- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
You must log in or register to comment.
Crazy how decentralization improves both, but they are vehemently against that. I trust them in terms of privacy, but their insistence on centralization, blocking third party apps, removing SMS, and refusal to support fdroid, I’m not a fan of the direction they’ve gone recently.
Fr. Fuck signal for removing SMS support
I assume that is exactly for one of the reasons they mentioned in the article: increasing costs for sms
Wait. Signal was an SMS client. It wouldn’t cost them anything for a user to send an SMS message. IIRC, they nixed the SMS feature for security reasons, not cost.
That’s what they told me when gave then feedback through their website.
There’s no free lunch and corporations aren’t the most trustworthy source of information though so maybe it was about cost.
isnt signal a nonprofit? not a corporation
Some nonprofit organizations are corporations and have pretty shitty practices:
https://en.m.wikipedia.org/wiki/Kids_Wish_Network
The Morman church is another US ‘non-profit organization’ yet somehow hordes billions.
Trusting blindly without doing research because something is presented as a non-profit is a good way to be taken for a fool and separated from your money.
When signal made their own cryptocurrency which they entirely premined was a huge red flag. Dropping SMS support was an annoyance that broke the camels back.
Yeah I think you are right. I too was really mad at Signal for ditching sms, and THEN having the audacity to ask for donations! This article shines a light on the reasons, wow.
Still, I would only donate if they kept sms in there. Not without sms because now it’s just one more isolated platform and no longer a one-stop solution at it used to be.
A bit of transparency at the beginning would’ve helped…
The sms cost is for account creation and verification on new devices, being an sms client didn’t cost anything aside from maintaining that portion of the app
Was split off, called ‘Silence’.
There were two SMS mistakes by Signal:
I haven’t been able to trust them since the get go, to be honest. Their whole stance against federation is… FUDdy to stay polite: https://gultsch.de/objection.html
Removing SMS support makes sense. The potential for a user sending something through SMS that they thought was going over Signal is high. Even for the savvier users who would install Signal in the first place.
It killed adoption, since now it’s just another messaging app. Most of my contacts still use SMS, and will stay on it, so being able to use Signal was a smooth all-in-one experience. Now I have no point in keeping it installed because like 3 of my contacts use it, so it has no use to me, thus killing potential adoption.
A more accurate title could be “Privacy is Priceless, but Centralization is Expensive”: with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.
Decentralization is expensive too judging by some of the sentiment I’ve seen around running Mastodon and Lemmy/Kbin instances.
Right? People simply expect someone else to pay the bills.
And why wouldn’t they? 90% of the software people use daily is free (as in beer), so of course being told that’s going to change is going to cause upset. It takes a lot for people to want to pay money for something that, to those who don’t value free (as in freedom) software, is no different than the costless alternative.
At some point society needs to figure out how we can subsidize the costs of data storage, remote servers, and provision of internet to people for free.
The only real way to do that is government subsidized servers, but that will fall in the same category as literally every other government service: right wing political entities try to privatize it and make it as shitty and parasitic as possible.
You pay for these things with your data. If the government is paying for privacy-respecting storage or safe internet access, then so are you with your taxes. I’d vote for that, but I’d guess the majority of people would not.
Yup, it has a cost, but there’s perhaps a one or two orders of magnitude cost difference between hosting instant messaging + calls with something like XMPP, and hosting mastodon/Lemmy/Kbin (or why I do the former but not the later, and why I’m ok to pay for the service, esp. considering that my instance’s business model isn’t, unlike Reddit, to re-sell influence and data).
deleted by creator
How does does decentralization avoid the costs that Signal laid out in the blog posts?
I laid it out elsewhere in this thread, but in short, costs grow non-linearly with scale: you can run thousands of users on a RPi, but a million users requires whole datacenters. Decentralization not only helps with not requiring “whole datacenters” in the first place, they also enable maximization of resources: if you have a NAS at home, or a RPi hanging around, a router idling somewhere, or an abandoned smartphone in a drawer, you can probably host enough accounts for all the people that you’ve ever met in your life. And there are hundred of thousands of such underused devices everywhere, which, put together, would be sufficient to host the whole world multiple times around.
The other issue is sustainability: with this centralization comes single point of failure. It’s no big deal witnessing the disappearance of one or few providers of a federated network. Accounts and data can be migrated easily. For most users, it’s invisible. Now compare this to Signal running into financial issues: you are contemplating million of users losing access to their account and their data, and having to re-bootstrap their whole social graph elsewhere. This is another level of “cost”, or price to pay, for centralization.
Who is maintaining all these “unused” devices that you will want working pretty consistently? Who is responsible for replacing hardware when it dies? Who is looking into it when someone stops receiving messages? What happens when the person hosting thousands of users just stops wanting to do it? Who migrates these accounts?
Frankly, your argument sounds more like wishful thinking than anything practical. You’ve basically described the plan as “Magically some devices in someone’s basement will suddenly start running a messaging service, maintenance free, from now until the end of time”.
Decentralisation would just spread the costs over more individuals. Those individuals would have to collect contributions from their respective communities. The total amount people who would have to chip in to make the system sustainable won’t change dramatically. Decentralisation isn’t some magic wand that makes infrastructure and labor costs disappear into thin air.
Decentralisation would just spread the costs
…the costs and the risks: let’s jump forward a few years into financing issues, at what point does Signal become a liability and start operating against their stated mission, if the alternative is that they cannot survive? We are witnessing enough contemporary examples of enshittification to know that it’s a real possibility, and that all centralized providers, but in particular the ones not charging for service, are at risk.
Some would even argue that this has already started in the case of Signal with their crypto payments and blocking of 3rd party clients which are clearly user-hostile.
Those individuals would have to collect contributions from their respective communities.
Perhaps, or perhaps not. Running costs get exponential with scale. You can host 1000 users on a shoebox computer/raspberry pi, but delivering a service for millions requires datacenter-level infrastructure and tons of engineering know-how.
Most people into self hosting or having a NAS at home can already accommodate their families, friends and more, which means millions of potential users, without the problem of trust from a single organization
E.g. SMS isn’t secure, but it is free as it uses downtime in overhead cell channels.
Except it is not free. My carrier does not include them in the main plans (because they’re not as commonplace anymore), and you either buy an additional package or pay per each SMS.
It’s free for them
Have any suggestions for “normies” on iPhone and Android that aren’t Signal?
SimpleX or any XMPP with OMEMO
+1 for simplex
Thanks!
matrix comes to mind, get element on iOS and Android (Fdroid or play store)
Thanks!
your welcome.
If those “normies” aren’t turned away by the creation of an account (and if they can use Amazon, I doubt it’s an issue), they can certainly use XMPP :)
Here to pick a provider:
https://providers.xmpp.net/Here for the software:
https://xmpp.org/software/?platform=androidThanks!
I surely do!
Try Session or SimpleX or Threema.
Threema is the oldest and most polished option. You do have to buy a license for a one-time fee though. It’s entirely worth the play store credit I spent, but if I were to buy now, I’d use their website store so I could use the open source app instead.
I cannot really root for threema here because of its centralized nature, although I do appreciate that it has a saner business model than Signal
Thanks!
The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.
That’s pretty crazy. Wonder which third party providers they are using. Maybe the identity verification methods we have today is due for some significant changes?
Yeah, I wasn’t expecting that to be the bulk of their spending. Maybe they should remove the need for phone numbers now they removed SMS.
SMS is dead, so they will need to move on eventually. Most carriers are moving towards high data plans now. I mainly use it for verification, although I’d rather use more secure methods.
Well, if SMS is dead then RCS is what we get instead, and there’s no difference to us (and probably higher costs for Signal & al.)
And there are wayyyy too many things that depend on SMS for it to be dead any time soon, too :)
They are working on that! :)
No, I think they are merely working on user ids no longer mandating to be your phone number (so that it can be pseudonymous, e.g. tja@signal instead of +xx0123456@signal), I don’t believe they hope to drop SMS verification at this point because of the spam issue getting worse otherwise
Ah yes, good point! 👍
Without SMS verification, spam would be so much worse that they’ve been kind of obliged to keep it, even though it defeats/undoes most of the privacy features they like to advertise about
identity verification is trash anyways, we don’t need it
The article says it’s to limit spam. I don’t feel platforms like Lemmy (or the other platform) are particularly spammy though. On the other hand I get a lot more spam on Whatsapp, even though it’s phone number bound.
Signal is pretty good in terms of limited spam, but I’m curious about the impact if they A/B test the removal and see how much spam would arise. Obviously that could only be implemented after they remove the need to add contact via phone number.
You are correct my friend, because Lemmy is for smart people like us. And a smart person like you could easily make 10k per month on the side.
With just a small initial investment you could create a huge passive income in no time.
Just go to shadyscamspam.com and become your own boss.If more people joined Lemmy you’d see the amount of spam this place would get. Now it’s only a bunch of nerds who will quickly report any spammy activity. It’s a small “friendly” community for now.
Niche communities don’t deal with spam.
But the moment it’s big enough Lemmy will be rife with spammers and you’ll need full time moderation tools.
If you go to Reddit which is more popular for bots certain subs are completely filled with spam and votebots. r/worldnews is like a giant circle of pro IDF bots jerking eachother off. LSF became a shitshow too.
And that’s with a fairly active mod team too. Imagine the spam if there were no controls.
To be fair, the mods are complicit
plenty of instances have email verification and or captcha, and those that don’t get defederated (sometimes) (this already happened)
I would never have guessed that an app like signal would spend almost 20 million in salaries. I wonder what is the salary of the executives.
I mean, without browsing levels.fyi or anything like that you can get 4 to 10 software engineers for 1 million (anything from 100k to 250k depending on location, experience, etc.).
Not all employees are engineers but that would imply 80 to 200 staff for the 20 million they state.
That’s only the component paid to the actual staff though. There are additional costs like Healthcare, unemployment, social security, etc, and other benefits that may not be included in wages (though some portion may be deducted from salaries), but they are including in that statement / summary.
For an app like signal you would/should be at the top of that range. You want to acquire and maintain talent. Not every dev has the chops.
It says that they have 50 full time employees.
It’s not only salaries:
about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
Still, the cost equals almost 400 000 dollars per employee. That is a LOT of money. Even half that (twice the employees or half the cost) would still be a lot.
Believe me, one seriously awesome software developer for 400k achieves more than 10 shitty ones at 100k each.
I don’t need to believe, I work with these guys on a daily basis (not the Signal guys, but devs) and I know your statements to be true. Still, I very much doubt that they need 50 devs with that salary. It’s a chat app! Of course they have other people too, like marketing, project leads, blah blah - still doesn’t put the price into my mind.
They develop a lot of software themselves. They aren’t just throwing together a few established libraries and call it a day like 80% of software development. They also take the hard and correct way every time instead of the fast, easy and bad way. Quote from the article:
The same dynamic played out again when Signal introduced support for animated GIF searches on Android and iOS. Instead of quickly and easily integrating the standard GIF search SDK that most other apps were using, engineers spent considerable time and creativity developing another unique privacy-preserving technique that hides GIF search terms from Signal’s servers, while also hiding who is searching for those terms from the GIF search engine itself. We later expanded those techniques to further obfuscate GIF search information by obscuring the amount of traffic that passes through the proxied connection.
When Meta acquired GIPHY, and many other apps were scrambling to contend with the privacy implications of the deal, Signal employees slept soundly knowing that we had already built this feature correctly several years earlier.
That is not that much in this industry.
I’ve got roughly 25 years in the software development industry and depending on what talent market you’re working in, that 400k may not even be enough for one engineer or architects salary.
Yes, I agree it’s a lot.
I think that with “recruiting” and “HR services” they mean outsourced services, so maybe not all of it goes directly to the employees.
Don’t forget the CEO’s salary is $5.7M. If you subtract the CEO’s and other execs’ salary from those $20M total, the salary of ordinary employees would probably way less than $200k.
I wonder what is the salary of the executives.
Wonder no more, they have it in their 2022 tax filing:
Compensation
Key Employees and Officers Base Related Other
Jim O’leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104
Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0
from https://projects.propublica.org/nonprofits/organizations/824506840
It’s an absolutely surprising amount, because Matrix spends less than that if you just count the people working on the open source offerings.
And that project has significantly more features, is federated, and has a much larger scope.
I kind of liked WhatsApp’s initial monetization model. It was free for the first year and then $1 per year after that. With 400 million users, that’s a good chunk of change. Assuming only 25% of people would pay, that’s still a good chunk of change. I think Signal should adopt something similar.
I think just like Proton provides free services for the greater good, Signal should do something similar. Even special emojis works well IMO. They give you a badge at least
Agreed. Not ideal vs. a federation, because Signal would still be in a position of total control over the network, but with less incentive to go against its users.
They should post a average price per user so we’ll know what’s the minimum to donate (probably 5$ which is the minimum in the app IIRC)
“As of January 2022, the platform had approximately 40 million monthly active users.”[0]
In 2022 they had $30M expenses, so the cost is somewhat under $1/user/year.
They said the minimum donation is there to reduce the viability of scammers using it to check if a stolen credit card number is valid.
What extra protection does 4 dollars get you?
400 times the 1 cent protection
The point of scammers using a small value to test stolen numbers is they hope such small transactions go unnoticed for longer, allowing them a bigger time window to use and abuse the stolen card number.
That just doesn’t make a lot of sense. I would question something under a dollar way more then something under $10
That makes you the exception, and not the rule.
Its not about protection or even going unnoticed like the responders say. I’ve fixed unprotected payment systems on websites, the real problem is they use it to validate CC information as live. By raising the cost, you make other lower hanging fruit more appealing and keep scammers from using your service to test CC info.
Divide 50 million by the number of users?
40 million active users, 50 million for 5 years. So I guess 1.25$ if everyone donates, or 5$ if just 25% do. I’ve done my part then
Make the server open source maybe?
Did i confuse something?
Well, thanks!
Signal isn’t a federated protocol, so even if they were incentivized to release all the server bits and pieces, it would not help. You could run your own, but wouldn’t be able to reach-out to your friends running theirs.
pUt iT oN tHe BlOcKcHaiN bRo!
Step 1. Make it federative Step 2. Stop fucking hosting your shit on Amazon servers. Step 3. Profit
What is a better alternative than signal?
Try out any of these:
- Session @session
- SimpleX @simplex
- Threema @threemaappThey all don’t require a phone number, which makes them immediately better than Signal, for devices that don’t have a SIM.
XMPP
As I wrote elsewhere in this thread, XMPP would be my preference. It just works. In fact that’s what the other messengers (at facebook, Google, …) already use, but chose to put behind a walled-garden.
What matters is that whatever comes next (or, from the past in the case of XMPP) is federated, so no single organization has a single-handed control/monopoly over the network. Matrix and SimpleX are federated alternatives to XMPP, but I don’t see Matrix stabilizing any time soon, and SimpleX just isn’t ready yet. XMPP can offer you today an experience that’s comparable to WhatsApp/Signal/Telegram/…What’s the issue with Matrix? I’ve tried both Matrix and XMPP but stuck with Matrix because it just works. XMPP is also good but it lacks a good Android client (The available clients look very outdated, and honestly, pretty ugly). It’s also kinda hard to know if your client or server even supports all the extensions that are needed.
waaahh centralizing millions of slightly-privacy-aware people’s metadata on Amazon’s servers costs a lot of money, waaah
Ehhhh
Signal lost a lot of my love when they removed SMS support
Get with the times.
Signal stands for privacy and not selling your data to be spied on and sold, and you’re STILL using SMS, spam ridden, high cost, old infrastructure, easily read, technology.
I suppose you want email in your Signal client too?
It’s not about that. It’s about moving people over.
You know why RCS is picking up steam? Because it’s 1 app. If the person you’re talking to has RCS, you’ll send messages via RCS. If they don’t, it’ll fall back to SMS. If RCS was a separate app from SMS, adoption would be really low.
Older people especially don’t want to juggle 2 apps. If you get your dad on signal, and then his friend who uses SMS messages him, he’ll be back in his SMS app and won’t go back to signal, meaning the next time he messages you, or anyone else that has signal, he’ll instead just send an SMS since he’s already in the SMS app.
Removing SMS fallback was a surefire way to kill adoption of signal.
Especially when your identity on Signal is STILL only tied to a phone number, instead of a username, and there is nothing less private than actually giving out your real phone number.
Absolutely baffling.
I heard they gonna introduce usernames for sharing your acc. but to make one u still need a phone to create an acc. which I understand.
so just like in telegram?
Yes, except telegram will track u and stuff, u guys don’t know the point of Signal?
Ended my donations to Signal after discovering they choose Google Hosting Services over open source and privacy respecting alternatives.
Yeah man fuck Signal, they stabbed by dog the other day
Signal is a lie.
