't make sense to make it required.
|
| Sure, I don't mind if they ask for my phone number if
| they think that's a better default onboarding flow, but
| allow users to bypass it.
|
| With all that said, I don't think it's really only about
| user friction.
| dheera wrote:
| Or just kill SMS entirely. SMS is old tech from the 1990s. We
| have better things now, like e-mail over LTE/5G, that work
| across countries, across devices (whoa!), across providers,
| across SIM cards (wow!) allow more than 140 characters (wow
| wow!), and allows easy-to-remember alphanumeric identifiers for
| user ids (wow wow wow is this the future!). I hate SMS
| confirmations, I don't want to use my phone number as a
| username, and I will most certainly never donate to an
| organization that is using my donations to pay for stupid SMS
| texts after e-mail was invented.
| pmlnr wrote:
| > We have better things now, like e-mail.
|
| Funny how email, being from the 70s, is actually better.
| walteweiss wrote:
| It's so well written so long post, I afraid I well never read it
| as carefully. Tonight I'm too tired to delve into its depths.
| Tomorrow I won't remember, possibly. And the day after that I
| won't remember for sure.
|
| Sorry everyone for this off-topic, I just think it's needed to be
| addressed, but I have no idea what to do here.
| pizzafeelsright wrote:
| Quit using SMS and phone numbers.
|
| How hard would it be to use a different signal server?
| terminatornet wrote:
| appreciate their transparency, but boy do their devs make a lot
| of money. their 2 highest paid engineers make around $750k USD
| yearly. I guess if that's competitive good for them, I'm mostly
| jealous.
|
| https://projects.propublica.org/nonprofits/organizations/824...
| DavidSJ wrote:
| Personally, I refuse to financially support Signal so long as
| they're still holding my chat logs hostage on my old iPhone and
| seem not at all concerned about solving this problem, which has
| existed for years.
|
| There was (and still is, so far as I know) no upfront warning to
| users that if they don't first sync with a desktop client, and
| their phone gets lost or stolen, their iTunes backups do not
| (unlike most iPhone applications) contain their Signal chats. And
| furthermore, there's no way to export those chats in backup
| format from an old phone.
|
| (You can _transfer_ , but the transfer deletes the data from the
| original source, which is extremely foolish and dangerous IMO,
| and anyways isn't a proper export accessible from other
| applications. Furthermore, so far as I know there's no support
| for transferring from very old versions of the Signal client.)
|
| This has been a critical bug for years [1], it's one of the most
| complained about issues, and Signal has done (and intends to do)
| absolutely nothing to fix it. It is absolutely unacceptable to
| have our own data held hostage by them in this way, especially
| without any upfront warning.
|
| [1] https://community.signalusers.org/t/ios-backup-keeping-
| messa...
| bhtru wrote:
| Interesting, I always saw this as a deliberate feature aligned
| with what I first came across Signal for (sensitive
| communications between trusted parties that may need wiping at
| a moment's notice). If a journo reporting in a less than
| hospitable regime had their phone confiscated then they need
| not worry about their chat logs compromising them.
| DavidSJ wrote:
| Sorry, how is this any safer for the journalist? If their
| phone is compromised in a way such that someone can login and
| control their Signal app, their chat logs are already
| compromised. I'm just saying there should be the ability to
| export those logs once you've logged in.
|
| But if they don't want to provide that, then:
|
| 1) Why does the Android app support this?
|
| 2) They should warn users of this BEFORE holding their data
| hostage, and not market Signal like it's the right solution
| for everyone.
| marssaxman wrote:
| Perhaps Signal is not the right choice for you? It seems odd to
| be so concerned about data retention from a system which
| prominently features support for disappearing messages!
| DavidSJ wrote:
| I expect messages to disappear when I turn on disappearing
| messages and not when I don't turn them on.
|
| But yes, I agree it's not the right choice for me and many
| others who want to have full ownership over our data, and
| they should make that clear in advance.
| kortex wrote:
| > But yes, I agree it's not the right choice for me and
| many others who want to have full ownership over our data,
|
| The whole _point_ of Signal is you have full ownership of
| your data. You said you can _transfer_ the data to another
| device, right? I get that inability to export cleanly is an
| annoying bug, but technically you have full control over
| your data the whole time. It seems to me that it 's easier
| to guarantee no one else can get your data (at the expense
| of data export friction), than it is to provide "do
| anything you might want with your data" while still
| guaranteeing privacy.
| DavidSJ wrote:
| Being able to transfer to another copy of the same app,
| but not to a different app, and being forced to delete
| the original data in the process, is not ownership of
| your data.
| thefz wrote:
| > It is absolutely unacceptable to have our own data held
| hostage by them
|
| Most likely this is just one of the walls of the walled garden.
| daedalus_j wrote:
| I completely agree with you, even though the situation is at
| least a tad better on the Android side... However, it's worth
| noting that Signal seems to consider this a feature and not a
| bug.
|
| I hate that. I use signal to chat with my friends. We trade
| pictures of our cats. I am not a whistleblower who needs my
| data deleted instantly for safety. I provide the noise that
| acts as cover for those people. And I would have a _LOT_ easier
| time bringing onto the network if they were able to keep that
| chat history. (I take a backup on Android and export it and
| clean my Signal install periodically because it gets large and
| starts taking up too much space on my device.)
|
| I love Signal. I want it to succeed. I think they have a little
| bit of problem understanding who their users actually are
| though, or perhaps just a disconnect with telling us who the
| users they _want_ to have are...
| codethief wrote:
| Maybe I'm the only one here but this so-called "transparency" in
| the form of a single blog post doesn't instill much trust in me.
| I have been an avid Signal user since the TextSecure days and
| still recommend Signal over any other messenger. However:
|
| - There were times (e.g. during the introduction of MobileCoin)
| when the Github repositories hadn't seen any update for months,
| while they were still releasing new app versions on a regular
| basis. Heck, last time I checked there were not even public
| changelogs for any of the apps. Calling Signal "open-source" is a
| stretch at best.
|
| - The Signal team time and again has failed to react to criticism
| of the usage of Intel SGX, or of how they completely messed up
| the introduction of the Signal PIN. And let's not talk about
| MobileCoin. Yes, being "open-source" or "nonprofit" doesn't imply
| they need to ask their users for permission or respond to every
| complaint. However, a minimum amount of openness and debating
| critical features in public would go a long way here.
|
| - I would like to see some transparency regarding the overall
| foundation and corporate structure, beyond just silently filing
| form 990 years with significant delay. For instance, it seems
| Brian Acton can elect and dissolve the entire board just by
| himself[0, 1]?
|
| Long story short, before donating to Signal I'd like to see a
| _proper_ and _continuous_ commitment to transparency, not just a
| once-in-time blog post.
|
| [0]: (German) https://www.spektrum.de/news/mythos-signal-licht-
| und-schatte...
|
| [1]:
| https://projects.propublica.org/nonprofits/organizations/824...
| yankput wrote:
| Didn't they do some sort of cryptocurrency thing. How is that
| going?
|
| edit: it was called MobileCoin right
|
| edit2: they do
|
| https://support.signal.org/hc/en-us/articles/360057625692-In...
|
| is that generating any revenue?
| asymmetric wrote:
| I have held off donating to signal so far exactly because there
| is no clarity around this token, why it was even added to
| signal and who profited from that.
| pushcx wrote:
| And they stopped updating the server code repo for a year,
| apparently to hide the launch of this token:
| https://news.ycombinator.com/item?id=26725915
|
| I don't think they ever confirmed that this was why they
| stopped updating, or did a postmortem on how poorly that
| launch went. I vaguely recall there was also an unexplained
| spike in MobileCoin trading shortly before the public launch
| that looked quite a bit like insider trading, though right
| now the stories I can turn up about it here are about
| similarly disconcerting and unexplained issues in its
| provenance: https://hn.algolia.com/?dateRange=all&page=0&pref
| ix=true&que...
|
| It's hard to take this fundraising plea seriously when this
| financial disaster is never even mentioned. I hope I've just
| missed whatever Signal has done to try to repair trust after
| the, but the fact that they haven't even removed it from the
| app is not promising. Can anyone share updates?
| jmprspret wrote:
| Probably not much at all. Thankfully they didn't shove it down
| user's throats - its kinda hidden behind a setting. I guess if
| they did push it harder to users it may have generated more
| revenue, at the cost of users who won't put up with
| cryptocurrency rubbish.
| thewanderer1983 wrote:
| People should be aware that Signal may be able to provide good
| e2ee and methods to make reading your messages or calls a
| challenge, they don't do to enough to obfuscate. Therefore
| censors can identify who is using signal and even block it.
| https://github.com/net4people/bbs/issues/63
|
| Privacy tools can make you stand out. Unless methods are used to
| obfuscate your data.
| gloosx wrote:
| I admire Signal and everything they do. Basically Software-as-
| Charity, for the greater cause. Now knowing this charity is
| actually millions drives me nuts. I hope the less expensive
| solution can be achieved in decentralization of the whole thing.
| Im sure it is possible to sustain it ourselves as a public
| service forever if everyone involved will have to pay with his
| personal computing resource - just like we are able to sustain
| decentralized finance now. And of course - the idea of a phone
| number as identity is very much flawed and unsustainable on
| itself, hopefully Signal team will be able to break through this
| problem as well
| ponymontana wrote:
| give the option to sign in without phone number paying a fee in
| bitcoin (sats on lightning network would be the perfect fit)
| would solve a lot of economic and privacy problems. Also dont
| waste money on phds post-quantum bullshits would be great.
| lrvick wrote:
| Signal is centralized, expensive, and desperate.
|
| It results in decisions like this:
|
| 1. MobileCoin premines 250m coins
|
| 2. Moxie is paid for being on their board
|
| 3. Moxie directs non-profit Signal to integrate MobileCoin
|
| 4. MobileCoin offers 50% of their premine for sale.
|
| 5. Signal/Mobilecoin news spikes price to $60
|
| This is why we need decentralization.
| yandrypozo wrote:
| I thought this was an article explaining how they move out of the
| cloud and saved millions using bare metal servers.
| devit wrote:
| These costs seem absurd.
|
| For instance, 1.3$ million per year for storage??? Apparently,
| they have 40 million users, so 1 MB per user (seems reasonable
| for Signal) means 40TB. You can buy a 4TB SSD for $200, which
| means you need $2000 one-time for 1MB per user.
|
| How they get from $2000 to 1.3$ million is a mystery.
|
| As for SMS registration, if they are spending 6 million, maybe
| they should find some way of doing it for free, e.g. Google might
| be offering it with Firebase, Twitter used to have it, etc. It's
| not great for privacy, but if they care about that they should
| just stop using phone numbers.
|
| Routing video calls through a server to obscure IP address seems
| totally pointless while you are revealing the phone number
| anyway. And again there might be a way to do this for free, e.g.
| perhaps using one of free WebRTC STUN/TURN servers that e.g.
| Google seems to run.
|
| As for bandwidth, a very conservative estimate seems 100 MB per
| month for each of 40 million users, giving 4 PB per month (though
| I guess the real usage is 1/10 that at most). Hetzner charges
| $1/TB, so that gives $4000 per month or $40k per year,
| overestimated.
|
| Again a mystery how they get from $40k per month to $2.7 million.
|
| Maybe the problem is that they use AWS/GCP/Azure/etc.? They have
| to be real idiots to use them since everyone knows they are
| insanely overpriced and should never be used unless a large
| corporation or deep-pocketed investors are footing the bills or
| they is no other possible solution.
|
| Perhaps they need to consider stopping dumping money down the
| drain before asking for donations.
| all2 wrote:
| Did they also add their cost of dev, admin, etc. into the
| calculation? This could have a big impact as well.
| heyoni wrote:
| Yes like paying 30$ for Tylenol in a hospital. You didn't pay
| that much for the pill but for a nurse to enter that you need
| that into a schedule and then actually deliver it to you.
| spandrew wrote:
| I'm starting to suspect there's more to securely stowing user
| data than throwing it on a bunch of 4TB SSDs!
| k_bx wrote:
| Sorry, how does 1 mb per user seem reasonable? I'm sending tons
| of videos, documents and pictures, probably beyond a gigabyte
| daily. Just one video is like 40Mb. 1Mb assumption seems absurd
| tobinfricke wrote:
| It's not stored on the server, except perhaps transiently.
| ghosty141 wrote:
| 1MB per User? People share tons of pictures and videos, I'd
| guess that the average is more in the 0.5 to 2GB range.
| devit wrote:
| I assume they only need to store it between the time it is
| sent and the time it is received by the recipient.
|
| Maybe the problem is that the Signal app doesn't eagerly
| download messages upon notification? They should start doing
| that given the money issues.
| rbut wrote:
| If you only have the phone app then yes they are instantly
| downloaded and removed from their servers.
|
| But if you have Desktop client(s) registered, then they
| need to hold onto those messages until you open your
| client(s).
|
| That is why they have a 30 day login limit on Desktop
| clients. If they didn't they'd potentially have to hold
| onto messages forever.
|
| https://github.com/signalapp/Signal-Desktop/issues/4730
| https://community.signalusers.org/t/dont-unlink-devices-
| afte...
| 3836293648 wrote:
| Signal doesn't save history so at any given time most users
| use 0 storage
| tekla wrote:
| 1mb per user? What is this 1992?
| wmfiv wrote:
| Was this intended as satire? I honestly can't tell.
| resonantjacket5 wrote:
| I think it's satire? Or perhaps they didn't know one can send
| pictures and videos on Signal and assumed it was only text.
| devit wrote:
| Hmm, no?
|
| Photos are generally <1MB in size and I think have a single
| photo sent but not received on average per user seems
| reasonable (most users probably almost never use Signal,
| and of those that do probably most only use text, and those
| that use photos probably most don't send more than one or a
| few per day).
|
| Videos are probably relatively rare and if not maybe they
| should do something about them, like not storing overly
| large ones them on servers and requiring both phones to be
| online to transfer.
|
| There's a 500x margin between the estimate and their costs
| anyway.
| nojvek wrote:
| Surely 1MB/user for the whole year is more than enough.
|
| It's in the realm of "64KB of RAM should be more than enough
| for any computer"
| spullara wrote:
| Worked for me. $10/month seems reasonable.
| kjhdfgkjhdfkgj wrote:
| > Another $19 million a year or so out of Signal's budget pays
| for its staff. Signal now employs about 50 people
|
| Yeah, not getting any donations from me.
___________________________________________________________________
(page generated 2023-11-16 23:00 UTC)