from tree@lemmy.zip to technology@lemmy.world on 17 Nov 2023 03:52
https://lemmy.zip/post/5683786
Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.
The encrypted messaging and calling app Signal has become a one-of-a-kind phenomenon in the tech world: It has grown from the preferred encrypted messenger for the paranoid privacy elite into a legitimately mainstream service with hundreds of millions of installs worldwide. And it has done this entirely as a nonprofit effort, with no venture capital or monetization model, all while holding its own against the best-funded Silicon Valley competitors in the world, like WhatsApp, Facebook Messenger, Gmail, and iMessage.
Today, Signal is revealing something about what it takes to pull that off—and it’s not cheap. For the first time, the Signal Foundation that runs the app has published a full breakdown of Signal’s operating costs: around $40 million this year, projected to hit $50 million by 2025.
Signal’s president, Meredith Whittaker, says her decision to publish the detailed cost numbers in a blog post for the first time—going well beyond the IRS disclosures legally required of nonprofits—was more than just as a frank appeal for year-end donations. By revealing the price of operating a modern communications service, she says, she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
“By being honest about these costs ourselves, we believe that helps provide a view of the engine of the tech industry, the surveillance business model, that is not always apparent to people,” Whittaker tells WIRED. Running a service like Signal—or WhatsApp or Gmail or Telegram—is, she says, “surprisingly expensive. You may not know that, and there’s a good reason you don’t know that, and it’s because it’s not something that companies who pay those expenses via surveillance want you to know.”
Signal pays $14 million a year in infrastructure costs, for instance, including the price of servers, bandwidth, and storage. It uses about 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year. The biggest chunk of those infrastructure costs, fully $6 million annually, goes to telecom firms to pay for the SMS text messages Signal uses to send registration codes to verify new Signal accounts’ phone numbers. That cost has gone up, Signal says, as telecom firms charge more for those text messages in an effort to offset the shrinking use of SMS in favor of cheaper services like Signal and WhatsApp worldwide.
Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago. In 2016, Signal had just three full-time employees working in a single room in a coworking space in San Francisco. “People didn’t take vacations,” Whittaker says. “People didn’t get on planes because they didn’t want to be offline if there was an outage or something.” While that skeleton-crew era is over—Whittaker says it wasn’t sustainable for those few overworked staffers—she argues that a team of 50 people is still a tiny number compared to services with similar-sized user bases, which often have thousands of employees.
read more: www.wired.com/story/signal-operating-costs/
archive link: archive.ph/O5rzD
threaded - newest
There’s something kind of funny about one of the largest expenses being SMS and voice calls to verify phone numbers when one of the largest complaints about signal is the phone number requirement. I wonder how much this cost factors into them considering dropping the phone number requirement.
Phone numbers will still be required to sign up, you only won’t need it to add a contact.
Seriously? Boo :(
Probably helps cut down on spam and bot accounts
If they drop the phone number requirements, you will get spam, a lot of spam. Much more than now.
Because there are no other possible verifications apart from phone numbers? Do you open a bank account with your phone number, because it’s the only way?
What would you think would be an appropriate alternative to easily verify chat accounts that’s cheaper than validating phone numbers?
Video call, email, other verificated factors.
So do you think this is the only option available?
You think a verification via a video call is cheaper than SMS…?
That’s not to mention the potential concerns that would arise around the possibility of signal storing (some portion of) the video…
Nope, just saying phone numbers are far from the only option. And if telcos are price gauging you should look at the alternatives.
No you’ve complained and insinuated there are plenty of other solutions that the world class team at Signal, literally the preminent experts in their field, chose not to use - and then offered to some truly next level terrible options.
Complained? I’ve merely stated a fact. And you think I’m offended? I’m trying to have a discussion you are not interested in it seems.
How are the other options terrible? Please elaborate. That way you might actually contribute and not just call names.
It’s the cheaper portion that’s the issue. There are “other options”, but they’re not cheaper and/or they have their own issues.
I didn’t touch the email case because email addresses can be so rapidly created (even out of thin air via a catch all style inbox) there’s nothing to it.
But if telcos are inflating the prices that might change. But otherwise I think you’re right.
Video call is expensive, and frankly, if I’m gonna sign up at a private service, I’m not going to make a damn video call.
Email is not enough to go against spam. Email addresses are basically an Infinite Ressource.
Other verified factors are nothing concrete. Sure we could all use security hardware keys, but what’s the chances that my mom has one?
So you do think that phone numbers are the only way to verify the person? This is just stupid. There are enough, like IDs or stuff like that. If you don’t want that, that’s a totally different story.
Jesus Christ you Linux people never learn… It’s 👏 about 👏 ease of 👏 use.
If they wanted it to be a pain in the ass and for nobody to use they could put on a ui on top of pgp and call it a day.
This comment chain is sending me lol
How the hell this guy doesn’t understand how effective phone verification is when it comes to combating spam/bots?
I’m not arguing that, I’m arguing the point, that this is the only option. Because it isn’t. If you find that funny, be my guest.
What alternative to phone numbers would you recommend? I’d probably prefer it over giving my phone number away.
Something like a verified work mail or a cryptographic certificate protected with a password, confirming your identity, I don’t really know ^^ but phone numbers are old and are getting more and more expensive, as the article lays out
The infrastructure for none of these exist (in my country at least). Phone numbers suck, but as signal is a application mostly used on phones, I think it is the most common denominator for the user base.
How does that have anything to do with Linux? It’s about phone verification as the supposed only option.
Does Microsoft need your phone to validate your existence?
How does anyone think, that there are no alternatives?
Yes. MS heavily uses sms to validate my account and is pushing to passwordless sent to mobile auth.
Okay. And how are phone numbers validated? Not by using phone numbers. It’s not the only option. They also use personalized domains, certificates, IDs and the likes.
Right, folks are definitely going to sign up when it just needs you to copy you identity information and send it in and wait 4 weeks 🤦♂️
Yes, there is a whole bunch of pain in the ass shit you can try to force prime to use. They won’t, and the service will be worthless for all but 5 neckbeards laughing about how private they are. 🤦♂️
Probably. Just saying it’s not “the only option”. And I’m also pretty sure they could figure out another way to ID people, if they had enough funds to do so. But maybe this still wouldn’t be adopted, who knows.
There was no need to generalize Linux people. This discussion has nothing to do with Linux.
It’s a bad problem no? Combatting “spam” Accounts while balancing privacy.
Personally, I don’t want to give them any more information than is really necessary.
It’s not easy. And yeah, me too.
PKI doesn’t require hardware keys
True, but it’s not exactly User friendly too, right? If not, tell me. I’ll be happy.
If you want user-friendly WebAuthn - firefox does it for you. If you want pgp/gpg, then just install pgp/gpg client of your choice.
If you want encrypt emails, Thunderbird should have built-in encryption support.
I’m using all of these, but with my hardware keys. Didn’t know you could do it without. I knew that it was part of the webauthn concept but no idea how it works.
Use a 3d face scan, but only send the hash over the net. Can double for account recovery (when user has no email or something)
Where would one get a 3d face scan from? For my part, I don’t have a scanning rig set up anywhere.
You turn your face in different angles, creating a 3d scan of your face using your phone camera
That’s a joke right?
If not: It does not matter what hash I send, because it’s cryptographically impossible to tell what the hashed thing is. That is the whole point of a hash.
Also: sending a hash over the network instead of a password or whatever the source material is would be a bad practice from security perspective, if not a directly exploitable vulnerability. It would mean that anyone that knows the hash can pretend to be you, because the hash would be used to authenticate and not whatever the source material is. The hash would become the real password and the source material nothing more than a mnemonic for the user. Adding to that: the server storing the hash would store a plaintext password.
See: …stackexchange.com/…/https-security-should-passwo…
Guess what happens to passwords themselves? Same thing, but user can’t just add nonce. Replay attacks are super easy to mitigate and hashing makes it easier.
Not saying that biometry authentication isn’t shit for security itself.
Honestly, I’m not sure what you are talking about. Could you elaborate more?
Are you implying that sending some hash is better than sending the secret and let the server deal with it?
It took a long time to reply to you, sorry.
When used for login, it prevents MITM attacker(assuming you are not using app sent to you by attacker) from stealing your password(because hash functions are extremely hard to reverse), while when used both for registration and login, your password doesn’t even leave your computer. There are even password managers that don’t store any passwords, but just generate them by hashing your secret with server name.
How does this prevent MITM attacks? The secret you send to the server, be it called hash or password, is what’s used to authenticate the user. For the purpose of client/server communication, this “password” on your host only is not relevant, as it’s only used to generate the real secret.
A hypothetical MITM attacker would still gain access to that secret, without needing to care how it was generated, be it by hashing something on your host or by coming up with semi random letters yourself.
The secret sent to the server becomes the defacto password.
Now about those password managers, they are a thing but I don’t have experience using them. Through a disadvantage is that if a site gets breached you have to do something weird with your password manager, so that a different password is produced with your secret key and the domain name. This can be done with a counter that needs to be manually adjusted, but that’s weird from a usability point of view.
Maybe I phrased incorrectly. It prevents attacker from getting password and using it again in future.
Salted hash if not implemented with possible MITM attacks in mind indeed can be used by attacker. Resisting them is easy and can be done by channel binding techniques like using channel public key as part of salt. In such case if attacker successfully will make MITM attack, server will just reject hash, because it is not equal with expected one.
Passwords are secrets. Secrets aren’t passwords.
HOTP exists. HOTP is used.
In what circumstances besides reusing passwords does this matter?
To make this discussion extra long: If you’re creating a hash based on a local password, then share this as secret to the server, which then treats it with regular password security, this is beneficial for security as far as I can see, as it makes sure that the “password”/secret is strong and pseudo random.
Happens more then you imagine.
Didn’t I mention two parts where hashing can be used? Let’s take lemmy as an example. There is /login endpoint that takes username and password and returns token and there is /register endpoint that takes lots of arguments including username and password. Hashing you are talking about now is replacing plain-text password with generated secret. It prevents server from knowing password that is used for generation of other secrets on other platforms. Now there is also hypothetical /gettmptok and /verify endpoints. First takes username and returns temproary token and second takes username, temproary token and hash of password salted with (public) key of channel and temproary token and returns… let’s say boolean value, which means this hash becomes valid token. If attacker tries to MITM here, server will reject token because it will not match expected hash because salt is wrong. Even without channel binding attacker cannot get secret to login again in case user logsout of session or forcefuly closes it from another one or token is invalidated for any other reason.
Got it EXTRA long.
I fail to see how this prevents any MITM attack where the attacker pretenta to be the server, but besides that, that just seems overly complicated.
With channel binding: public keys server and client use are different, which makes salt different on client and server, which makes hash different on client and server, server don’t get hash it expects, server replies with 403 GTFO. And as a bonus attacker didn’t get your password.
The point is to protect your face data, the hash IS the password, but you don’t want people to be able to tell how you look like by sending the raw images of your face over the net
That would do nothing to validate that the user is real, they can just insert any hash and claim it’s their face’s hash. At that point we can just use regular passwords, but as I said that won’t solve the spam Accounts issue.
You can make sure that the user used the signed binary to generate the token. Each token has a nonce and a validity period. This binary requires the use of the camera API, but also requires liveness analysis by making you move while authenticating. You can change the way the user is forced to move to make sure it’s not the same video feed connected to the camera
Could work, but it doesn’t stop actual people from creating spam Accounts.
If one wants to put real effort into it, the camera/gyro sensors could be malicious or a robotic arm could be built. Maybe it would work with some fake background.
The camera and gyro sensors can be faked for sure, but the app can be updated to detect inconsistent lighting. These kinds of apps can use a fill light on the screen to make the face change colors.
So use teal when you nod, use purple when you turn to the right, etc. If the color is not detected, tell the user to turn up the screen brightness until it is. Of course, it makes it impossible to do it in daylight, but you can go in the shadow or inside temporarily most of the time. There is a possiblity of support helping you if the scan just won’t work with your device, for example by verifying your government ID if you agree to that
In the end, no system is perfect and you are just trying to discourage the laziest spammers. Using phone numbers just means a real person can buy new numbers. I can get each number for a total cost of $0.99, far less effort than trying to catch up with each app update
I’d be ok with a credit card verification or so something like that, even if still uncomfortable for me, but I hear it reduces a lot of spam.
But then that would make people confused and make them run away when the app seems to be free and now is asking for a credit card validation… it’s too strange.
Anyway I never got a single spam message on signal from all the years I use it, so not sure how others view the problem or even if it is a problem.
Captchas or other challenges, and better spambot detection.
Those are already in place. They don’t suffice.
Make addresses-per-contact, not global. Provide no discovery for addresses. Spam solved, since the spammer can’t find your address.
You can of course add public messages with phone numbers verification on top of that, but you absolutely do not need them for a spam-free chat app. Address discovery should be completely optional and addresses should absolutely not tied to phone numbers.
It’s utterly ridiculous that this apps claims to care about security and the first thing it does is collect boatloads of private data.
That’s actually a pretty good idea.
I’m guessing you generate a unique address to share with someone, and then they add you. Spam is literally solved and it becomes more private.
Might want to think twice before donating to this company that’s eating up $40m/year with 50 employees.
I’m going to go out on a limb and say that the company that is dominating the privacy-messaging space, considered and discarded this idea for reasons they consider valid.
🤡
Let’s not push a definition of “security” that Signal does not claim. The messages are “secure” in that nobody other than you and the other people in on the conversation can decrypt them.
Also, no need to be dramatic. A phone number is not “boat loads of data”.
I mean, your phone number can be used to find out everything about you.
.
Ok, but that’s changing the goalposts. A phone number itself is not “boatloads of data”. Signal is not storing anything about you other than that phone number and whatever name you entered. They’re not storing messages or anything else. The fact that someone could correlate your phone number with other data (whether accurate or not) has nothing to do with Signal.
Signal is an over hyped piece of shit that grossly violates numerous core tenets of
priceyprivacy and data freedom.I don’t know what pricey is and they don’t keep your data.
They don’t allow you to export your chat history, it’s locked in the app:
reddit.com/…/exporting_a_single_signal_chat_histo…
That’s not only crappy app design, that outright violates European law:
gdpr-info.eu/art-20-gdpr/
Signal doesn’t have any “personal data concerning him or her” other than a name and email address. They don’t have your messages.
They store it encrypted on your device such that you can’t access it yourself, only their app can access it.
I open a bank account with a copy of my id, a copy of a bill to my adress, and some money. My phone number can be used along the process, like for a digital signature.
Make phone numbers optional and add a setting to allow/forbid accounts with no phone number to message you. I bet phone numbers have zero effect on the level of spam.
Interestingly this phone number complaint only shows up among techies and especially Americans. You guys don’t get to keep your phone number? I’ve had the same number now for 20 years here in Europe, it may as well be synonymous with my identity.
In fact, I’d say the phone number requirement, or at least option, actually promotes adoption in parts of the world. I wouldn’t have been able to get my mother to use Signal if it didn’t work with a phone number, for instance. She’s not gonna make an account just for a chat app. Phone number she already has.
because people might feel uncomfortable sending unnecessary personal information to another party, especially if it does not change often, like the telephone number?
I’m mostly contacting people I already know so using phone number (something I already have a collection of) is very handy to me
Exactly because I have the same phone number for almost 30 years, that is the problem. It’s too deep interlaced with my real and personal identity and I regard it as a very private thing that only few people should have.
I don’t get the idea that a phone number should just be randomly given as if it was natural.
It’s good to have it as an option for example so my mother can use it simply and quickly, but when I go to a conference and want to connect to new people which are still strangers and will and don’t give my phone number. So in those situations I have to randomly use other chat system or share emails? When signal already is in my pocket and my main chat application 99% of the time and is perfect for 1 to 1 friendly chats?
It’s actually a privacy issue because your phone number is tied to your physical identity so deeply that giving it out is giving too much away.
My kids don’t have a phone number and I would be glad we could use Signal.
should be optional.
I’m glad that Signal choose to be transparent about its spending instead of hiding it from obscurity.
Hiding from obscurity? 🤔
Bot language
ESL. Bots don’t make that kind of mistake.
.
An open call for sustainability is the opposite of that isn’t it?
.
You really dont know what it means if a Company is non-profit and opensource, right?
Session, a fork of Signal, is better because as far as privacy goes as you don’t have to download it from a store that violates your privacy. Just go to the offcial site and download the apk.
How do you think that stacks up to jitsi?
Isn’t that mainly for video calling?
I think you're right. Not really comparable.
Taught so, but personally only used it once in a matrix integration
Jitsi was used for some time while matrix protocol video was under development.
I really only use matrix/element I just was just shocked they’re paying 6 mil a year for phone verification and they aren’t completely underwater
This is the way. Matrix rocks
I prefer XMPP. Same thing, but lighter and easier to host.
I’ll look into it, thanks
for Android there’s the client “Conversations” and some others. Just create your account somewhere else, free.
Bridges.
I use element, but for communication with family and friends I use signal. Element app is not as simple, it is a little clunky/buggy and slow. It is not ready for “normal” people.
It uses full sync. You can try sliding sync client like Element X. It’s experimental, but should work.
You can download a self updating apk from Signal’s official website
As far as I know, this version doesn’t have push notifications for microG or google, so it will drain your battery a lot faster because it’s always on. People should just download the Google play version with Aurora Store.
Actually, I’ve been using this version for about 4 years, and it does not impact the battery significantly at all.
If true, same should go for this Session thing
This version detects if you have Google Play Services when you first launch it. If you do, it’ll use it, if not, it moves to websockets.
If you installed GPS after launching Signal, you’ll need to go to in and erase Signal’s app data for it to reset again.
I didn’t know that, good to know. Thx
The Aurora Store still uses Google for some pieces, it just provides an anonymized wrapper for them. The Aurora Store developer has an avatar of himself wearing a mask with the following profile info on GitLab.
He’s using Gmail, is that supposed to be ironically funny running all our engagement for his de-Googled product - through Google?
Before I switched to Graphene I ran CalyxOS. It was hacked to pieces and is no where near GrapheneOS or even PostmarketOS I’d say. In fact, I think iOS is probably more secure than CalyxOS!
As well microG has this, anyone step through all that code to verify?
topDomainOf(Uri.parse(appId).host) == "gstatic.com" && rpId == "google.com" -> { // Valid: Hardcoded support for Google putting their app id under gstatic.com. // This is gonna save us a ton of requests true }I’ve verified that a straight Session apk install on GrapheneOS does not use Google in any way.
What’s their benefit over Signal? It can’t be just the downloads source.
The biggest benefit is that Session can run completely independant of platform (Google/Apple) push services and will run completely self-contained. You can set Session to check for messages every X minutes. Of course while the app is open and focused, it’s real-time. This removes metadata collection on when/where/how you are messaging.
What does the distribution method have to do with the privacy of the messages sent via the app?
Does put into perspective how much it costs to run at this level and how their competitors are paying costs of similar magnitudes
The blog/article calls it out out well: other tech companies are running at much greater magnitudes.
Now I want to know more about that $6 million annually spent on SMS messages... That seems like a ridiculously unnecessary cost, wonder if some startup can wedge into the market and undercut the competition.
Signal use phone number for account identification. SMS is essential to verify that the phone number you used on your signal account is belong to you. This could be the real motivation for signal’s recent attempt to start allowing their users to contact other users using their username instead of phone number.
Right, the reason why SMS is used was explained in the excerpt, I'm not asking about that. I guess what I'm curious about is how badly the telecom firms they're purchasing SMS services from are price gouging, and if they are, why there hasn't been a startup in this space
You mean startup for sending SMS? That would have to be a real telco, otherwise it would just be a front that is essentially renting capabilities from an established telco - and it would suffer the same fees/rates as Signal. Either way, really expensive to operate, with no real benefit to show for it.
I mean... yeah. A real telco. I figure it has to be one of a few things:
a) The profit margins baked into existing SMS services are razor-thin and there's no room for a startup to undercut that (unlikely);
b) The monopoly of the existing telcos is thorough enough that they can shut out newcomers;
c) The initial costs of any potential newcomers are great enough that nobody can secure funding;
d) Nobody both wealthy and moral enough has had this idea yet
In my country, all carrier here would block bulk SMS sending (and terminate your phone number if they think you abuse it) unless they come from a special short number account (e.g. those with 4 - 5 digits phone number), and those account is not cheap. That’s where the telcos made money from sms these days now that ordinary people don’t use sms much. They would partner with api providers such as Twillio to setup the account. You can review Twilio international sms pricing for an overview of sms prices across the globe. In my country, it’s 50x more expensive than US.
It wouldn’t surprise me if they keep the SMS verification to keep the number of superfluous accounts to a minimum, which would likely greatly exceed the $6m operating costs. I also wonder if that $6m included their now defunct SMS integration, and if that cost has changed at all.
It’s also worth noting that while SMS is typically nowadays a free feature, it wasn’t always as such. It used to be that users were charged per message, especially in Europe, which is why Europeans tend to rely on messaging services instead of SMS; US carriers made SMS free only maybe 10-15 years ago, and that was only to US based numbers. When you’re dealing with many people that are international, such as in the EU, that adds up quickly. SMS is a Telco utility, and they tend to be, er, behind the times as it were. Remember that when you’re an internet-based service and you want to interface with a Telco utility, ie via SMS, they charge a tarrif, like a toll road. While Telco utilities are all digital and voip-equivalent based these days, they are still a private network and charge fees to access. And I am now rambling so I’ll stop here.
I remember once a girl I was friends with lamenting that someone sent her two text messages when it could’ve been one, because each one counted against the free quota before you were charged per text.
Yup, the late 90s to mid 00s we’re an interesting time
And god forbid special characters
WhatsApp’s initial monetization model was pretty good. Free for the first year, $1/year after that. With 400 million users, that’s a lot of money.
Signal has 50 million, but could cover their costs for $5/year per user, I’m sure, assuming not all users would pay.
They had 40 million users in 2021, so a dollar a year would cover the costs.
As much as I would hate a “premium tier” for signal. That sounds like the best approach. Charge $5 a year for features that make sense if you are a signal power user, though that can get dicey fast on what those premium features are
Or have something similar to Cosmetics or better bandwidth (like tgram does)
Basically the gamification and moneyfication that for example discord uses which are basically gimmicks for dumb things like animated avatars or special stickers and we clearly know there are a bunch of people that actually fall for it and give money to feel superior for having those things.
Sort of, though I’d be hesitant to say “actually fall for it” in the case of Signal considering it’s a non profit. They’ve worked really hard to solidify chat privacy, and this is more like “if you use signal a lot, and want some features that in no way impact the service but might be something you’re interested in, perhaps you’d donate?”
It’s either that or beg for donations with banners Wikipedia style. They’ve laid out their costs here pretty well. It’s expensive. I mean even your point of “feeling superior,” many who champion privacy are asking people to switch to signal to chat with them because they won’t use other non-secure chat apps, so I see nothing wrong with a “donor” indicator that can be added to their profile or something.
If the dollar fee of Whatsapp teaches us anything is that any tax you put on your app hinders adoption.
Whatsapp intended to do that but ended up scrapping the tax for various reasons. One of them was to keep the existing user base (they have existing customers lifetime use for free when they brought out the $1 idea). Another was the fact that in some populous regions of the world credit cards weren’t common (like India) and they’d rather have lots of users there.
Bottom line, the $1 Whatsapp is even more elusive than the WinRar license and I’ve never personally heard of anybody who ever paid it.
venturebeat.com/mobile/whatsapp-subscription/
My dad paid for it for himself, for me and for my mother, this made a lot of sense bc in Spain, in the pre-messaging app era, sms were like 5-20cents each in most tariffs.
It was getting to the point where it wasn’t uncommon for an average joe to just ask their friend who’s using whatsapp how to pay for it so he can have it too(many ppl had never bought anything online so they needed help)
However things are different now, there are tons of free messaging app alternatives out there, ppl would rather change to another free one.
Du the average signal staffer makes 380k?
If you take out the employer-side taxes and cost of benefits, maybe. A fair number of their employees must be software engineers, and that much compensation isn’t unreasonable for expert software engineers.
Yeah that struck me too. 20 million divided by 50 employees is 400 000 each. That is a LOT of money. Even half that (twice the employees, or half the cost) would be a lot.
Signal’s CEO salary is $5.7M, not sure about the other execs salary, but we probably can speculate that the execs compensation is half of total salary expense, so those 50 rank and file employees probably cost 200k in salary and benefits instead of 400k.Where is this $5.7M coming from? According to their tax filings in 2022, they paid their CEO $0: projects.propublica.org/nonprofits/…/824506840 (compensation section)
You’re right, I think I googled wrong company name there.
I don’t know what’s the ratio in the USA but you may divide it by close to 2 to get the employee pay considering all kind of salary taxes. Then imagine the cost of San Francisco engineers able to build a global app used by a hundred million users. It doesn’t sound crazy.
It says “pays for” not “pays to”. So benefits, travel/relocation, training, etc, is included.
The average is then brought up by the higher level staff getting paid more.
So for a Mountain View CA company each staffer making ~$200k wouldn’t surprise me
I have high hopes that the donation % and amount of users will grow after the interoperability implementation
Their leadership team made about 5 million dollars per year in 2022, with about $500K/year compensations for most of them. Some comments here suggest that those compensations have risen sharply recently.
Perhaps consider whether this is a good place to donate. And also, it’s so shitty that we were conditioned to think that every service is “free” of charge. In an ideal world, Signal could fix all of these problems by firing 80% of their C-team and instituting a modest subscription fee. But then 90% of their users would just fuck off to some place that is “free” but makes much more money from selling their data.
Their leadership team is not overpaid relative to the industry and they are highly deserved of those salaries. They make an excellent product. The point isn’t that the leadership team makes 5mil between them, a drop in the bucket of the 50mil total operating cost. It’s hard to read your comment as anything but disingenuous.
While I agree that they’re not being overpaid, 10% is a rather large drop in the bucket. Do they need that many to run an organization of 50 people, though? Perhaps they do, I don’t claim to know.
As a historical comparison, before selling out to Facebook, Whatsapp had 35 engineers, providing service to 450 million users. But perhaps they were selling their data at that point already, making this a bad comparison.
Yeah, and about that historical comparison… WhatsApp sold out for $21bn. Signals top earners collectively would have to work for 4200 years to get there.
Those guys deserve every cent of their paycheck, because probably any of them could easily earn multiple of that at another company… given their skills and knowledge in the field.
The biggest miracle is them not selling out.
Jfc thank you this shit feels like astroturfing in favor of the major big techs like facebook
Jim O’leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
I don’t know why developers are making more than the president of the company here, but that’s nice to see.
Usually the person setting the wages is setting their own wage higher than the rest.
It’s also wild to me that some developers are making nearly half a million a year. I can’t even crack 100k in my local currency (about $75k/yr USD) and my job is to run the infrastructure. If I don’t do my job, the company goes offline and all that fancy programming amounts for nothing.
US tech wages are just nuts. In the UK I’m basically maxed out for a non-London based software dev at about £70k (~$87k). Meanwhile I have a friend who has managed to land a job with a London based US tech firm on about £120k (~$150k) which is massive for here but reading this is still a long way off what is possible.
You think wages are high here but forget that the USA has no healthcare, no mental healthcare, no social safety networks for if you lose your job, and suffers from overpriced food+housing just like everyone else.
You also get nickle and dime’d for literally everything, including having to tip if you eat out, tip to ride in an Uber, have food delivery, or exist. Drivers licenses cost money. Your birth certificate does. Your car insurance costs. If you can even afford an overpriced car even used.
And even if you get get healthcare through your job, it still sucks. You still pay “co pays” and “deductibles” just to receive care. If you get care at all that is - if the insurance company “decides” to cover your scan.
And you still owe whatever percentage after that insurance doesn’t cover. Say your important surgery is $100k in costs (yes they cost that much here often). Even with decent insurance you’re still owing thousands afterwards, more than likely depending on the insurance plan.
Forget getting an ambulance for emergencies. Even if your insurance covers it, it may be “out of the insurance network” and therefore not covered, but how could you know that? You’re unconscious. And you better tell your body not to get cancer either or into a serious accident, because that can run your medical bills into the millions.
The USA has no decent vacation time, has no required maternity leave or medical leave. You will eat your own childcare costs into the thousands, and some people’s partners opt to stay home rather than work to absorb those.
this i worked in an american company and many people move to europe and accept half the salary because its still better financially speaking.
I live in a country with Universal healthcare coverage (Canada) and we pay for our healthcare with income taxes and goods and services tax; so I fail to see why this should matter.
The key difference is a single payer system. We the people (represented by the government) can basically set the prices of our own healthcare procedures to a figure that is appropriate for how much each person helping to perform the procedure costs for their time and effort in the process, the costs of running the equipment, and some for the wear/tear/maintenance on that equipment. Whatever is left over goes towards replacing the machine at its end of life.
In the USA, hospitals are run as for-profit businesses, so the extra cost (usually 100% or more profit per procedure, or whatever they can get away with charging) is added on for the profit margin of the hospital, and the insurance companies and whatnot is also run as for-profit, jacking up prices even more.
It’s not that citizens of the US are paying for these procedures themselves that makes it expensive; Everyone pays for medical in some way, shape or form, just the USA seems to be okay with extorting its own citizens for profit in the process of helping them. It’s a toxic system that causes people to be forced into extreme poverty when they’re too poor to pay for insurance; which is insane to me, since you’re effectively beating the poors until they’re homeless and destitute then blaming them for their own homelessness and shunning them for being homeless when all they wanted to do was not be sick/injured.
The measure of a society is how it treats its weakest members.
For anyone wondering: First number is base, second is related, third is other. I have no clue what those terms mean.
projects.propublica.org/nonprofits/…/824506840
My guess base is what is written in contract, related or other probably means bonuses or maybe overtime.
Here’s the thing with pay: they can either pay these people or find someone who will accept less.
These employees have options. Signal is competing with other companies to hire them, so the pay is determined by that market.
As for the “free” part, yep, the consumer determines the value here, and since most people are pretty content with garbage like SMS or WhatsApp (which is monetized by your data), “free” is what Signal is competing with.
Fortunately, those of us “in the know” have the opportunity to promote a free app to help build the network effect, and we can financially contribute as part of that.
(Not criticizing, just adding perspective).
Sounds completely fine.
Remember we need competent, motivated folks top to bottom. They are certainly getting offers from other organizations to go work for them.
We also don’t want them “needing” to accept bribes
Shitting on a company’s shit pay strucute is reasonable, but you can’t ignore that this is always a choice between other options. Google and Apple are at least as bad in that regard, and they’re worse in other ways. Steps in the right direction are better than not doing anything because there’s no perfect option. When you do that, things get worse, because the companies will force you to take steps the wrong way.
I’ve been using signal since forever. Recently when there was a big exodus from Whatsapp because of their changed data policies was the first time I felt an impact with response time in the app etc. I immediately set up a regular donation. A few months later they came out with there cryptocurrency scheme I decided I won’t be funding any cryptocurrency so I cancelled my donations. I trust signal on the technical side implicitly. But they have lost my trust in the business side :/
The crypto highly annoys me too and I was against it, but we can turn it off and nothing changes which is good. I still believe the dev time should have gone elsewhere. But I’m not as bothered as I was in the begining. Same with stories, never used it before signal in other platforms and had to study wtf they were when it appeared on signal. Now I can see and understand a bit of the use case but I have never seen any of my dozens of friends that use signal use that feature. Still something that can be turned off. I’ve used it to share memes.
Anyway, they claimed heavily that there were markets that would absolutely require that feature since people are used to it in other chat platforms, and if it really brings people to a better platform that is signal I’m ok with it. What I’d really like to see is if the claim now holds true or not and understand if the dev and money time spent in those features really got more users in the app or not and if it was worth the cost vs other features.
Lost me (and many family members) when they dropped support for SMS.
And yes, I will keep on bringing that up on every topic about Signal.
This was a bad move and I’m sure Signal has been bleeding their userbase ever since they have done it.
Their user base has grown tremendously since they dropped support for SMS. Just read the article.
Same here. It was basically the only way to convince non technical users to use it. It’s a better texting client than the default Android messages app.
Am kind of annoyed at the fact they go out and say they need more money to keep working on it, while at the same time keep doing features people don’t want. My entire contact list asked me how to disable stories the very moment they were released. Then they added crypto, and payments and whatnot. All while people are repeating they want username based accounts and editing features. Video calls in Signal still doesn’t have add person to call. You are simply not able to have a group call with people without creating a group first. But sure as hell we have crypto.
Can we really call a business nonprofit if they pay their CEO 5.7 million a year? Over 10% of operating costs going to one employee? That’s fucking insaneEdit - incorrect information
Where’s that number from? I see her as a little under $200k.
They are paying their CEO $0. Brian Acton, previously founder of WhatsApp, the guy who initially bankrolled the whole non-profit by a $50 million, 50 year, non-secured, 0% interst loan, later giving even more.
Source: en.wikipedia.org/wiki/Signal_Foundation#History
They pay some other C levels 400-600k. Source: projects.propublica.org/nonprofits/…/824506840 (compensation section)
A bit more than $50M
<img alt="" src="https://lemmy.world/pictrs/image/0d7ab098-ee13-41aa-86b2-d458c4d7763f.png">
Yeah I have to ask for a credible source on that one.
They say 19 mil a year on 50 people - that’s like 380k per person for a non for profit… That number seems a little high surely?
The most secure and privacy respecting chat app doesn’t develop and run itself.
CISO and developers in that field earn into the millions, and Signal is competing with the top dogs here (MANGA). There pay is ridiculously modest.
Even if this were accurate, what they pay a CEO is a function of the “CEO Marketplace”, i.e. what other companies are paying CEOs, as those are the companies they’re competing against to get talent.
Eventually they're going to cave into having some paid model. Like all good things we once held dear, the long arm of monetary reliance shows no pity or remorse in it's wake.
Wikipedia?
If they do I think they should leave messaging free and create some Premium Signal subscription to get voice calls and video calls.
I don’t want to pay for this major bandwidth usage even though I have never done a single secure phone call.
I cannot understand how they can use so much bandwidth and I have to assume the vast majority of it is for voice and video.
This shit costs money.
And now folks predictably are bitching about ceo comp. 400k is shit for a competent CTO. I make nearly as much for a lowleey director for a small federal contractor. Welcome to tech pay.
But 19 million in costs for 50 staff would put everyone at roughly that wage right? Or what have I missed here
You’ve got tax, insurance, retirement plans, trainings…
The average wage will be around 200k. Still a lot for the average person, but not much for an experienced programmer/ sysadmin.
I am getting scared… That is not a normal pay here for an experienced developer. Who gets over 10k a month?! Sign me up! I would say even 100k in a year is a lot for someone, 60k to 80k is a bit more normal. But we also get payed vacationdays (30 days) plus all of the payed holidays and half days, and payed sickleave (80% of your pay) and monthly pension (4-6% of the pay). But that does not cost 140k - 120k for a company, and that was low?..
Everyone think this is normal in the us?!
Also health insurance, workers comp, any other perks or benefits the company offers
An experienced engineer won’t take a piss on your lawn for under 200k total comp where I am.
It depends on where you live, but yes in tech hubs in the US that’s normal pay. Of course, outside of USA you’ll see like 5x or more lower salaries. I’m happy with the money I currently make, but I’d likely make 2-3x what I currently make if I moved to USA.
Also, what are the chances the 3 overworked stress bunnies that were in on it ‘from day 1’ are claiming a LOT more than that??
200k is also much closer to the amount they advertise in job postings.
Tech pay in the US.
Not wholly relevant to the above story, but worth calling out regardless.
Fair enough
Doesn’t that just mean both the CEO and you are overpaid?
In some fantasy land where middle and upper management don’t do anything.
So long as they are transparent with its funding I wouldn’t mind donating whether through Patreon or other methods.
You can donate directly in the app via
Settings->Donate to Signal; either one-time or recurring.Foundations love recurring, but one-time works too.
www.signal.org/donate/
My non-pro question is : if it was a peer-to-peer service like element, using a decentralized protocol like matrix, wouldn’t it be a huge cost saver because of less data bandwidth and server costs?
If Matrix was p2p at this point, sure. iirc it’s still very experimental but theyve made a lot of progress over the last 3 years.
.
40% of costs is salary? That’s so little for software company.
EDIT: oops, it’s not 19/50, it’s 19/40. 47.5% Still less than half.
$19M? With 50 employees, that’s an average salary of $380k/yr if my poor math skills are correct. Is that for real?
That’s not terribly awful actually.
If they are wanting to attract programers with experience and not have them sniped.
Fresh out of school in that field with no experience, one can hit $75k-$120k fairly easily.
Signal needs people who are familiar with encryption and cyber security, and are basically inventing new ways to did things in order to mantain user privacy. That is a very specific niche that takes a lot of skill and experience to do.
Where are new grads making >75k (USD)? I made 50k CAD out of school, got a couple raises and now at 65…
US.
Average starting salary at my school is $68k, my department is $74k average, and I have friends who have started at $110k and had their MS degree paid for on top of that, with a pay bump after their degree.
I turned down $80k starting in a really low CoL area cause they didnt have a big enough moving allowance, and I have a few other options I’m pursuing that are more appealing to me.
Damn you are me from the past, except I don’t have a degree. The pay is much worse up here. I’ve considered trying to get work down south to make some $ but the US is kind of a shit show right now and I don’t want to live in a car dependent city.
Different countries, vastly different pay scales.
Made 75k out of a 12 week coding bootcamp. Didn’t go to school, but worked as a mechanic for about five years before that.
Oops, it’s 7.5 percent more. Anyway. Article summary says 40M is total operation cost including 19M in wages.
That’s about the price to compete for a software eng these days.
Factor benefit costs too.
And it’s the kind of product you don’t want a 80k developer to introduce security vulnerabilities left and right. You get what you pay for.
Security minded people are usually very skilled, and everyone’s competing to get them.
Could it be run cheaper? Yes probably. Would the product enshittify after a while? Absolutely yes.
I’m in the wrong field!
It’s a great field but super saturated right now. Not a good time to enter lol
Bull. Shit.
What bullshit? Entry level sde 1 at Amazon is 176k. A senior with around 4 to 5 years of experience is 359k.
E5 at Facebook is 412k. Levels.fyi has all the stats.
Like if you’re a company competing against these companies for talent that’s what you gotta pay. During the pandemic it was even worse with people getting like 20-40k sign on bonuses etc too.
.
More likely average developer salary and CEO takes couple of millions as a bonus every year, as they all do.
This is unfortunately almost definitely how it works.
After all, what kind of CEO can live with only having one yacht?
According to tax filings, they are not paying him a single dollar. Which is something am finding very suspicious. Especially considering he gave the company ~$100M for startup. But if it’s true, then it’s commendable. Person who has $100M in cash to shell out for a startup doesn’t need to worry about the money, it’s just that they often only care about that.
I mean, multiple places online saying literally less than half that at the high end. Also, I could see a few making that much I guess but all 50 employees?
All 50 no. But some could be making more than that. Plus benefit costs alone.
I also dunno signal itself. There’s no leveling info or there. According to blind posts asking about the tc I quote.
“Work at signal currently and can say the pay is competitive. There’s no equity given it’s a nonprofit but there are many benefits that add up very quickly. Maxed out 401k match, which is ~$20k right there every year, as an example. As a nonprofit you can look at the 990 (I think the most updated one is from 2019 on propublica) that shows salaries for certain employees.”
Reading other posts base salary goes up to 250k.
They don’t give equity so maybe benefits being factored in.
That’s assuming even pay distribution, which is obviously not the case anywhere.
Still, I hope the distribution isn’t terribly skewed, the developers absolutely deserve to be fairly compensated.
You aren’t accounting for overhead (taxes that aren’t listed on an employee paystub, insurance, benefits, training, etc.)
The advertised salaries are closer to a 150-200k average which is pretty ordinary.
Just over a dollar a user doesn’t sound that bad.
I suspect if they run short of money to run it, they’d add some Discord style features. Better quality voice and video sounds like an easy one to get users of it to pony up for.
Although again, I’d prefer a federated alternative. We shouldn’t be hanging large portions of infrastructure on a handful of companies that at any point can pull the rug.
Someone mentioned above but we have that in Matrix. A great federated messaging service.
You know what, that's fair.
I saw a lot of discussion in the comments about their workers pay, but honestly, they make a great product. Wouldn't wanna be counting pennies in someone elses pockets. I donated a one time 25 bucks, I hope they will continue to ask for donations whenever they are in dire need of server running money.
I’ve never heard of this before
Im not sure I can afford that
I’m dead serious wtf is signal? It’s like texting but all texting apps just go through it? Or something?
Signal is a chat app. It uses phone numbers for identity verification and friend discovery but messages go over an end-to-end encrypted protocol. While open source, it uses a centralized network and a single client.
It’s somewhere between Matrix and WhatsApp. Open Source and friendly, but still centralized and anchored to phone numbers.
We need a lemmy version of signal
That’s Matrix. End to end encrypted, decentralized, and open source.
Bridging opens it up to other services as well, like how Pidgin/Adium/Gaim used to work.
There’s application called Session, which is essentially forked Signal, but doesn’t rely on servers or phone numbers. Instead it uses Tor network and is decentralized. It’s kind of annoying though considering adding people to your contact list, you have to scan their id. Increased security but it goes to show why Signal opted for phone numbers.
Are you sure? Do they use that alongside the weird blockchain backend they had going, or switch over at some point? I remember looking into Session awhile ago but I wrote it off because of the blockchain/cryptocurrency shenanigans involved in the architecture.
As I recall part of the idea was that the cryptocurrency would serve as a sort of incentive for people to run nodes for the Session network to operate.
I am not sure to be honest. It’s something I’ve read, installed application and tinkered a bit. Decided no one from my friends will use this since I already inconvenienced them into Signal. Then promptly removed it.
Matrix is the closest, as it is a protocol to build compatible servers and apps onto it.
No, we need a lemmy version of chaturbate.
I mean, there is already matrix. But does there is already a cammodelling federated tools ?
No, so stop reinventing the wheel, and let’s make something new and original.
I find it amusing they don’t accept donations via their own cryptocurrency 🫠
Lol
Tbf, I’ve used Signal daily for about 5 years now, I completely forgot it had that crypto thing a while back. I don’t think it’s something that the current head of Signal is interested in.
I think Marlinspike’s weird crypto turn is what got him pushed out so we now have the wonderful Meredith the first tech company leader I’ve ever looked up to.
Hopefully they remove that crypto thing from it.
I think it’s sad more like it. One of Cryptos’ actual real world promise was workable micropayments, and that would’ve made a lot of sense as a payment method for a service like this. Like pay either a smallish block sum every month or a tiny amount for every message you send out.
And of course sadder still that Signal has a crypto integrated into it and failed to make it work for anything else but a cryptobro get-rich-quick scheme.
I guess it turned out that nobody wants to implement micropayments because one of their qualities would have to be extremely tiny processing fees which both means that the implementation has to be highly efficient (so it won’t waste the already small margins on computing resources) and the implementing party has to be able to stomach very low profits until traffic gets huge.
I’m guessing it has to do with money laundering/tracking etc.
You can also do micropayments without crypto.
19M a year for 50 people ? that would be 380.000/person. Surely there’s an error here somewhere lol Unless we’re talking rupees
It’s not exclusively peer to peer, so there must be infrastructure, no?
nah they say 19m is for their almost 50 employees. 14m is infrastructure, 6m of which is for texts to confirm, apparently. Which also… seems like way too much? 6 million for text messages? Are they confirming 390 million new accounts a year? Quick google says its .79 cents a text. 2x that to receive also and… yeah… I’m pretty sure that ain’t right. Like I get the 8 mil a year for data, cuz yeah it is a lot. Texts should probably be 1m assuming 50mil new accounts a year. I could see 10m for the 50 people, that is $200,000 on average. So… half what they claim seems reasonable.
Are you including the office space/associated costs with employing someone as well? I was once told it costs approx 100k to have me in my seat before the cost of my salary was accounted for, not sure how much BS that was, but 100k was multiples of my salary at the time.
I mean, I could see them trying to say costs for buying land and building shit and furnishing and etc. sure, but again this is YEARLY costs, not startup costs. I do assume there is some of that included in the budget but its not listed anywhere. I mean I GUESS that could be listed under budget for staff but that seems… very disingenuous.
Things like health insurance, etc. are yearly costs though and that stuff does end up adding up. There should also be some recurring taxes that an employer has to pay per employee that aren’t part of income tax withholding (i.e. doesn’t show up as part of an employee’s paystub).
Wages themselves are not the full cost of an employees total payroll expense, since that would also include taxes and benefits. And then you have to figure their expenditure for business equipment (work computer, phone, printer, etc), licenses for job-specific software they use, total cost of the square-footage of office space they need, etc.
You could say office space and furniture and even IT infrastructure are sunk costs but they do need to be constantly maintained and expanded upon as the company grows. Adding a person to the payroll means the company has grown. They may not need a bigger office, or more servers, until they hire a few more people, but then at that point they will need it.
Probably for renting office space, security, catering, training, employee benefits, and things like that. I’d imagine costs like that balloon up quickly.
Plus there’s likely background checks for potential hires, onboarding and interviewing, these all have costs too since they have to be selective of who they hire, since that person will then be working on one of the most secure messaging platforms in the world.
Also, as for the costs of texts, a significant part of that would be the costs associated with sending push notifications. I remember a while back, when I had an iphone and used Apollo for Reddit, the developer of the app explored every option but eventually settled on a paid subscription system, just to enable push notifications for the app. There was no other way since for the users of Apollo alone, the cost of sending push notifications every time you got a reply or message was surprisingly high.
That was just on iOS, add Android to that plus Signal’s clients on other platforms, I’d imagine that the bandwidth to send notifications probably costs Signal a lot since people tend to have conversation prompting multiple notifications on their device.
I could be wrong but that would be my guess as to why the costs are, what they are.
Ah the push notifications makes a lot of sense, the article said that was just for SMS messages to confirm messages and that seemed way too much, but push notifications is probably right.
And yeah, I guess I assumed most of those costs wouldn’t be labelled staff budget, but idk I’m not an accountant lol. Still that seems to be a lot for 50 people yearly.
If signal is run by 50 people, I have a pretty good hunch that the majority of them are very well paid developers and engineers, and IT…and a rather small amount of lower-paid administrative staff.
Keep in mind that they need to be able to send SMS worldwide and roaming is a thing. Especially if you have to deal prices with all the telco in the world
C*Os probably eat a la4ge portion of it. Not even breaching into VPs and Senior Managers
Well there it is, they can make savings easily afaic
If all the employees are located in the highest cost of living area in the world, it kinda makes sense.
Gotta pay those insane housing costs somehow.
Yeah, that seems shady at least, what kind of salaries are they getting?
Where I live in europe, IT people usually hace salaries between 30.000 and 80.000. And it is considered a pretty good salary.
Good. People creating useful non-profit services should be paid a lot. And according to their financial reports (somebody linked in another comment) it’s not biased towards executive pay.
As long as it doesn’t end up eventually bringing down the entire service.
Could be that that is employee headcount and not including contractors.
Open Whisper Systems (Open Whisper)
Signal was launched by now-defunct Open Whisper Systems (OWS) in 2013, brainchild of shadowy tech guru ‘Moxie Marlinspike’ – real name Matthew Rosenfeld. In February 2018, responsibility for managing the app passed to the nonprofit Signal Foundation, launched with $50 million in startup capital provided by billionaire former Facebook higher-up Brian Acton, the Foundation’s executive chair
Huawei engineer exposed SIGNAL has CIA backdoor — Please do not use SIGNAL has been subverted *
WikiLeaks Says the CIA Can “Bypass” Secure Messaging Apps Like Signal. What Does That Mean? *
The fast-growing encrypted messaging app is making itself increasingly vulnerable to abuse. Current and former employees are sounding the alarm *
The CIA and Signals Intelligence *
Get Session, the FOSS fork of Signal, from former employees at Signal
I know what the counter arguments are all gonna be, I live and breate security. The fact is much of this is outside our inspection. We cannot audit the internal Signal network or it’s code. If something comes across as possibly sketchy when deaing with security and privacy, for all intents and purposes it is sketchy and cannot be trusted.
When in doubt, personalize the situation. You have a babysitter. You heard sketchy things and saw some low grade sketchy stuff. What do you do? You boot immediately, right?
Do not try to convince yourself of something you cannot without hard evidence.
You’re welcome.
Read the 1st comment under 1st link, 2nd link os about something different, 4th links is about something absolutely different. **
Is the original fishy comment some kind of bot generated counter intelligence?
I especially love how even the first few paragraphs of the second link make it clear that it’s not a problem with Signal.
No joke, I’d be way more willing to pay for stuff if business were open about their expenses.
They do ask for donations in the app from time to time.
So much this. Just subscribed, I hadn’t realized.
They should make it possible for the community to help out with server resources. Relay or decrentralize it maybe.
They do ask for donations in the app from time to time.
The thing I read about this earlier said Signal is super against decentralization iirc. Or at least against federation? Are they different?
I suppose it could be decentralized without being federated. Every node would just be a part of the single instance, whereas in a federated model they’d be more independent.
A centralized implementation is much simpler than a decentralized one, making it easier to guarantee performance and stability if you don’t do it. That might explain why they don’t want it.
There’s probably a lot of pros and cons. But the big thing for Signal would be maintaining privacy and solid performance.
These things become harder to guarantee if you decentralize or rely on the community. While Matrix is doing quite well in this regard, it would take a while before Signal had all the ducks in a row to enable this.
I don’t think Matrix is making this well… We with friends have selfhosted instance and the database bloat is scary.
If Matrix would be as popular as Signal it would blow up untill they fix performance with their server.
Made significantly harder by removing easy ways to donate. Instead I have to add my credit card to their application or log in to PayPal instead of just using Google’s Play Store. I use to donate until they removed that option. Now every time I wanted to donate and run into that dialog am just like, yeah I don’t have PayPal’s password on hand and am not leaving my CC with them. I’ll do it later, only to forget.
Get yourself a password manager. You’ll always have your PayPal password at hand.
I’ve been liking bitwarden so far. Works well, seems properly encrypted, no big scandals, etc. But of course anyone reading this should compare a few offers first.
I have it, but not on my phone. I use “pass”.
Same here. github.com/…/Android-Password-Store
Thanks. I’ll look into it. I think I used that as well, but it requires my passwords be on GitHub or something. I do have
passinstalled in Termux on my phone, but it’s not convenient.I have a simple git repo on my nas for sync because I don’t really trust putting passwords on github either. Using a git repo also allows you to easily revert changes which is really nice. I found this guide helpful.
I already have git repo inside of my
~/.password-storedirectory which am using for company password. Issue is not making it work, just finding time to change it. Thanks for the link though.Why the fuck would you want Google skimming money off the top of a donation?
“Because I don’t want PayPal doing the same”
Honestly they’re both annoying because they take a fee on top of the credit card company fee. Just cut out the middleman and use the credit card option.
They all skim money on top. It’s just easier this way. And I’d be happy to increase my donation by the amount Google skims. It’s not about that. It’s about not having to leave my credit card anywhere.
I could see that being a concern if you were dumb enough to use a debit card, but a credit card? Mine’s been stolen a number of times (skimmed at Target once amongst other things) and the bank always caught it before I was even aware it had happened, and they canceled/refunded the transactions. Getting a credit card stolen is unlikely and personally I don’t find it to be a particularly significant concern.
Of all the services asking me for a monthly fee. $5 for a non-profit private communication tool is a no brainer.
And you’re paying privately… how?
They have a donation thing and you can setup a monthly donation. It’s gives you a badge in the app.
Yep, this is what I do. Signal’s pretty much one of my top favorite open source applications.
You can donate via crypto on their website
This isn’t viable.
I tried to buy crypto to support some sailors, but… The fees buying that shit are insane. I didn’t want to trade, gamble or by a crypto bro, just exchange some USD to bitcoin, was directed to coinbase as they are reputable, apparently and won’t steal my shit, but their fees are insane. Trading 100 USD was like 19.95 $ in fees. Fuck that shit.
Is there a cheaper / better yet still safe way to get crypto?
Using crypto isn’t for everyone, I just thought they might not know. It’s much easier when you’re ‘in it’.
Bitcoin is generally considered expensive. Bitcoin cash would be the way to go imo, but they accept all sorts that are way less expensive.
Personally I would reccomend p2p methods like bisq and agoradesk. But then you incure exchange fees anyway as you would be more likely buying monero (lower fees and more private), which their ‘partner’ doesn’t accept.
Either way, still cheaper that you described
I agree this is mostly for people already owning crypto.
Note that not all crypto are created equal, bitcoin is probably the one with the highest fees.
The good news is that a lot of developpers accept cryptocurrency donations (often xmr in addition to btc I noticed). So you can help a lot of organisations that don’t want to pay and do legal paperwork to accept fiat.