- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Crazy how decentralization improves both, but they are vehemently against that. I trust them in terms of privacy, but their insistence on centralization, blocking third party apps, removing SMS, and refusal to support fdroid, I’m not a fan of the direction they’ve gone recently.
I haven’t been able to trust them since the get go, to be honest. Their whole stance against federation is… FUDdy to stay polite: https://gultsch.de/objection.html
Fr. Fuck signal for removing SMS support
I mean, of course the company is against what will lose the company money.
They’re not doing this because they care about privacy, lol.
It doesn’t affect their money though
A more accurate title could be “Privacy is Priceless, but Centralization is Expensive”: with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.
Decentralisation would just spread the costs over more individuals. Those individuals would have to collect contributions from their respective communities. The total amount people who would have to chip in to make the system sustainable won’t change dramatically. Decentralisation isn’t some magic wand that makes infrastructure and labor costs disappear into thin air.
Decentralisation would just spread the costs
…the costs and the risks: let’s jump forward a few years into financing issues, at what point does Signal become a liability and start operating against their stated mission, if the alternative is that they cannot survive? We are witnessing enough contemporary examples of enshittification to know that it’s a real possibility, and that all centralized providers, but in particular the ones not charging for service, are at risk.
Some would even argue that this has already started in the case of Signal with their crypto payments and blocking of 3rd party clients which are clearly user-hostile.
Those individuals would have to collect contributions from their respective communities.
Perhaps, or perhaps not. Running costs get exponential with scale. You can host 1000 users on a shoebox computer/raspberry pi, but delivering a service for millions requires datacenter-level infrastructure and tons of engineering know-how.
Most people into self hosting or having a NAS at home can already accommodate their families, friends and more, which means millions of potential users, without the problem of trust from a single organization
Have any suggestions for “normies” on iPhone and Android that aren’t Signal?
SimpleX or any XMPP with OMEMO
If those “normies” aren’t turned away by the creation of an account (and if they can use Amazon, I doubt it’s an issue), they can certainly use XMPP :)
Here to pick a provider:
https://providers.xmpp.net/Here for the software:
https://xmpp.org/software/?platform=android
E.g. SMS isn’t secure, but it is free as it uses downtime in overhead cell channels.
Except it is not free. My carrier does not include them in the main plans (because they’re not as commonplace anymore), and you either buy an additional package or pay per each SMS.
It’s free for them
The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.
That’s pretty crazy. Wonder which third party providers they are using. Maybe the identity verification methods we have today is due for some significant changes?
Yeah, I wasn’t expecting that to be the bulk of their spending. Maybe they should remove the need for phone numbers now they removed SMS.
SMS is dead, so they will need to move on eventually. Most carriers are moving towards high data plans now. I mainly use it for verification, although I’d rather use more secure methods.
Well, if SMS is dead then RCS is what we get instead, and there’s no difference to us (and probably higher costs for Signal & al.)
And there are wayyyy too many things that depend on SMS for it to be dead any time soon, too :)
Also Signal cannot add RCS support, because Google Jibe servers won’t allow other app than Google Messages… And you must use them because native RCS support for Android is halted for years… And you cannot install some module with RCS support yourself because of anti-Unix monolitic Android userspace architecture…
Man, there are so many things done wrong.
They are working on that! :)
No, I think they are merely working on user ids no longer mandating to be your phone number (so that it can be pseudonymous, e.g. tja@signal instead of +xx0123456@signal), I don’t believe they hope to drop SMS verification at this point because of the spam issue getting worse otherwise
Ah yes, good point! 👍
Without SMS verification, spam would be so much worse that they’ve been kind of obliged to keep it, even though it defeats/undoes most of the privacy features they like to advertise about
identity verification is trash anyways, we don’t need it
The article says it’s to limit spam. I don’t feel platforms like Lemmy (or the other platform) are particularly spammy though. On the other hand I get a lot more spam on Whatsapp, even though it’s phone number bound.
Signal is pretty good in terms of limited spam, but I’m curious about the impact if they A/B test the removal and see how much spam would arise. Obviously that could only be implemented after they remove the need to add contact via phone number.
Niche communities don’t deal with spam.
But the moment it’s big enough Lemmy will be rife with spammers and you’ll need full time moderation tools.
I would never have guessed that an app like signal would spend almost 20 million in salaries. I wonder what is the salary of the executives.
I mean, without browsing levels.fyi or anything like that you can get 4 to 10 software engineers for 1 million (anything from 100k to 250k depending on location, experience, etc.).
Not all employees are engineers but that would imply 80 to 200 staff for the 20 million they state.
That’s only the component paid to the actual staff though. There are additional costs like Healthcare, unemployment, social security, etc, and other benefits that may be included in the actual wages (though some portion may be deducted from salaries), but they are including in that statement / summary.
It says that they have 50 full time employees.
I wonder what is the salary of the executives.
Wonder no more, they have it in their 2022 tax filing:
Compensation
Key Employees and Officers Base Related Other
Jim O’leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
Moxie Marlinspike (Dir / Ceo Of Sig Msgr Through 2/2022) $80,567 $0 $1,104
Brian Acton (Pres/Sec/Tr/Ceo Sig Msgr As Of 2/2022) $0 $0 $0
from https://projects.propublica.org/nonprofits/organizations/824506840
It’s not only salaries:
about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
I kind of liked WhatsApp’s initial monetization model. It was free for the first year and then $1 per year after that. With 400 million users, that’s a good chunk of change. Assuming only 25% of people would pay, that’s still a good chunk of change. I think Signal should adopt something similar.
Agreed. Not ideal vs. a federation, because Signal would still be in a position of total control over the network, but with less incentive to go against its users.
They should post a average price per user so we’ll know what’s the minimum to donate (probably 5$ which is the minimum in the app IIRC)
“As of January 2022, the platform had approximately 40 million monthly active users.”[0]
In 2022 they had $30M expenses, so the cost is somewhat under $1/user/year.
They said the minimum donation is there to reduce the viability of scammers using it to check if a stolen credit card number is valid.
What extra protection does 4 dollars get you?
Its not about protection or even going unnoticed like the responders say. I’ve fixed unprotected payment systems on websites, the real problem is they use it to validate CC information as live. By raising the cost, you make other lower hanging fruit more appealing and keep scammers from using your service to test CC info.
Is it just they know they can only charge like $800 before they get shut down and want that extra $4 for themselves? I am still trying to understand the rationale. If I had no morales and a stolen cc, why would I care if it’s a $1 or a $5 charge for validation?
I feel like I am learning I don’t check my cc info nearly as much as other Americans…
The point of scammers using a small value to test stolen numbers is they hope such small transactions go unnoticed for longer, allowing them a bigger time window to use and abuse the stolen card number.
Step 1. Make it federative Step 2. Stop fucking hosting your shit on Amazon servers. Step 3. Profit
What is a better alternative than signal?
Try out any of these:
- Session @session
- SimpleX @simplex
- Threema @threemaappThey all don’t require a phone number, which makes them immediately better than Signal, for devices that don’t have a SIM.
XMPP
As I wrote elsewhere in this thread, XMPP would be my preference. It just works. In fact that’s what the other messengers (at facebook, Google, …) already use, but chose to put behind a walled-garden.
What matters is that whatever comes next (or, from the past in the case of XMPP) is federated, so no single organization has a single-handed control/monopoly over the network. Matrix and SimpleX are federated alternatives to XMPP, but I don’t see Matrix stabilizing any time soon, and SimpleX just isn’t ready yet. XMPP can offer you today an experience that’s comparable to WhatsApp/Signal/Telegram/…I love XMPP, but I can’t recommend it as a reliable alternative to Signal. I find that encrypted communication is hit or miss with it. I had a problem just this week with it. I got a message delivered to a dormant Movim account I use, and I received it in my mobile xmpp app, Cheogram. I received it fine, I replied once fine. I went to send another message and it failed. I went to Movim in my browser, logged in to my account and was able to send. This is pretty typical in my experience-- some kind of mismatch or failure to negotiate between clients.
Sorry to hear. I’ve been using omemo (e2ee) without a single message lost since… perhaps 5 years ? I also don’t use movim (I don’t trust its model and level of stability/maturity, especially with regards to doing e2ee in the browser). I would not recommend “XMPP via Movim” either.
Edit: a word
What’s the issue with Matrix? I’ve tried both Matrix and XMPP but stuck with Matrix because it just works. XMPP is also good but it lacks a good Android client (The available clients look very outdated, and honestly, pretty ugly). It’s also kinda hard to know if your client or server even supports all the extensions that are needed.
I’ve tried both Matrix and XMPP but stuck with Matrix
And so did I but ended up with XMPP instead of Matrix. Self hosting my messaging was important to me, and the cost of doing so is prohibitive with Matrix, the protocol and its implementations are just that inefficient, and there has been no progress in this area for as long as I’ve been keeping an eye on it. In my eyes, Matrix is broken by design.
Now, Element is indeed a decent client, and above the average of all XMPP clients, but what matters is for XMPP to have at least one great client per platform, which is undoubtedly the case. In practice, all my daily messaging happens over XMPP, the people I interact with are far from the nerdy type, and to them it’s pretty much equivalent to WhatsApp & al.
Back to Matrix, besides the fact that after a decade there hasn’t been any progress towards diversifying implementations (it’s so messy, complex and changing that it’s basically the same people implementing both client and server sides, and there is only one viable implementation to this day, by one entity), which is a big fat red herring, the entity who’s behind 95% of the code of Matrix is now facing severe financing challenges. The future of Matrix is all but certain because of that, and there are reasons for concern.
I don’t “hate” Matrix/Element/the Foundation, I just don’t understand why they painted themselves in the corner they are in today, and rode the pipe dream of their broken protocol for so long. Would they cease to exist, it would look like natural selection to me. They are just not competitive and sorry if it hurts.
Make the server open source maybe?
Did i confuse something?
Well, thanks!
But you won’t be able to talk to someone on the official servers
Signal isn’t a federated protocol, so even if they were incentivized to release all the server bits and pieces, it would not help. You could run your own, but wouldn’t be able to reach-out to your friends running theirs.
pUt iT oN tHe BlOcKcHaiN bRo!
waaahh centralizing millions of slightly-privacy-aware people’s metadata on Amazon’s servers costs a lot of money, waaah
20M USD for 50 employees? ~400+k per employee is nuts!
There are European engineers working at private companies for less 20% (1/5th) of that - if even that! They aren’t worse than their American counterparts. Signal could increase their team sizes by at least 30%, maybe even 50% if they hired engineers and other employees from Europe.
If signal paid 100k for European engineers to work on opensource software, mate, they’d have absolute no problems retaining them. I personally don’t know a single engineer earning 100k on the European mainland. Not one.
Edit: seriously, wtf. I’m all for paying employees well and it’s great that Signal has a dedicated workforce, but 400k? I’m fine canceling my donation. My jaw is still on the floor.
400k does not all go direct to salary - overhead, server costs, SMS costs, etc.
It’s not only salaries:
about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
True. Even so, 300k or 250k per employee is at least 3 times the salary of a European engineer.
Ended my donations to Signal after discovering they choose Google Hosting Services over open source and privacy respecting alternatives.
Yeah man fuck Signal, they stabbed by dog the other day